How to Think Like a Hacker

A hacker’s main objective is to compromise the targeted computer, network, or application. The hacker starts off with little information and ends up with a detailed map into the system. There are five steps which hackers follow to hack into a system:


Reconnaissance
The target of this investigation stage is to gather info about domain names, IP address ranges, business partners, phone numbers, type of software and operating systems in use and existing network defence mechanisms.

First, hackers must identify the domain names of the target such as xxxx.com. Then they gather as much information as possible through public channels. One good source is through newsgroups. Information Technology (IT) staff often divulge too much information about their configurations and applications when approached for assistance. Job announcements also provide vital information about the company’s computer systems, operating systems and applications. If the job advertises for an information-security position, the type of network defense of the target can easily be identified.

The hacker can then visit the Internet Archive’Web site (archive.org) to check for information about the target that may go back for years. The Securities and Exchange Commision’s website (www.sec.gov) can reveal information about impending company merges – this means that the IT defenses for both companies will be significantly lowered to merge resources and ensure a smooth transition. When the enemy’s defences are down, it’s time to attack.

Hackers can also use social engineering to gather facts. The human element is oftentimes the weakest link in the system. For example, if you have the trust of an employee who is authorised to access the network, you can pretend to have an urgent problem that appeals to the natural helpfulness of the person.

Scanning and Enumeration
Next, hackers will scan servers and resources on the target network using the software from any “Warez” websites for free. Once a hacker gets detailed info about the target operating systems or application via scanning, it only takes a little talent and substantial patience to identify weaknesses in the system. A visit to any hacking tool website will give the beginner hacker a push in the right direction. Sometimes a computer system will even offer information about password length or bypass the need for a password if the hacker asks the computer a suitably formatted question. Once past the firewall, internal security is usually slack.

Gaining Access
After scanning for the relevant information, the hacker now has free access to the system or network. They will have a free run of the place with complete administrative access and can change any information or play havoc to the system. A tip: an easy way to do this is a call to the company help desk and impersonate the manager to get a password reset if an email sent to the manager earlier triggers an automatic ‘I’m on leave’ message.

Perfect
If the hacker still has difficulty getting administrative access into the system, a Trojan disguised as a service pack or system update can be sent to company staff. This can be sent from the System Administrator’s email account (obtained from a newsgroup message in the reconnaissance phase) –The Trojan appears harmless but will install a key-logger program in the background when run by employees. When the employees key in their user-IDs and passwords throughout the day, the program will automatically forward these to the hacker.

Maintaining Access
Once the hacker has access to critical computer systems, the password file or the Security Account Manager (SAM) is easily obtainable. This contains the user-IDs and passwords for all the system users. From here, they can hack into other systems. Hackers also install backdoor programs on all compromised systems so that they will continue to have access even when the passwords are changed. Furthermore, this will be totally overlooked by even experienced IT staff as normal network traffic. The perfect crime!