Abtrusion Security Click here to send someone a link to this page Click here to Bookmark this page
home   products   buy   download   support   about   news   links   contact

Abtrusion Security home

Security products

Purchase Abtrusion Protector

Download of security software for Windows

Abtrusion Protector support

About Abtrusion Security

Security related news

Security links

 

Download Abtrusion Protector

 

Information for

> Corporate Management

> System Administrators

> Security Professionals

> Software Developers

> Home Users

Anatomy of a Hacker Attack

Phase 2 - Locating a Weakness

Once sufficient information is available, the hacker will move on to locate a weakness that can be used to gain access to the target. In the bad old days, before firewalls, the hacker would be able to attack computers on the Internet directly without much effort. Today things are a bit more difficult, but not very much. Some of the weaknesses frequently used by viruses are bugs in e-mail clients. The same weaknesses are also used by hackers. There are a number of other ways to gain access to a computer network, with bugs in web browsers and web servers being some of the most common.

Another potential weakness, not related to software bugs, is the human factor. If enough is known about an organization, the hacker can often use a little bit of his social skill to trick or pressure someone into letting him into the network. For instance, in many of the larger organizations, when you forget your password, you just call up support and they will change it to something of your choice. All the hacker might need in this case is the name of an employee and an account name in order to gain access to the account. Pretending to be someone important is often a way to pressure the technical support organization into bending the rules a bit. Pretending to be a friend of an employee when you send him an e-mail with an attachment is often a good way to get him to trust you and open the attachment. The From address of an e-mail is very easy to forge. The point is, the possibilities are endless, and in most cases, the firewall will provides little or no protection against social skill.

Phase two is concerned with finding a way to establish contact between the target network and the hacker's own computer. Typically (but not necessarily) this contact occurs over the Internet.

 

Single-page view

<< Previous            Next >>

Copyright 2002 Abtrusion Security AB. All rights reserved. This document may be reproduced provided that it is reproduced in its entirety and that this copyright message is retained.