How to Plan and Perform Hack Attacks
Think about how you or others will plan and perform a hack attack to maximize what you get out of it. Attack styles vary widely and understanding this will be helpful in protecting yourself:
Some hackers prepare far in advance of an attack. They gather small bits of information and methodically carry out their hacks. These hackers are the most difficult to track.
Other hackers — usually the inexperienced script kiddies — act before they think through the consequences. Such hackers may try, for example, to telnet directly into an organization’s router without hiding their identities. Other hackers may try to launch a DoS attack against a Microsoft Exchange server without first determining the version of Exchange or the patches that are installed. These hackers usually are caught.
Malicious users are all over the map. Some can be quite savvy based on their knowledge of the network and of how IT operates inside the organization. Others go poking and prodding around into systems they shouldn’t be in — or shouldn’t have had access to in the first place — and often do stupid things that lead security or network administrators back to them.
Although the hacker underground is a community, many of the hackers — especially advanced hackers — don’t share information with the crowd. Most hackers do much of their work independently in order to remain anonymous.
Hackers who network with one another use private message boards, anonymous e-mail addresses, hacker websites, and Internet Relay Chat (IRC). You can log in to many of these sites to see what hackers are doing.
Whatever approach they take, most malicious attackers prey on ignorance. They know the following aspects of real-world security:
The majority of computer systems aren’t managed properly. The computer systems aren’t properly patched, hardened, or monitored. Attackers can often fly below the radar of the average firewall, an intrusion prevention system (IPS), or an access control system. This is especially true for malicious users whose actions are often not monitored at all while, at the same time, they have full access to the very environment they can exploit.
Most network and security administrators simply can’t keep up with the deluge of new vulnerabilities and attack methods. These people often have too many tasks to stay on top of and too many other fires to put out. Network and security administrators may also fail to notice or respond to security events because of poor time management and goal setting, but that’s for another discussion.
Information systems grow more complex every year. This is yet another reason why overburdened administrators find it difficult to know what’s happening across the wire and on the hard drives of all their systems. Mobile devices such as laptops, tablets, and phones are making things exponentially worse.
Time is an attacker’s friend — and it’s almost always on his or her side. By attacking through computers rather than in person, hackers have more control over the timing for their attacks:
Attacks can be carried out slowly, making them hard to detect.
Attacks are frequently carried out after typical business hours, often in the middle of the night, and from home, in the case of malicious users. Defenses are often weaker after hours — with less physical security and less intrusion monitoring — when the typical network administrator (or security guard) is sleeping.
If you want detailed information on how some hackers work or want to keep up with the latest hacker methods, several magazines are worth checking out:
Malicious attackers usually learn from their mistakes. Every mistake moves them one step closer to breaking into someone’s system. They use this knowledge when carrying out future attacks. You, as an ethical hacker, need to do the same.