Hackers: How they Get In, How They Got In

Hackers: 0 How They Get in, How They Got in Wikibon BOTNETS PASSWORD CRACKING A Botnet is a collection of sof tware agents, or robots, that run autonomously and automatically throughout a Computer or a network. The main use of Botnets is ei ther for financial gain or recogni tion within the hacker community. The process of stealing passwords. Exploiting Defaults Denial of Service Fast Flux Many attack tools Hybrid Attack and exploit scripts assume that the target is config- A large number of systems autonomously Spyware Dictionary Attack ured using the A DNS technique default settings. access a single used by botne ts to Adds numbers or Internet system in a hide phishing9 and Symbols to the way that appears nalware delivery filename to Brute Force Attack Bots can be used to legitimate, but much si tes behind an The fastest hacking successfully crack implant spyware, More frequently than normal causing the a password. Many people change their ever-changing me thod. A diction- ary file (a text which sends network of information to its system to become Compromised hosts file full of passwords by simply creators about a adding a number to the end of their busy, overloading acting as proxies. dictionary words) user's activities the system and When the aboe methods fail, is run against user accounts located typically pass- current password. there is one final guessing causing a crash. words, credit card a cracking applica- tion. Because many technique available: the brute force attack. A brute numbers and other information that force attack, as the name passwords are simplistic, running a dictionary attack is of ten sufficient can be sold on the black market. implies, involves a methodical process that in theory works in any situation because Reference: every single password possibility is tried using an algorithm. to yield resul ts. http://en.wikipedia.org/wiki/Botnet http://en.wikipedia.org/wiki/Trojan_horse_(computing) http://en.wikipedia.org/wiki/Phishing Reference: http://www.hackinthebox.org/modules.php?op=modload&name-News&file article&sid=15172&mode=thread&order=0&thold=0 http://www.ibm.com/developerworks/library/s-crack/ http://www.scribd.com/doc/2336445/common-hacking-methods http://www.armor2net.com/knowledge/hackers_methods. htm PACKET SNIFFING A program used to capture data from information packets as they travel over the network. That data may include user names, passwords, and proprietary information being transferred in clear text. Installing a packet'sniffer does not necessarily require administrator-level access. BACK DOOR and REMOTE ADMINISTRATION PROGRAMS On Windows computers, hackers can install back door or remote admintration programs on a user's computer remotely. Once installed, it allows others to access and control your computer. Programs such as Team Viewer or Trojans can be used to remotely access a computer without permission. System Exploits and vulnerabilities can be used in the same way. Vulnerabili ty: a weakness which allows an attacker to reduce a system's Information Assurance. Vulnerabili ty is the intersection of: a system susceptibility or flaw attacker access to the flaw attacker capability to exploit the flaw PHISHING A technique used to gain personal information for purposes of identi ty theft, using fraudulent email messages and websites_that appear to come from legitimate businesses, most commonly banks. For example. an email claiming that a customer's identi ty has been stolen and prompting them to follow a link and enter their personal information such as social security or credit card numbers. although the email and server addresses are similar to that of the real bank, they are actually fraudulent and steal the identi ty of the user who hands over the information. Reference: http://www.spi.dod.mil/tenets.htm http://www.geemultimedia.com.au/glossary.asp http://www.eweekeurope.co.uk/news/google-china-hack-stole-source-code-5673 D- De e Windews temet ltorer Google O MERCK SPONSIBITY Google Was Hacked 2010 Search NEWSROOM Malware was installed on a Google employee's computer in 2010 The employee opened malicious spyware disguised in email attachments. It was part of a coordinated hack-attack; different methods of hacking were applied at once to create a larger threat. Merck & Co. Hacked in 2008 Brought to you by Eastern European or Chinese hackers. By enticing employees to click on contaminated web sites, email attachments or ads purporting to clean up viruses, hackers gained access to computers used to store and swap proprietary corporate documents, presentations, and contracts. The hackers stole source code and tried to obtain information about American politics and industries. Reference Google "back-traced" the hackers Google discovered evidence that they had hacked up to 33 other companies (including Adobe) and that hackers' activities had been approved, if not supported by, the Chinese government. The consequences will never be the same. http://online.wsj.com/article/SB10001424052748704398804575071103834150536.html Walmart 2005 Reference Hackers from eastern european countries used a pass- word cracker embedded into the server. http:www.bruceongames.com/201001/13google-hacked-by-chinese http:www.eweekeurope.co.ukhewsigoogle-china-hack-stole-source-code-5673 http:/gizmodo.com/5449037/google-hacked the-chinese-hackers-right-back http:www.nydailynews.comv/hewsword/201001142010-01- 14 securty_experts_china_hacked_google_to_steal_us_defense_secretshtml Wal-mart's security code was compromised; 100 mil- lion customers' credit card information became ex- Send Save Now Discard posed and vulnerable. Department of Defense: 2007 Reference: http://www.infosecurity-us.com/view/4579/walmart-epos-system source-code-hacked-how-secure-is-the-payment-card-data/ http://www.abajournal.com/news/article/walmart_was_among_major_ retailers,targeted in_05-06_hack_attacks From: Hackers of unknown origin, rumored to be China's People's Liberation Army Add Bcc Subject: Department of Defense hacked via email T.Mobile: T-mobile Hacker's bill for: 2005 Hacker's Name: Nicolas Jacobsen O Attach a file Flaws in the way the cell phone servers were set up allowed Jacobsen to access information on any of the Bellevue, Washington-based company's 16.3 million customers, including many customers' Social Security numbers and dates of birth. He could also obtain voicemail PINS, as well as being able to down- load photos from compromised phones remotely. The hackers obtained access to sensitive U.S. defense information, leading to significant changes in identity and message-source verification at OSD. Reference http://spectrum.ieee.org/riskfactor/computing/it/dod_admits_to_being_severely_h Reference http://www.securityfocus.com/news/10271 start * 11:20 AM INFO GRAPHIC WORLD 010101 10101010101010 10101