I agree, this sounds like a very disturbing subject and maybe it is. But are you? Are you inviting hackers on to your network? Let my start by saying that there are 2 types of hackers and only one of them are the type you should be worry’d about.
Most people have a Linkedin, Facebook, Twitter or other type of social profile that is just ‘out there’. Actually even most CEO’s or political persons have public facing profiles, like our former Prime Minister Jan-Peter Balkenende. These people, well maybe not all of them, have no clue of how much information is published and what hackers (of any other person for that matter) can do with it!
Half a year ago i even found a problem with LinkedIn that could cause people to be ‘connected’ on LinkedIn without these persons ever approving it. This was placed on the front-page of the biggest news website in Holland. Just think about it a bit after reading that article, if i were to sent an e-mail to Jan-Peter that means my e-mail is automatically linked to his name.
Ok, enough about him. Back to the difference in hackers and who to fear. First you have the categories ‘script kiddies’; these are the kind of “hackers” that just scan the entire web for servers that might be interesting without having a clue who there ‘hacking’. This is what i would call a suicidal hacker. If you cross the wrong company you are doomed. These ‘Script Kiddies’ tend to be very noisy, with that i mean that they are the type that just scan your entire subnet with ping sweeps to see what IP’s are online and start probing ports. This is the kind of hack that for sure will be noticed by a firewall or IDS.
Second is the real hacker. This type is actually more a detective then just a nerd. This type of hacker finds a very specific target, does a great deal of research and only hacks when he’s almost 100% sure to gather information. This is the kind of hacker that you will not see coming that easily. Whereas the first type would just ping-sweep the range, check all open ports and start checking every exploit – the real hacker sits and waits.
Did you know that the most commonly used passwords in the world are: password, 123456, qwerty, pussy, 12345, letmein and 12345678? Oops, did i just found yours ? 🙂 Well, turns out this is true. Most people have a terrible password combination and even worse they use it for several websites at the same time. So, besides that passwords. What would a real hacker do? He sits and waits, he looks at you. Sounds scary eh? But it’s true. He reads what you type, he sees what you see.
Let’s assume i wanted to hack a bank (no really, for EXAMPLE). Where would i start to look. Let me think. Well there’s only one person that has all the information and i will never get close to him – thats for sure. These guys tend to have a bit of protection. But he has an assistant…. So i would start searching on google to find everything she might like. Why? To spear-fish. After finding out she’s on a cooking-class, has recently joined a dancing studio and so forth i can send her a spam message saying we can give here a discount on new dancing shoes and hope for here to click on it. When she does this will trigger a virus. Thats what spear-fishing is for, not spamming the entire company but just one person and with the exact information that would attract this person to click on.
Of course that would not always work but sending a few emails about several of here interest might do the trick!
Then second, look for open vacancy’s. By looking at what specialty’s there requesting from new employees you can gather almost all the information you need. If for example there looking for a ‘Network Engineer specialized in Cisco’ i know that they have Cisco switches/firewall’s. Most of the time they even specify what type or firmware version they are using. very very dumb. And how about this ‘ Application Engineer, Specialized in Oracle 10/11’. Ohh nooooo!!! there is a huge hole in Oracle 11! Dumbass!
So now we already found out there using Cisco for the network and probably Oracle as there main database. Now we just need to find there network, in most situations i think you will be shocked how easy this is. Try sending a bogus email and look at the headers, if you send an email like <random string>@victim.com you will receive a bounce message saying that the message could not be delivered. In the headers it will state the exact route the e-mail traveled including the host where it ended up, sending you the bounce. Tadaa.
While writing this i just found the sweetest example of a job opening that should be put offline – FOR EVER. If you read this you know the company, the software (RHEL), the version (5/6), we know they use Bind DNS server which has a lot of flaws and they use OpenLDAP. This is just dumb and with this just put the door right open.
These are just a few simple things, there is TONS of more ways. Point of the story, be extremely careful what you put online and make sure you have a secure password policy for all services that you are using.