The methods hackers use to attack your machine or network are fairly simple. A hacker scans for vulnerable systems by using a demon dialer (which will redial a number repeatedly until a connection is made) or a wardialer (an application that uses a modem to dial thousands of random phone numbers to find another modem connected to a computer).
Another approach used to target computers with persistent connections, such as DSL or cable connections, employs a scanner program that sequentially “pings” IP addresses of networked systems to see if the system is up and running. If you have any firewall software, you can see these repeated pings in your log.
Hackers find all these tools, ironically, in Internet. Sites containing dozens of free, relatively easy-to-use hacking tools available for download are easy to find on the Net. While understanding how these tools work is not always easy, many files include homegrown documentation written in hacker shoptalk.
Among the programs available are scanning utilities that reveal the vulnerabilities on a computer or network and sniffing programs that let hackers spy on data passing between machines.
Hackers also use the Net to share lists of vulnerable IP addresses–the unique location of Internet-connected computers with unpatched security holes. Addresses of computers that have already been loaded with a Trojan horse are available for anyone to exploit (in many cases without the owner of the computer knowing).
Once the hacker finds a machine, he uses a hacker tool such as Whisker to identify in less than a second what operating system the machine is using and whether any unpatched holes exist in it. Whisker, one of a handful of legitimate tools used by system administrators to test the security of their systems, also provides a list of exploits the hacker can use to take advantage of these holes.
There are so many conditions that make the life easier for hackers. it easier for them to hack into a system. Lax security is one of them–such as when a company uses no passwords on its system or fails to change Windows’ default passwords.
In October 2000 hackers broke into Microsoft’s system and viewed source code for the latest versions of Windows and Office after discovering a default password that an employee never bothered to change.
Other common mistakes: When system administrators don’t update software with security patches, they leave vulnerable ports open to attack. Or when they install expensive intrusion detection systems, some fail to monitor the alarms that warn them when an intruder is breaking in.
Still another boon to hackers is a firewall or router that is misconfigured, allowing hackers to “sniff” pieces of data–passwords, e-mail, or files–that pass through the network.
Once a hacker cracks into a system, his next goal is to get root, or give himself the highest level of access on the machine. The hacker can use little-known commands to get root, or can search the documents in the system’s hard drive for a file or e-mail message that contains the system administrator’s password.
Armed with root access, he can create legitimate-looking user accounts and log in whenever he wants without attracting attention. He can also alter or delete system logs to erase any evidence (such as command lines) that he gained access to the system.