4:16 PM How Hackers Hack | |
With the click of a mouse on one computer, the screen of the laptop a few feet away flashes wildly as a flood of data flies silently across a private network cable connecting the two machines. Within a minute the laptop's file sharing password is compromised. "The computer is having a bad day," says a reporter as he watches the effect of the attack on his machine. "Packets are coming at it so fast, the firewall doesn't know what to do." Some hackers claim they can teach a monkey how to hack in a couple of hours. We asked two hackers, Syke and Optyx (at their request, we are using their hacking pseudonyms rather than their real names), to give us non-simian reporters a demonstration. What we got was a sometimes-frightening view of how easily nearly anyone's computer--at home or at work, protected or not--can be cracked by a determined hacker. But we also found out that computer users can make a hacker's job much harder by avoiding a few common mistakes. Syke, a 23-year-old a white Hat Hacker, and Optyx, a 19-year-old self-proclaimed Black HAt, both work in computer security (Syke, until recently, for a well-known security software vendor; Optyx for an application service provider). They launch their attack on our notebook from desktop computers located in the windowless basement that is New Hack City, a sort of hacker research-and-development lab (and part-time party lounge). The lab's rooms are filled with over a dozen Sun SPARC servers, assorted network hubs and mountains of ethernet cable, an arcade-size Ms. Pac Man game, and a DJ tower stocked with music-mixing equipment for all-night hacker jams. The methods hackers use to attack your machine or network are fairly simple. A hacker scans for vulnerable systems by using a demon dialer (which will redial a number repeatedly until a connection is made) or a wardialer (an application that uses a modem to dial thousands of random phone numbers to find another modem connected to a computer). Another approach used to target computers with persistent connections, such as DSL or cable connections, employs a scanner program that sequentially "pings" IP addresses of networked systems to see if the system is up and running. Where can a hacker find such tools? On the Internet, of course. Sites containing dozens of free, relatively easy-to-use hacking tools available for download are easy to find on the Net. While understanding how these tools work is not always easy, many files include homegrown documentation written in hacker shoptalk. Among the programs available are scanning utilities that reveal the vulnerabilities on a computer or network and sniffing programs that let hackers spy on data passing between machines. Hackers also use the Net to share lists of vulnerable IP addresses--the unique location of Internet-connected computers with unpatched security holes. Addresses of computers that have already been loaded with a Trojan horse are available for anyone to exploit (in many cases without the owner of the computer knowing). Once
the hacker finds a machine, he uses a hacker tool such as Whisker to
identify in less than a second what operating system the machine is
using and whether any unpatched holes exist in it. Whisker, one of a
handful of legitimate tools used by system administrators to test the
security of their systems, also provides a list of exploits the hacker can use to take advantage of these holes. WAIT FOR THE NEXT PART | |
|
Total comments: 1 | ||
| ||