“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.”—Sun Tzu, 6th century BC Chinese general
As a network administrator, security is built into your job description. Unfortunately, security is not always as tightly integrated into the systems you manage. Therefore, you need to be proactive in discovering the potential vulnerabilities of your network and learning about the techniques hackers employ to attack your data. In this article, I’ll profile the various types of hackers out there and take a look at what motivates them. In a follow-up article, I’ll look at some tips and tools administrators can use to prevent vulnerabilities and identify suspicious activity.
It’s important to remember that far more attacks, hacks, and security breaches come from malicious users within a network than from external attacks. The recent breach at Microsoft in which an individual workstation was apparently compromised and company source code was stolen is evidence that internal security must be taken just as seriously as securing Web servers, mail servers, and other critical systems.
Hackers attempt to break into a network for a variety of reasons. These reasons include improving their computer skills, bragging rights with their hacking peers, using the network’s resources, and stealing specific data. The typical hacker is a 14- to 29-year-old male with a lot of free time on his hands. These hackers connect to the Internet and spend hours scanning huge numbers of hosts and networks looking for common vulnerabilities. After identifying vulnerable systems, they attempt their attack and try to gain administrative access to the machine. Often, they’ll install their own back door into the system so they can return later. Also, they use patches to cover their tracks so other hackers can’t use the same technique to move in on their territory.
Profiling the hacker
Hackers come in several different flavors and have an assortment of motives and objectives once they gain access to a vulnerable system. Hackers range from the inexperienced “script kiddies” to professionals who engage in targeted industrial espionage. However, the majority of hackers don’t target their victims. They simply play the numbers game, scanning lots of computers connected to the Internet and attacking the first vulnerable system that they find.
The script kiddies
Script kiddies are at the bottom of the hacking food chain. They download tools and/or hacking scripts created by serious systems crackers and read about new ways to break into certain systems from hacker Web sites. Then, they scan the Internet for systems meeting a certain description and attempt to hack it. They accomplish these hacks without really understanding how it works. They simply run the programs or scripts and type in commands listed in the hacking documentation they got from a Web site. Script kiddies usually like to hack Web sites and replace the home page with one that says something like “This site was hacked by KewlDood835.” Although this type of hack is annoying and can cause missed visits to your site, script kiddies usually don’t have the motivation or skill to take down your systems.
The more experienced systems crackers are savvy technicians with programming skills and a broad knowledge and understanding of how computer networks operate. Their objectives can vary widely from simple learning experience to using your system as a gateway to make attacks on other systems. These hackers can be the most dangerous because they are skilled and unpredictable. Once they compromise your network, you’re at their mercy.
The industrial spies
Still another type of hacker—very rare, but dangerous—is the one who specifically targets your company. These are highly skilled individuals who use cutting-edge techniques and can spend months analyzing a network before making an attack. They’re usually seeking to steal sensitive financial data or valuable research and development data. In the case of the latter, they’re sometimes hired by a corporation to steal information from a competitor. Targets for this kind of activity are usually banks, large e-commerce sites, multinational corporations, and any industry where intellectual property is valuable. Large organizations usually have security professionals on the lookout 24/7 for this kind of suspicious activity. However, smaller companies with valuable intellectual property or extensive customer financial data need to be equally well secured from this type of attack.
This is war!
Hacking is the equivalent of technological warfare, and as the scope of the Internet widens, so does the battlefield. To protect your network and win the war against hacking, you have to know both the state of your network and the tactics employed by hackers. Sun Tzu’s words definitely apply to network administrators. If you know the state of your network and its vulnerable points, and you know the common attack strategies of hackers, you can keep your network secure and limit the damage a hacker can do. If you’ve already employed firewalls and other security features, but you’re unfamiliar with hacker activity, you’re still vulnerable because a hacker could sneak into a susceptible part of your network. And if you’re unfamiliar with your network’s architecture as well as the techniques hackers use to compromise it, your network will be an easy target if a hacker ever attacks you.
Got hacked? Let us know about it
If your company has ever been the victim of a malicious hack while you were on guard, we’d like to know about the experience. What remedies did you seek? What repercussions did your department face? Start a discussion below or send the editor an e-mail.