• Embed Doc
  • Copy Link
  • Readcast
  • Collections
  • CommentGo Back
Download
 
How Hackers Hack
The tricks hackers use, and what you can do to foil them.
 
By s.k. ………
With the click of a mouse on one computer, the screen of the laptop a fewfeet away flashes wildly as a flood of data flies silently across a privatenetwork cable connecting the two machines. Within a minute the laptop's filesharing password is compromised."The computer is having a bad day," says a reporter as he watches theeffect of the attack on his machine. "Packets are coming at it so fast, thefirewall doesn't know what to do."Some hackers claim they can teach a monkey how to hack in a couple ofhours. We asked two hackers, Syke and Optyx (at their request, we areusing their hacking pseudonyms rather than their real names), to give us non-simian reporters a demonstration.What we got was a sometimes-frightening view of how easily nearly anyone'scomputer--at home or at work, protected or not--can be cracked by adetermined hacker. But we also found out that computer users can make ahacker's job much harder by avoiding a few common mistakes.Syke, a 23-year-oldwhite-hat hacker, and Optyx, a 19-year-old self-proclaimedblack hat, both work in computer security (Syke, until recently,for a well-known security software vendor; Optyx for an application serviceprovider).They launch their attack on our notebook from desktop computers located inthe windowless basement that is New Hack City, a sort of hacker research-and-development lab (and part-time party lounge).The lab's rooms are filled with over a dozen Sun SPARC servers, assortednetwork hubs and mountains of ethernet cable, an arcade-size Ms. Pac Mangame, and a DJ tower stocked with music-mixing equipment for all-nighthacker jams.
 
Hacking 101
"You should understand," says Optyx, as he enters a few commands thatbring our machine to its knees, "no matter what people do, hackers willalways find a way to get into systems."Just as he says this, Optyx uses a program to get the laptop to spew out abit of data identifying its operating system and version.He then runs the program that cracked the file sharing password in theblink of an eye. We watch as he uses another tool to root through files inthe laptop's shared directory.As hacking goes, the methods our two instructors use on our laptop are notvery elegant--the equivalent of using brute force to knock in a door--andthrough the machine's software firewall, we are immediately aware that themachine is being hacked. But, save from disconnecting our machine from thenetwork cable, we're powerless to stop it.Most hacking attacks, however, are much more invisible.
Open Sesame
The methods hackers use to attack your machine or network are fairlysimple. A hacker scans for vulnerable systems by using a demon dialer (whichwill redial a number repeatedly until a connection is made) or a wardialer (anapplication that uses a modem to dial thousands of random phone numbers tofind another modem connected to a computer).Another approach used to target computers with persistent connections,such as DSL or cable connections, employs a scanner program thatsequentially "pings" IP addresses of networked systems to see if the systemis up and running.Where can a hacker find such tools? On the Internet, of course.Sites containing dozens of free, relatively easy-to-use hacking toolsavailable for download are easy to find on the Net. While understanding how
 
these tools work is not always easy, many files include homegrowndocumentation written in hacker shoptalk.Among the programs available are scanning utilities that reveal thevulnerabilities on a computer or network and sniffing programs that lethackers spy on data passing between machines.Hackers also use the Net to share lists of vulnerable IP addresses--theunique location of Internet-connected computers with unpatched securityholes. Addresses of computers that have already been loaded with a Trojanhorse are available for anyone to exploit (in many cases without the owner ofthe computer knowing).Once the hacker finds a machine, he uses a hacker tool such as Whisker toidentify in less than a second what operating system the machine is using andwhether any unpatched holes exist in it. Whisker, one of a handful oflegitimate tools used by system administrators to test the security of theirsystems, also provides a list ofexploitsthe hacker can use to takeadvantage of these holes.
Editors' Note: The above paragraph was modified on 4/26/2001 to correct an error.
 
Security Software Alone Can'tStop Them
Syke and Optyx explain that several conditions make it easier for them tohack into a system. Lax security is one of them--such as when a companyuses no passwords on its system or fails to change Windows' defaultpasswords.In October 2000 hackers broke into Microsoft's system and viewed sourcecode for the latest versions of Windows and Office after discovering adefault password that an employee never bothered to change.Other common mistakes: When system administrators don't updatesoftware with security patches, they leave vulnerable ports open to attack.
of 00

Leave a Comment

You must be to leave a comment.
Submit
Characters: ...
You must be to leave a comment.
Submit
Characters: ...