This article will in brief describe some steps you can take to protect and detect a hacker attempt, understood as someone trying to gain access to you system. Some technical terms will be used which will not be explained, so if you are not familiar with the term please go to http://www.whatis.com/ and look it up if you can't comprehend the issue described.

Hackers and their methods:

There are in general five types of threats when we talk about system security

1. Spies
2. Hackers with purpose
3. Script kiddies
4. Automatic worms
5. Virus

Spies often work in teams, they have the tools, money and equipment to bypass even the most advanced IDS (Intrusion Detection System) systems and advanced firewalls. Even well IT-educated personal and strong security procedures will in some cases not be enough to keep them out. However having the security in place will give you a fair chance.

Hackers with purpose, "Black hat" hackers, know the professional audit tools and know how to hide them selves and very often capable of writing their own code. These guys are found in the Black hat/Cracker environment. A good IDS, well configured firewall, surveillance and procedures will keep these guys out.

Script kiddies has some knowledge about operating systems and network. They can script small shell/Dos script that can expose or harm your computer and data. These Script kiddies are often those who hack websites and brag about it too. Script kiddies can often "hack by accident" because they found a neat tool on the web and then they change a few things (they have too much time on their hands). Before they know it the tool has breached into a system and personally I don't think they take the time to worry about the consequences. A good firewall with IDS and of course the right setup of those will keep you safe from most of these.

Worms can be stopped both entering and also spreading by having just a hobby firewall with port blocking. A good antivirus program is your friend in this case.

Virus can often be stopped by a good antivirus scanner with real time scan. The virus can if not detected cause a security breach to your system which potentially is an open door to a hacker.

The IDS concept:

As you can see above, IDS is a term repeated over and over again. IDS is today built into almost any router with a firewall. This system can detect if someone is trying to break in, or is looking at you for potential security breaches. The IDS systems can log these events and often they can be set up to alert you as well, either by email or other ways. The important word here is "log", logs are meant to be read and not just something that is generated for fun. A daily check or perhaps just weekly checks can often tell you what has been happening with your network. Remember that some hackers are really not interested in your network; they just need a new host to hack from.

Tools of the hacker:

Just to mention it, if you are clapping your hands now, no tools that can be used to directly hack or teach you to hack will be mentioned or discussed.

One of the most important tools of the hacker, believe it or not, is virus/worms/trojans, spread by email, PTP filesharing, etc. Any of these can potentially open a door into your system and/or disable your antivirus; worms and trojans are especially dangerous. Worms can often operate on their own, in which case they install themselves on your pc and report back to some point where the hacker can collect information on your system. Also it will spread itself to other computers all by itself.

In 1989 the first worm traveled around the world on the Internet (The Morris Worm), in 1997 the world saw the first client-based worms. Things have not slowed down since. Nimda was spread around the world in 2002, and took only 24 hours to do so. In 2003 came the Blaster virus, which took just 5 hours to spread worldwide. Now in 2004 SDBot is enjoying itself on computers. For reference I can mention is has a network sniffer built in and a keylogger.

Other tools used by the hacker are really simple, google.com for one is a great tool for finding information, and also trace route, ping and port scanners are very common. All of them built into almost any operating system. All of them are used to find vulnerabilities on your network. If something is found, the skilled hacker knows how to exploit this vulnerability and by that gain access to your system.

Social Engineering is another way. The hacker calls a company and tries to get internal info by saying that he is someone that works for the company. Try to search google for Kevin Mitnick. Sometimes even you make it easy for a hacker. Are you using a google toolbar in Internet Explorer? Well guess what, up to version 1.1.58 this toolbar allows execution of random code on any machine visiting a website. As of September 17th 2004, all versions of google toolbar is vulnerable to cross site scripting and remote code execution.

How about Gator? With Precision Time Manager, eWallet and so on. Let's just say Gator in all versions so far allows execution of random code by any machine visiting a website. Did you ever use Webshots screensaver, well then you will be happy to know that anyone now can unlock your pc without password if they know how.

Another way is spoofing. By spoofing I mean cloning your bank's website and then send you an email with a link to this site, asking you to login and check something. There are a lot of examples about this and I think we do not need to tell more about this.

What's in it for the hacker?

Well except for those who just take it as a challenge to see if they can, there are those who brag about it and there are those who do it because they can make money out of it.

So how does the hacker get money out of it? Well first of all, you surely have net banking and most likely one of those where a "keystore" is on your computer. Once the hacker gains access to the computer he can sniff your password and copy the keystore. The only somewhat safe solution is the banks that use a keycard instead with random codes and no keystore. The keystore is actually almost the same as if you have a digital signature. Today you can access your tax, medical record or even get married with a digital signature. Imagine a hacker in a bad mood getting hold of that :)

Another way hackers use to gain money is to blackmail online gambling sites. If a hacker has access to let say 200,000 computers, he can launch a so-called DDOS attack which can make the gambling site go offline for days. Imagine what this would cost the gambling company compared to maybe paying the hacker 10,000 and he will leave you alone.

Where are the entry points?

Now let us say you have a web server, a database server and LDAP server for user authentification and privileges. Your web server may be secure if it is updated, however be sure to turn off the banner in it that tells the user what kind of web server it is. If you want to test a little and have a Cisco Pix firewall you can change the banners in it and set it up to listen for traffic on this. Potentially you can catch your hacker.

Now back to your web server that serves your website. This web server has full access to your database server. If you configuration is not right the hacker can exploit SQL queries and either add himself or just delete everything you made. If he chooses to add himself then he can gain access behind your security and nothing will stop him from adding himself on your network with administration privileges.

Options on this account are many, FTP servers, web servers, misconfigured firewalls etc. The point here is if you find out that someone has been in, don't just close the security breach and think everything is ok. Often the hacker made sure to make backup ways to get in, and you are back at the same point. So check everything, its just as important as closing the breach.

Another weak link:

So now you invested a lot of money in security equipment and feel safe from hackers. Did you remember to consider the home workstations and the security on them? Well home workstations with kids and the user left alone to surf naughty sites and other great places to catch something that will break into your system. Of course the home workstation also has a VPN connection setup to the company right thru your 10,000 Dollar firewall. Go figure...

Other topics:

Not because I hate Microsoft in any way, but I feel I should share this. In Outlook all versions except 2003 images are loaded in the preview pane when looking at emails. The Microsoft rendering machine for jpg images allows random code to be executed on your machine. So if you think jpg images are safe, well think again. A note: this is not just Outlook, but actually any program that uses the same rendering machine. Executing random code on your computer means that a backdoor or worse can be installed. If you want to research a little in the history of this try remembering the Subseven server.

Are you using NTFS filesystem on your pc? Then you should for sure read about the Microsoft Scarlett letter. What can be done by the hacker is really that files can be stored on the disk and not validated at all. This is called alternate datastreams. Now what happens is that the hacker can fill up your hard drive and windows will not show the files nor report the space used by these files. So in theory the hacker can make your system really unstable by leaving you with space at all.

Are you using a wireless network? Most likely you are from time to time and I just want to point out that even though you have hidden your SSID and set 64 or 128 bit encryption, it will take a just fair skilled hacker from 2 minutes and up to 2 hours to gain full access to your network. Point here is that you can't do anything about it in most cases if you are a home user. If it's a company, they can make the validation on the wifi network go over a radius server. Explore more about this yourself, there is lots of info and articles about wifi networks.

Are you using an old CRT monitor (the big ones)? Well a hacker can actually for less than 100$ tap your screen by rebuilding an old transistor radio and connect it to a notebook. Fun huh?

Are you using a handheld pc (Compaq, Ipaq) and are you using windows ME? Well it's a 400 MHz computer with up to 1 GB RAM, pretty powerful stuff. Question is, are you using a firewall on it when traveling around with it. Reconsider getting the money saved on a firewall for it.

Last issue here is Bluetooth. Bluetooth can also be hacked, so your phone can also be abused and exploited. If a hacker gains access to it he can call long distance numbers, see everything on your phone and even make it call himself so he can hear what you are saying at this top secret meeting. For reference, Bluetooth normally reaches up to 50 meters at max, but at eyesight it might go longer.

I hope this was useful reading to you. Don't be scared about all my horrible examples but be alert for the signs of a hacker. This article was meant to inform you about the concept of a hacker and that they can do bad things. If after reading this, you have decided to be a l33t hAxOr, then you misunderstood the point of everything. However, testing your own system or friend's for breaches can be fun and useful. Just remember to stop at the point of detecting a breach and close your system tighter. If you can manage that, you actually are a hacker (White Hat Hacker), and you are on the nice guy team.

Be safe!
Chemunga

Statements:

If an hacker want to get in a system, its only a matter of time. You cant do anything against that... But security systems does not exist to avoid such situations, they exist to make the intrusion as heavy as possible. The most intruders are interesting in efficiency... means minimal effort to get great among of information. Hence, the most home users are not the target of hackers, more of script kiddies... but official systems are much more interesting to intruders, so here all what can be done is a rigid firewall structure and IDS (Intrusion Detection System), in cooperation with the police you can protect your organization pretty well against intrusions. For you, as a home user, it is good to understand a firewall and to use one, using a firewall without understanding it is more dangerous than no firewall, because most users are getting a false feeling of safety behind a small software, which they believe to be a magic box.

c-wolf