What’s behind the curtain? Part II

In this second of a three-part series covering threats to computer security, we focus on attacks that are more specifically directed against a particular person or company.

Internet usage entails many risks. You surf the Internet to do your work and you end up with a system with degraded performance and an unexpected behavior. Congratulations! No, you did not win the lottery; you have just been hacked!

In the first part of “What’s behind the curtain” article I explained the threats associated with malicious code (viruses, Trojan horses, worms, backdoors, logic bombs and mobile code). As I mentioned in the first part, my target is to briefly list all possible attacks you may face when using the Internet; therefore I will continue my attempt to record the rest of attacks. In this way, you will become informed about the existence of all of these threats, so you can try to avoid them when that’s possible. 

In this article I will discuss four more threats to add to the list:

  1. Denial of Service attack
  2. Password cracking attack
  3. Social Engineering attack
  4. Packet Sniffing attack

Before I go into more detail about these attacks, I would like to briefly discuss the distinction between “hacker” and “cracker.” I received a number of comments about this after the first part of this series was published. I will discuss this issue in more detail in the next article in this series; for now, keep in mind that a ”hacker” is more likely to break into a system for the purpose of discovering the system’s flaws and pointing them out to the owner, while a “cracker” is malicious and actively engages in harming system. The literature on the topic is not careful about distinguishing between these two terms, but its practitioners certainly are!

Now, with that out of the way, let’s look at the attacks. 

{mospagebreak title=Denial of service (DoS) attack}

I will start the discussion with the well known denial of service attack. This attack is characterized as the “kiss of death” to the organizations that depend on the Internet for prospering, i.e. e-commerce, portals, and so forth. It attempts to deny access to specific resources, causing loss of availability for legitimate users of a system. A denial of service attack can cause various types of damage, such as the temporary loss of network connectivity and services, including email; bringing down a website accessed by a lot of people, costing to the company a great deal of time and money; alteration of files; and consumption of resources, including network bandwidth and CPU time. These are just a few of the ways a denial of service attack can harm a business. The sure thing is that until you notice it, you won’t know what hit you.

Common forms of denial of service attacks are:

  • Buffer overflow attacks. The attackers use this form of DoS attack to send more traffic than expected, overflowing the data buffers and causing problems. For example, a buffer overflow attack is set when the attacker sends multiple email messages with attachments that have a 256-character file name.
  • SYN attack. Remember the handshaking process used in the TCP? The packets include a SYN field that identifies the sequence of each packet in the message that sets up the session between a client and a server. The attacker sets a large number of connection requests and then does not respond to the reply. The packet in the buffer is dropped after a period of time and this is repeated for all the fraudulent requests made by the attacker. The effect of this is that legitimate requests cannot establish a TCP session because the server is occupied with all the bogus connection requests sent previously. 

The DoS attack can be organized to use several hundred to several thousand compromised hosts, causing severe damage to the target company. This attack is also known as a Distributed Denial of Service (DDoS). Attackers have been known to use the following four programs to launch DDoS attacks: Trinoo, TFN, TFN2K and Stacheldraht. They install one of these tools on the compromised machines and then they set up an attack to a single target; the flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.   

As you may understand, preventing DoS attacks is critical for all the organizations that use the Internet to do business.

{mospagebreak title=Password cracking attack}

Another well known threat is the password cracking attack. As we all know, passwords ensure that only authorized users are able to gain access to a system. That’s why a strong password is the cornerstone of an effective security strategy. However, most of the time people place convenience ahead of security, creating passwords that they can easily remember. Usually people use words, symbols or dates that have some personal meaning to them to make up their password. As a result, these passwords are simple and can easily be guessed if you know some information about the owner of the password.

Remember that passwords are not stored on the machines in clear text; a special algorithm is used on the passwords to generate a one-way hash value which is stored in the place of the password. The one-way hash is a string of characters that cannot be reversed into the corresponding original password. When you provide your password to log into your system, the one-way hash value is generated and compared to the hash stored on the system. If they are the same, it is assumed that the password provided is the one expected.

Crackers use tools called password crackers to find out your passwords (actually their hash values). These tools work around several techniques; two of the most well known are the following:

  • Brute force attack. A brute force cracker tool simply tries all possible combinations of passwords until it finds the right one; it generates character sequences working through all possible one character passwords, then two characters, and so forth. The process of finding the right password using a brute force attack is time consuming; however, given enough time and CPU power, the password eventually gets cracked.
  • Dictionary attack. A dictionary password cracker tool simply tests a list of dictionary words; it takes every word and encrypts it, comparing the produced hash value with the one stored on the system. If the hashes are equal, the password is considered cracked.

Whatever we say, the easiest way to compromise a system is through a weak password. So it is important to try to enhance your first line of security defense, which is the passwords you choose.

{mospagebreak title=Social engineering attack}

Social engineering is used by hackers to break the trust users place in other people and reveal sensitive information, such as their password. Usually, the cracker tries to gain the confidence of a user in an attempt to compromise the network’s and systems’ security. The cracker can accomplish his purpose by sending email to legitimate users, claiming to be the administrator and asking the users to send him their password to perform an urgent administration work.

The cracker relies on the ignorance of the user to provide him this kind of information; many times people do not think about the value of the information they possess and are careless about protecting it. Another technology through which crackers use social engineering is the phone, as they call the victims to try to find out what they want.

Another social engineering method is called “shoulder surfing.” The “shoulder surfing” method can be used by anyone, even your co-worker. The main characteristic of this method is that someone looks over your shoulder while you type in your password. So be careful when providing your password with people around.

Packet Sniffing attack

Crackers usually use tools such as a packet sniffer to grab information traveling on a network running protocols such as Ethernet and TCP/IP. Sniffing is a passive attack that only reads the data on the network link without altering anything. Sniffing programs are used to steal passwords, read emails and other sensitive information.

When using a packet sniffer to listen to the communication link, the cracker’s NIC card is set to promiscuous mode to watch over any packet that travels on the link you are already using. When there is activity on the link, the sniffer reports it in real time as soon as it detects it.

Usually, the cracker doesn’t need to put a big effort into using these tools. All he needs to focus on is the interpretation of the data provided by the tool, which usually requires only a good knowledge of networking issues and TCP/IP.

These tools are also used by the good guys, i.e. the administrator, to monitor the network and report problems and vulnerabilities in order to fix them before someone takes advantage of them.

Keep in mind that firewalls don’t prevent sniffing, so don’t rely on them to avoid packet sniffing on your network.

{mospagebreak title=Conclusion}

As we can see from the discussion in this article, we may face a range of threats that are either set using specialized tools (denial of service, password cracking, packet sniffing) or are implemented by the human factor (social engineering). The widespread usage of hacking tools and the ease with which they can be used to damage are the main factors that cause more and more attacks to be listed everyday. Of course, human innocence (or lack of knowledge) adds to the problem and makes it even bigger. 

We should not take for granted the need for security. Even the most secure system can be damaged by a well organized threat. Therefore we must be alert at all times, waiting for the unexpected.
We will continue the discussion of the possible threats you may encounter when using the Internet in the next article.










Google+ Comments

Google+ Comments