Anatomy of a Hacker Attack
Phase 2 - Locating a Weakness
Once sufficient information is available, the hacker will move
on to locate a weakness that can be used to gain access to the target. In the
bad old days, before firewalls, the hacker would be able to attack computers on
the Internet directly without much effort. Today things are a bit more
difficult, but not very much. Some of the weaknesses frequently used by viruses
are bugs in e-mail clients. The same weaknesses are also used by hackers. There
are a number of other ways to gain access to a computer network, with
bugs in web browsers and web servers being some of the most common.
Another potential weakness, not related to software bugs, is
the human factor. If enough is known about an organization, the hacker can often
use a little bit of his social skill to trick or pressure someone into letting
him into the network. For instance, in many of the larger organizations, when
you forget your password, you just call up support and they will change it to
something of your choice. All the hacker might need in this case is the name
of an employee and an account name in order to gain access to the account.
Pretending to be someone important is often a way to pressure the technical
support organization into bending the rules a bit. Pretending to be a friend of an
employee when you send him an e-mail with an attachment is often a good way to
get him to trust you and open the attachment. The From address of an e-mail is very easy to forge. The point is, the
possibilities are endless, and in most cases, the firewall will provides little
or no protection against social skill.
Phase two is concerned with finding a way to establish contact between the
target network and the hacker's own computer. Typically (but not necessarily)
this contact occurs over the Internet.
Copyright © 2002 Abtrusion Security AB.
All rights reserved. This document may be reproduced provided that it is
reproduced in its entirety and that this copyright message is retained.