Chapter 13. Avoiding Detection

A little paranoia is a good thing for both the hacker and the system manager. The hacker is committing a crime, so he should be aware that there may be people observing what he is doing. Whenever he is on a system, he must be very aware of what is happening on that system. He should be aware of who is on it and what they are doing, and if the system is running any new background tasks. Those tasks could be monitoring the system if the system manager thinks someone is using it. A good system manager cannot assume that his system is safe, or that there is nothing on it that anyone would want to steal. He must realize that computer hacking and electronic espionage are not just in fiction ” both happen regularly. The system manager must always be on the lookout for hackers.

When a hacker is on a system, one objective is to make as few tracks as possible. The next step is to erase as many of those tracks as he can. Finally, he needs to make the tracks that have to be left behind as confusing as possible. The hacker does not want to be caught, so the longer it takes for a system manager to follow those tracks to his discovery, the longer he has to accomplish his goal.

The amount of effort required to cover his tracks is going to depend on the level of monitoring the system receives from its administrators. If the system is receiving minimal monitoring, it may be sufficient for the hacker merely to be logged in and running processes when no one else is on the system. If the system is heavily monitored , he will have to walk softly and use all the tools at his disposal.