Kitsap Peninsula Business Journal Article - News, Business, Homes, Politics, Automotive, Reviews, Bremerton, Silverdale, Poulsbo, Gig Harbor, Port Orchard, Bainbridge

10-7-2002

SPECIAL REPORT - TECHNOLOGY
Computer “hacking” is a process,
not an activity

What is often considered a mystery, should be obvious to the trained eye. Like other activities in life there is a “process” involved with computer hacking.

Many people think of the evil hacker as using guerrilla warfare to attempt unplanned attacks against its victims. In reality, the experienced hackers (whether good or bad) will follow a methodical process to help them achieve their objectives. Hacking is not necessarily about finding a single security vulnerability in a system and exploiting it. Hacking is about learning as much about a system as you can. If you are able to own the system, great. If not then you learned a great deal in the process.

The term “hacker” is used rather loosely here, because in reality, it covers a broad spectrum and the methodology can be used for good and bad purposes.

McClure, Scambray, and Kurtz in the book “Hacking Exposed” give a good analysis of the hacking process. They identify the components of the methodology as, target acquisition, information gathering, initial access, privilege escalation, covering tracks, and planting back doors.

Target Acquisition: The hacker will identify the target. Reasons for choosing a target will very widely among different hackers. Some for education purposes, others for maliciousness, and even others for financial gain. Once the hacker has the target, they can proceed to the next step.

Profiling: the information-gathering phase. Profiling may identify the characteristics of the organizational structure, network setups, operating systems, and personnel. This information may be used to discover weaknesses in the organization’s security armor. During the profiling phase, you are going to gather as much information about your target as possible. You want to find out what kind of business they do, who their business relationships are with, who works there etcetera.

This kind of information will help build a profile and using some basic tools, will probably get you access to an IP address or even possibly a range of IP addresses to work with. Using Whois (online web address registry) resources, you can possibly gain addresses, domain names etc. Then using nslookup resources, possible target IP addresses can be obtained. Through this process, you are probably also looking to find out valid user names for accounts on the systems. This will help when trying to crack passwords. Other tools can help you find out the OS.

Initial Access: With the information gained from profiling, you will likely have several possible user names to work with. With this information, you can take a crack at gaining basic user access.

Privilege Escalation: Once you have access to the system, then you can work on gaining higher level access to a root directory or an administrator. Once you have this, you have control of the system. Then you can get, change, place, replace, or destroy anything you want.

Covering Tracks: Most hackers don’t want to get caught, because they want to keep hacking. So there are more tools out there to help cover their tracks. These “rootkits” can remove logs and replace files. In addition, hacking is generally not done all at once. It is done on a “one-bit-at-a-time” basis. The less time spent on a particular system, the better the chance of avoiding detection.

Setup Back Doors: Once the hacker has control of the system, they can setup back doors which will allow them to access the system without having to be logged on as root or administrator. This is one of the reasons experienced security expertise is needed when securing a system. If the hacker is not successful in breaking into the system, and if they are frustrated and want to accomplish something malicious, they may try for a pure denial of service attack (buffer overflows for example).

This may give them some level of satisfaction. Available tools will vary depending on the OS. Some tools work on UNIX, some on Novell, and some on Windows NT/2000. As a hacker, the ultimate focus is to gain control of the system. Whether it be Root (UNIX) or Administrator (NT).

There are some excellent references available, including “Hacking Exposed: Network Security Secrets and Solutions,” McClure, Scambray, Kurtz, 1998, McGraw Hill (now in its third edition)

“Maximum Security: A Hacker’s Guide to Protecting Your Internet Site and Network,” Anonymous, 1998, SAMS.