any way possible. Many hackers call themselves civil libertarians and claim to support the principles of personal privacy and freedom, but they contradict their words by intruding on the privacy and property of other people. They steal the property and violate the rights of others but go to great lengths to get their own rights back from anyone who threatens them. The situation is “live and let live” gone awry.
The case involving copyrighted materials and the Recording Industry Association of America (RIAA) is a classic example. Hackers have gone to great lengths to prove a point, defacing the websites of organizations that support copyrights and then sharing music and software themselves. Go figure.
Planning and Performing Attacks
Attack styles vary widely:
Some hackers prepare far in advance of an attack. They gather small bits of information and methodically carry out their hacks, as I outline in Chapter 4. These hackers are the most difficult to track.
Other hackers — usually, inexperienced script kiddies — act before they think through the consequences. Such hackers may try, for example, to telnet directly into an organization’s router without hiding their identities. Other hackers may try to launch a DoS attack against a web server without first determining the version running on the server or the installed patches. These hackers usually are caught or at least blocked.
Malicious users are all over the map. Some are quite savvy, based on their knowledge of the network and of how IT and security operates inside the organization. Others go poking and prodding in systems that they shouldn’t be in — or shouldn’t have had access to in the first place — and often do stupid things that lead security or network administrators back to them.
Although the hacker underground is a community, many hackers — especially advanced hackers — don’t share information with the crowd. Most hackers do much of their work independently to remain anonymous.
Whatever approach they take, most malicious attackers prey on ignorance. They know the following aspects of real-world security:
The majority of computer systems aren’t managed properly. The computer systems aren’t properly patched, hardened, or monitored. Attackers can often fly below the radar of the average firewall or intrusion prevention system (IPS), especially malicious users whose actions aren’t monitored yet who have full access to the very environment they can exploit.
Most network and security administrators can’t keep up with the deluge of new vulnerabilities and attack methods. These people have too many tasks to stay on top of and too many other fires to put out. Network and security administrators may fail to notice or respond to security events because of poor time and goal management. I provide resources on time and goal management for IT and security professionals in the appendix.
Information systems grow more complex every year. This fact is yet another reason why overburdened administrators find it difficult to know what’s happening across the wire and on the hard drives of all their systems. Virtualization, cloud services, and mobile devices such as laptops, tablets, and phones are the foundation of this complexity. The Internet of Things complicates everything. More recently, because so many people are working remotely and often using vulnerable personal computers to access business systems makes, complexity has grown even more.
Time is an attacker’s friend, and it’s almost always on their side. By attacking through computers rather than in person, hackers have more control of the timing of their attacks. Attacks are not only carried out anonymously, but they can be carried out slowly over time, making them hard to detect. Quantum computing will make these attacks that much faster.
Attacks are frequently carried out after typical business hours, often in the middle of the night and (in the case of malicious users) from home. Defenses may be weaker after hours, with less physical security and less intrusion monitoring, when the typical network administrator or security guard is sleeping.
HACKING MAGAZINES
If you want detailed information on how some hackers work or want to keep up with the latest hacker methods, several magazines are worth checking out:
2600 — The Hacker Quarterly (www.2600.com)
(IN)SECURE magazine (www.helpnetsecurity.com/insecuremag-archive)
Hackin9 (https://hakin9.org)
PHRACK (www.phrack.org/archives)
Malicious attackers usually learn from their mistakes. Every mistake moves them one step closer to breaking into someone’s system. They use this knowledge when carrying out future attacks. As a security professional responsible for testing the security of your environment, you need to do the same.
Maintaining Anonymity
Smart attackers want to remain as low-key as possible. Covering their tracks is a priority, and their success often depends on remaining unnoticed. They want to avoid raising suspicion so that they can come back and access the systems in the future.
Hackers often remain anonymous by using one of the following resources:
Borrowed or stolen remote desktop and virtual private network (VPN) accounts of friends or previous employers
Public computers at libraries, schools, or hotel business centers
Open wireless networks
VPN software or open proxy servers on the Internet
Anonymous or disposable email accounts
Open email relays
Infected computers (also called zombies or bots) at other organizations
Workstations or servers on the victim’s own network
If hackers use enough stepping stones for their attacks, they’re practically impossible to trace. Luckily, one of your biggest concerns — the malicious user — generally isn’t quite as savvy unless the hacker is a network or security administrator. In that case, you’ve got a serious situation on your hands. Without strong oversight, there’s nothing you can do to stop hackers from wreaking havoc on your network.
Chapter 3
Developing
