Dissecting the Back-End Mechanics of a Hack
May 8, 2017 11:31am
The STOP. THINK. CONNECT.™ guidelines for IT security start with running a clean machine and recommend using auto updates where possible to ensure your systems are running the most current software.
The cynic might think that this is just a ploy to tie you to a particular security plan, and that running outdated software is not going to be a huge problem. After all, if it was safe yesterday, then it's likely to be safe today and tomorrow, right?
It starts with a ping!
The first piece of knowledge that a hacker will probably want to access is an IP address. This can be a specific IP address (like the burglar targeting a wealthy person's home) or a random one (the mark of the opportunist). This requires no specialist tools whatsoever since every PC has this facility built in.
Using a Mac as an example, anyone can enter the Terminal application, type the command followed by the number of packets they want to send and the web address they want it to go to. This is termed 'pinging' and will return a snippet of information which includes the website's IP address (recognizable as a string of numbers separated by periods and often enclosed in parenthesis).
The IP address does not have to relate to a PC or even a mobile device. Some TVs, DVD recorders and printers have IP addresses, as does anything with 'smart' in front of it. In fact, as the Internet of Things expands, the list of IP addresses in circulation is set to swell considerably.
Network mapping: casing the virtual joint
Your average household burglar will rarely pick a random house and try to break into it. They will want to know what is likely to be inside, when the occupants are in and out, what security measures they have on the doors and windows and where the most vulnerable access points are likely to be.
The professional cybercriminal is the same and one of the tools of the trade they will use to get this information is network mapping software. These clever software programs have the ability to use raw IP packets to force networks and hosts to spill the beans about the services, operating systems, security measures and other processes that are running. Even better, for the wannabe hacker, there are free and open-source versions. By setting some basic parameters, the hacker can obtain a list of ports (i.e., access points) to your network; their states (i.e., whether they are open); the protocol they are using (often Transmission Control Protocol) and clues to the services running on them. For example, a port with 'http' assigned to it is likely to be connected to a web server, SMTP indicates an email server, mysql a database and so on. Hackers will generally target protocols that are known to be weak and prone to exploits. File Transfer Protocol (FTP) – a protocol used for transferring files to web servers – is a popular choice.
So now the hacker knows that you have an open port running a FTP process. What next?
The hacker will now want to introduce something nasty into your network, but they're not quite ready yet. They need more information on your FTP process. By setting some more advanced parameters on their network mapping software they can find out exactly what software you are using and which version.
Finding the Achilles' Heel
Cybercrime is a lucrative business, and there are people out there who specialize in finding all the known exploits in different versions of software and organising these into a searchable database. Once the hacker, through their network mapping tool, has found out the type and version of software you are running, they can easily tap it into one of these illicit search engines, locate the exploit instructions and, from there, introduce the script they need to steal data, lock down your system or take control over your processes.
When you realize that, just like any one of us, hackers will look for the most efficient way to achieve their goals, it is easy to see why searching for lists of existing exploits is much more attractive than trying to create a new one. It is also clear why there is a never-ending race between hackers and digital security teams (who are really two sides of one coin), one focused on opening up holes and the other looking to close them down.
The above information should by now have emphasized just why those exploits need to be closed up as soon as they are discovered – by the auto-download of updates wherever possible. However, keeping security software current is just one strand of cybercrime protection. Although many hackers target the low-lying fruit of known exploits, others use more sophisticated techniques, and outsourcing some or all IT provision can be a wise move in the long run. From New York to Los Angeles, IT services providers are tightening up their acts because their businesses depend on their infrastructures being secure. Many firms can also help you back up your data – another important part of STOP. THINK. CONNECT.™ Outsourcing security may not be an option for all businesses, but it is a proactive option for those businesses who don't want to remain one of the 31 percent with no plan of action at all.
Brent Whitfield is the CEO of DCG Technical Solutions Inc. DCG provides the specialist advice and IT services Los Angeles area businesses need to remain competitive and productive, while being sensitive to limited IT budgets. Brent has been featured in Fast Company, CNBC, Network Computing, Reuters, and Yahoo Business. https://www.dcgla.com was recognized among the Top 10 Fastest Growing MSPs in North America by MSP mentor. Twitter: @DCGCloud