Hack Attacks

It is unfortunate but true that more organizations are subjected to hack attacks. A 2003 survey indicated that as many as 75% of companies polled cited employees as a likely source of hacking attacks. The same survey found that it cost those companies more than $120 million to recover from the activities of the malicious insiders. These numbers should start to drive home the importance of good operational controls. It is much cheaper to be proactive and build in the good controls than it is to be reactive and figure out how you are going to respond.

Who are the people you have to worry about? Well, generally, they can be divided into two groups:

• Insiders These are the individuals who either currently work for the organization or have been fired or quit. These insiders could be disgruntled employees.
• Outsiders This group of individuals has never worked for you, and you are probably lucky they haven't. Overall, outsiders can be segregated into several subgroups:
  • Script kiddies These individuals cause harm with scripts, tools, and rootkits written by other, more skilled individuals. Often they don't understand how the exploit that they are using works.
  • Corporate spies These individuals work for rival firms. Their goal is to steal your proprietary information.
  • Government spies Much like corporate spies, these individuals seek ways to advance their country. Your data might be the target.
  • Elite hackers Although they're not driven by corporate greed or the desire to advance their country, these individuals might have many different motives. Maybe they are looking for ways to proclaim their advanced hacking skills, or they might be at odds with a stand or position your organization has made.

So which group represents the biggest threat? You might have already guessed that it is insiders. Criminologists describe criminals as those who possess three items: means, motive, and opportunity. This is known as the crime triangle, shown in Figure 8.1. Insiders typically have the means and the opportunity to commit a crime. All they lack is a motive. Outsiders, on the other hand, are not trusted with access, and being outside the organization's structure could present them with little opportunity to launch an attack. Individuals must possess all three items shown in the crime triangle to successfully commit a crime.

Figure 8.1. Crime triangle.

Common Attack Methodologies

Hack attacks typically target one or more items that are tied to the security triad: confidentiality, integrity, or availability. Whereas confidentiality and integrity attacks actually give the attacker access to your data, availability attacks do not. Availability attacks usually result in denial of service (DoS).

Hackers target a variety of devices, but their modus operandi remains fairly constant. Their methodology of attack generally proceeds as follows (see Figure 8.2):

1. Footprint The attackers identify potential targets, looking for information in such places as the organization's website, public databases, Google groups, and Edgar financial records.
2. Scan This moves beyond passive information gathering. During this step of the assault, the attackers use a variety of tools to scan for open ports and processes.
3. Enumerate Somewhat similar to scanning, this step involves obtaining more detailed information about target devices. Poorly protected shares and weak passwords are two items that are probed for at this step of the assault.
4. Penetrate What makes this step different than the previous one is that the hacker already has actually attacked your network.
5. Escalate Many times, the initial amount of access gained by an attacker is not root or administrator. Under these circumstances, the hacker attempts to escalate privilege.
6. Cover tracks Once in control of the system, most hackers seek to destroy evidence of their activities. Most likely, they will attempt to plant tools and rootkits on the compromised system to further extend their stay.

Figure 8.2. Attack methodology.

Phreakers and Their Targets

Long before modern-day hacking existed, phreakers were practicing their trade. Phreaking is the art of hacking phone systems. Now, although this might sound like a rather complicated affair, back in the early 1970s, John Draper discovered how to make free phone calls by using a Capt. Crunch Whistle. The 2600Hz tone it produces is the same as what's required for bypassing the normal billing process.

Today phreakers can still pose a threat to operational security by hacking into PBX systems. Many times, these individuals sell off time on the victim's phone network. These charges are usually discovered after 30 to 60 days, but this window of opportunity allows the phreakers to run up thousands of dollars in phone charges. Other modern-day phreakers hack caller ID or target VoIP phone systems for DoS attacks.