Learning Center
Plans & pricing Sign in
Sign Out

The Hacker


  • pg 1
									12   I   into IT

 You can manage what you know about; it's what you don't
 know about that creeps up and stabs you. For the IT       The hacker
 manager, computer hacking is one such sword of            Technically, a "hacker" is someone who is
                                                           enthusiastic about computer
                                                           programming and all things computer
 Damocles for which sensible preventive                    related, and is motivated by curiosity to
                                                           reverse engineer software and to explore.
 and detective measures have become
 essential. And in common with other
 disasters in waiting, infiltration should
 feature in contingency planning.

 For the benefit of those readers
 unfamiliar with computer
 hacking, N. Nagarajan of the
 Office of the Comptroller
 and Auditor General of
 India gives an overview
 and explains some of
 the terms associated
 with it.

The basics of protecting against computer hacking
                                                                                                                         into IT   I   13

The term "cracker", on the other hand,
describes those who apply hacking skills
                                                 Computer hacking                                the area of fraud. However, other
                                                                                                 motives include espionage (both
to gain unauthorised access to a                 Hacking is in some ways the online              governmental and commercial
computer facility, often with sinister           equivalent to burglary; in other words          secrets) and the obtaining of
motives. But "cracking" never really             breaking into premises against the              personally sensitive information that
caught on, perhaps due to the grey               wishes of the lawful owner - in some            might be used for tracing people,
area that exists between the two                 jurisdictions a crime in itself - from          deception and blackmail;
activities and to the media's widespread         which other criminal acts such as theft     G   alteration or deletion of data
use of "hacking" as a term synonymous            and/or damage generally result.                 and code: most organisations now
with computer crime. I will not
                                                 Computer hacking refers to gaining              depend to some extent on comput-
therefore try to buck the trend in this
                                                 unauthorised access to, and hence some          erised information systems, and any
                                                 measure of control over, a computer             act resulting in significant corruption
                                                 facility, and most countries now have           or deletion of corporate data could
                                                 specific legislation in place to deter          have serious implications on their
                                                 those who might wish to practice this           ability to transact business;
                                                 art and science. In some jurisdictions,     G   degradation or cessation of
                                                 unauthorised access alone constitutes a         service: acts that result in systems
                                                 criminal offence, even if the hacker            being unable to carry their
                                                 attempts nothing further. However, in           workload or that fail altogether,
                                                 practice, hackers generally have a              could also have serious business
                                                 particular target in mind, so their unau-       implications;
                                                 thorised access leads to further acts,
                                                 which national law might also define as     G   use of computer resources:
                                                 criminal activities. These can be               this impact is really inherent in the
                                                 summarised under the headings of                previous three, but it's worth
                                                 unauthorised:                                   mentioning separately because an
                                                                                                 emerging problem is the use by
                                                 G   obtaining of confidential                   hackers of other people's systems
                                                     information: perhaps the major              (extending to home PCs) to store
                                                     growth area in computer crime is            illegally obtained data or to mount
                                                     "identity theft", in other words the        attacks on other systems. There are
                                                     obtaining of personal information           documented cases of systems
                                                     that can then be used to commit             hacked in this way - sometimes
                                                     other serious offences, usually in          referred to as "zombies" because
                                                                                                 they are no longer in the full control
        The Ten Immutable Laws of Security                                                       of their unsuspecting owners -
                                                                                                 being used to store child
        1    If a bad guy can persuade you to run his program on your computer, it's             pornography and material that
             not your computer anymore.                                                          breaches copyright law (e.g.
        2    If a bad guy can alter the operating system on your computer, it's not your         copyrighted music files), to mount
             computer anymore.                                                                   distributed denial of service attacks
        3    If a bad guy has unrestricted physical access to your computer, it's not            on other systems, and to distribute
             your computer anymore.                                                              spam e-mail.
        4    If you allow a bad guy to upload programs to your web site, it's not your       Finally, it's worth emphasising that the
             web site any more.                                                              term "hacker" applies both to outsiders
        5    Weak passwords trump strong security.                                           and to otherwise authorised personnel
        6    A machine is only as secure as the administrator is trustworthy.
                                                                                             who misuse their system privileges, or
                                                                                             who impersonate higher privileged
        7    Encrypted data is only as secure as the decryption key.
                                                                                             users. This sad fact needs to be
        8    An out of date virus scanner is only marginally better than no virus            recognised when formulating corporate
             scanner at all.                                                                 security policy.
        9    Absolute anonymity isn't practical, in real life or on the web.
        10   Technology is not a panacea.
        Source -
14   I   into IT

                                                                                                             dential waste can prove fruitful.
 Just another security update for Microsoft Internet Explorer                                                Perhaps the quickest and easiest way to
 Are You on a Network?                                                                                       gain physical access to an organisation's
                                                                                                             computer facilities is to join the
 If your computer is part of a managed network, contact your organization's system
                                                                                                             contract cleaning force, which often
 administrator before making changes to your computer.
                                                                                                             works unsupervised and outside normal
 Why We Are Issuing This Update
                                                                                                             office hours.
 A number of security issues have been identified in Microsoft® Internet Explorer that
                                                                                                             Password attacks: obtain a valid
 could allow an attacker to compromise a Microsoft Windows®-based system and then
                                                                                                             password to the system and you
 take a variety of actions. For example, an attacker could run programs on a computer
                                                                                                             become just another legitimate user.
 used to view the attacker's Web site. This vulnerability affects computers that have
                                                                                                             This is particularly dangerous where
 Internet Explorer installed. (You do not have to be using Internet Explorer as your Web
                                                                                                             the hacked account has special
 browser to be affected by this issue.) You can help protect your computer by installing
                                                                                                             privileges assigned to it that permit
 this update from Microsoft.
                                                                                                             wide-ranging system access and use.
 Source - Microsoft Security Bulletin MS03-032                                                               A successful password attack is both
                                                                                                             difficult to detect and difficult to
Approaches to hacking                            weaknesses) in infrastructure software
                                                 and communications protocols offer
                                                                                                             prevent because password security
                                                                                                             depends largely on the user. Keystroke
There are several basic strategies for           seemingly endless tactical possibilities,                   loggers and social engineering (see
hacking a computer facility: physical            as is evidenced in the never-ending                         terminology below) are methods of
intrusion; password attacks; network             stream of security updates (see                             capturing passwords, while people
access; web server attacks; and e-mail           example).                                                   often share their personal passwords
attacks, but there are a multitude of            Physical intrusion: an attacker's work                      with others, write them on notes that
tactics that can be used to implement            is made easier by gaining physical                          they attach to their terminals, and fail
them. For example, security flaws (or            access to a machine's keyboard or to                        to change them periodically. Password
                             design              network junction boxes. Physical access                     cracking programs perform an
                                                     opens up such possibilities as                          elaborate process of guessing 'weak'
                                                                    installing a keystroke                   passwords by trial and error, using
                                                                        logger1; installing                  combinations of words from different
                                                                         unauthorised                        languages, names (places, people,
                                                                        hardware devices                     characters in books), jargon, slang, and
                                                                       (e.g. linking a                       acronyms. These are tried backwards,
                                                                      modem that                             in two-word combinations, in combina-
                                                                     bypasses the                            tions with numbers substituted for
                                                                   corporate firewalls to                    letters, etc. Vendors often ship infra-
                                                                  the network); tapping                      structure software with the administra-
                                                                 junction boxes through                      tor account passwords set to default
                                                                which network traffic                        values; because these are widely
                                                               might be analysed; gaining                    known in the hacking community, they
                                                              access to system docu-                         provide an easy route into a computer
                                                              mentation, printouts and                       facility if left unchanged.
                                                             to written notes of their                       Network Access and Web Server
                                                             passwords left by reckless                      Attacks: computers forming part of a
                                                            users. Even access to confi-                     local area network that is in turn

                                                                 Hardware or software than captures the user's keystrokes, including their passwords.
                                                                                                                                              into IT   I   15

connected to the Internet are exposed
to a range of potential logical access
                                                                Managing common                                  G   systems administrators occupy
                                                                                                                     positions of extreme trust; it
risks. A network's primary purpose is                           vulnerabilities                                      follows that they should themselves
to permit users to access resources                                                                                  be trustworthy. Be very careful
and exchange information, but hackers                           A compromised system can be a self-                  who you permit to have system
can also use the network for the same                           inflicted injury due simply to the basic             administrator-level access to your
purpose. There are different ways to                            precautions having being ignored:                    network particularly when hiring
achieve unauthorised access under this                          G   ensure that your computer has                    new staff or appointing people to
heading, many being technically sophis-                             good physical security, consistent               cover for absences. Consider
ticated. One set of approaches exploits                             with both its value in terms of                  implementing a policy of "least
features of networking software that                                replacement cost and the conse-                  privilege"3 and review periodically
make it accessible from outside the                                 quences that could stem from its                 the privileges that have been
network. Another set exploits                                       data being disclosed or destroyed.               allocated, to whom and for what
browsers; for example, browsers                                     Secure sensitive areas; manage                   purpose;
maintain or have access to information                              access keys; consider installing             G   infrastructure software - in
about the user and computer that a                                  intruder alarms. Ensure communica-               particular the operating system and
hacker can exploit. A hacker could also                             tions junction boxes are secured                 firewalls - generates logs that
cause a browser to launch an "applet"                               and inspect them periodically for                record who is using (or attempting
(a program that runs in conjunction                                 signs of tampering - network admin-              to use) the system, for what
with the browser) to hack the                                       istration packages can detect unau-              purpose and when. This
computer or network, or to send back                                thorised physical devices connected              information can prove vital in
information that is not normally                                    to the network. Provide a secure                 detecting unauthorised activity - for
accessible from outside. Once access is                             waste disposal service for computer              example, attempted access to par-
gained, "island hopping" through the                                printouts and removable media;                   ticularly sensitive accounts or files -
network is sometimes possible by
                                                                G   formulate a sensible password                    and system use at unusual times.
exploiting trusted relationships
                                                                    policy for authenticating users and              Logs should be reviewed frequently
between interconnected computers -
                                                                    enforce it. Consider the need to                 - it may be necessary to develop or
the fact is that a network of computers
                                                                    strengthen password authentication               purchase a log monitoring and
that trust each other is only as secure as
                                                                    with tokens or biometrics. Disable               analysis package to enable key
its weakest link.
                                                                    unnecessary services and accounts                system messages to be detected
The basic solutions to this family of                               promptly;                                        quickly. An unplanned increase in
security risks are to keep abreast of
vendor security updates - such as the
Microsoft example illustrated - and to                           Autorooter
maintain an effective "firewall"2.                               ...a Trojan horse, potentially spread by e-mail, which exploits a Windows vulnerability to
                                                                 allow a hacker to gain control of infected computers.
Email Attacks: e-mail is a major route
into networked computers. Typically, a                           This DCOM-RPC exploit only affects Windows XP/2000 Pro/NT computers, which can
Trojan horse program is buried within                            use Remote Procedure Call. As the Trojan is incapable of spreading by itself, the file
an innocuous-looking attachment to an                            reaches computers through infected e-mail messages, inside files downloaded from the
e-mail message (see the Autorooter                               Internet or even on floppy disks.
example). The Trojan is launched when                            When run, Autorooter creates files, including RPC.EXE, which exploit the operating
the attachment is opened (or                                     system vulnerability by opening communication port 57005 and logging on with the
sometimes viewed) and covertly passes                            same privileges as the computer's user. It also downloads a file called LOLX.EXE,
control of the computer to the hacker.                           which opens a backdoor in the computer. After that, the infected computer is at the
                                                                 mercy of the hacker who can gain remote control through the port created.
2                                                                Because it doesn't show any messages or warnings that may indicate that it has
    A combination of hardware and software that limits
                                                                 reached the computer, Autorooter is difficult to recognise.
    external access to networked computers and resource.
    The least level of privilege consistent with performing a
    particular role.
16   I   into IT

     disc storage, slower than expected                                                   successfully tested) disaster recovery
     network performance and                    It's vital to appreciate that:            arrangements in place may find it com-
     suspicious-looking outbound                G    security consists of both            paratively easy to transfer their key
     connections can be other indicators             technology and policy; that is,      operations to a disaster recovery site
     that you have a cuckoo in the nest;             it's the combination of the          while they thoroughly investigate and
                                                     technology and how you use it        sanitise their home site.
G    make sure that your system files
     (including the Registry) are well               that ultimately determines how       You should consider the extent to
     protected from unauthorised                     secure your systems are;             which you back up your firewall and
     change. Apply the principle of least       G    security is journey, not a           other significant logs. Assuming the vul-
     privilege to limit what users are able          destination. It's not a problem      nerability that gave rise to the attack is
     to do. Implement a change control               that can be "solved" once and for    not apparent, you may need to look
     procedure to ensure at least two                all, but a continual series of       back, perhaps weeks, to identify when
     people are involved in important                moves and countermoves               and how the intrusion occurred
     system changes and that all changes             between the good guys and the        (another plus in favour of frequent log
     are recorded. Periodically audit                bad guys;                            reviews). Furthermore, should events
     your system software for unautho-          G    the key is to ensure that you        finish up in the hands of the police, the
     rised executables;                              have good security awareness,        police are likely to need the evidence
                                                     appropriate security policies        contained in your logs to support a
G    never run or download software
                                                     (that you enforce), and that you     prosecution.
     from an untrusted source (the
     source from which it was obtained               exercise sound judgment.             You will also need to consider who to
     might not be the same as the                                                         inform when you discover the
     developer). If you run a web site,
     you should control closely what
                                              Planning for hacking                        problem. This will involve striking a
                                                                                          balance between those who need to be
     visitors can do; in particular, you      incidents                                   involved in the investigation, top
     should only permit programs on the                                                   management - but only when you have
     site that you obtained from a            So, you discover that your system has       concrete proposals to make to them -
     trusted developer;                       been hacked. What next? Well, first it's    and everyone else, at least until the
                                              necessary to backtrack and consider         evidence has been preserved.
G    typically, a new virus or Trojan does    planning for this possibility. Sit down
     the greatest amount of damage            with colleagues and write down a            Investigation needs to be thorough;
     early in its life when few people are    strategy to guide your response,            focusing on a single vulnerability before
     able to detect it. Thus, an out of       exactly as you would for any other          restoring service might overlook the
     date virus scanner is only marginally    aspect of contingency planning. Who         existence of backdoors that the hacker
     better than no virus scanner. New        will form your incident response team?      has inserted to enable easy re-entry
     viruses and Trojans are created          What are your goals going to be and in      later. A thorough investigation will
     virtually every day, so it's vital to    what order of priority? In most cases       involve advanced networking
     keep your scanner's signature file up    they are likely to be first, to prevent     techniques, adeptness with software
     to date - virtually every vendor         further intrusion, then to identify the     tools, system administration,
     provides a means to obtain free          vulnerabilities that led to the attack,     data/system recovery, technical skills
     updated signature files from their       assess the damage and consider what         that might not be at your immediate
     web site.                                remedial action needs to be taken (e.g.     disposal. Thus, it might be prudent in
When you're satisfied that the basics         what would you do were you to
are both in place and operating, why          suspect identity theft?). Will you assign     The hackers' hit parade
not consider hiring a reputable firm of       resources to identifying the intruder?
                                                                                            Security firm Qualys produces a
security specialists to undertake a           Will you involve the police?
                                                                                            real-time index of the vulnerabilities
"penetration testing" programme to            One of the first points to consider is        that are the current favourites of the
assess the extent to which your               whether to disconnect from your               Internet's computer hacking
scheme of control rests on solid              external networks to limit damage and         community. You can obtain details of
foundations rather than on sand?              prevent further infiltration to other         each vulnerability by clicking on each
                                              trusted networks. Assuming the attack         entry in the 'ID' column of the vulner-
                                              is external, remaining connected may          ability table.
                                              leave the hacker able to observe and
                                              negate the response team's actions.           ts/current.html.
                                              Organisations that have reliable (i.e.
                                                                                                                    into IT   I   17

  Responding to intrusions                  Conclusion                                  Firewall - the online equivalent of the
                                                                                        'man on the door' who, when a visitor
  G    understand the extent and            In the context of computer hacking,         arrives in the foyer, asks for proof of
       source of an intrusion;              knowing what you do not know is             identity, checks the appointments book,
  G    protect sensitive data contained     manageable, hence the importance of         contacts the host, issues a temporary
       on systems;                          good preventive and detective               pass and perhaps inspects the visitor's
                                            measures, such as log review and            baggage before permitting - or denying
  G    protect the systems, the
                                            intrusion detection systems. The less       - entry.
       networks and their ability to
                                            fortunate are those who remain in self-     A network firewall sits at the junction
       continue operating as intended;
                                            inflicted ignorance - maybe for weeks       point or gateway between two
  G    recover systems;
                                            or months - that their system has been      networks - usually a private network
  G    collect information to better        infiltrated and their business is being     and a public network such as the
       understand what happened.            damaged.                                    Internet - its purpose being to reduce
       Without such information, you
                                            Regardless of the strength of your          the risk to networked computers of
       may inadvertently take actions
                                            preventive and detective measures, be       intrusion. It may be a hardware device
       that can further damage your
                                            prepared for hacking incidents, particu-    or software running on a secure host
                                            larly if your organisation relies heavily   computer. In either case, a firewall has
  G    support legal investigations.                                                    at least two network interfaces, one for
                                            on networks (the Internet, WANs and
  Source:                      LANs) for its operations and customer       the network it is protecting and one for
                                            services. Should you fall victim, a         the untrusted network to which it is
your planning to identify reputable         thorough investigation of a                 exposed. Because firewalls cannot
security specialists well versed in         compromised system - while                  decide for themselves whether traffic is
penetration testing that might be called    disruptive, time-consuming, expensive,      hostile or benign, they must be
upon to assist with sanitising and          and tedious - is essential. The             programmed with rules (a "security
rebuilding your systems.                    temptation is to give in to pressure to     policy") that govern the types of traffic
                                            resume operations quickly by closing        to allow or deny.
In addition to identifying the system
                                            the obvious vulnerabilities and trusting    In addition to guarding external
vulnerabilities exploited by the hacker,
                                            to luck that the system is clean. That      connections, firewalls are also
a critical review and reconciliation of
                                            could easily be a false economy.            sometimes used internally to provide
activated accounts (particularly those of
guests, supposedly disabled accounts                                                    additional security by segregating sub-
                                                                                        network that give access to highly
and those whose presence can't be
explained) and their associated system
                                            Some terminology                            sensitive applications.
privileges, while tedious, could reveal     Buffer overflows - are due partly to a      Honey Pots - decoy servers or
other unused entry points the hacker        characteristic of some programming          systems designed to gather information
has set up against a rainy day; likewise,   languages, such as C, which poor            about attackers. A honey pot, which is
you should confirm the status of all        programming practices then                  set up to be easier prey for attackers
interconnected 'trusted' systems.           exacerbate. An overflow occurs when a       than genuine production systems,
                                            program attempts to store more data         incorporates modifications that enable
Scan the system for Trojans. These are
                                            in temporary storage area, or "buffer",     intruders' activities to be logged and
typically identified by antivirus
                                            than it can hold. Since buffers are of      traced. The theory is that when an
packages, but their scan engines have
                                            finite size, the extra information          intruder breaks into a system, they will
varying degrees of success, particularly
                                            overflows into adjacent buffers thereby     return. During subsequent visits,
if not up-to-date, so scan using (up-to-
                                            corrupting or overwriting the valid data    additional information can be gathered
date versions of) several packages.
                                            held in them. This would normally           and additional attempts at file, security,
Note: there is more information on          cause a program failure or even a           and system access on the Honey Pot
incident response at...                     system crash, but a skilfully crafted       can be monitored and saved. Most               overflow can also be exploited as a         firewalls can be configured to alert
improvement/modules/m06.html                form of security attack. The attacker       system administrators when they
                                            can gain control by creating an             detect traffic entering or leaving a
                                            overflow containing code designed to        honey pot.
                                            send new instructions to the attacked
                                            computer, hence the relevance of            Identity theft - involves taking over an
                                            buffer overflows to hacking.                individual's identity by stealing critical
                                                                                        private information, such as the Social
                                                                                        Security number, driver's license
18   I   into IT

                                           resources and activities and, using        compromise the system, or be used in
 Example of a buffer overflow              information gathered from these            a social engineering attack. For
 vulnerability                             sources, alerts system administrators      example, a keylogger will reveal the
                                           on identifying possible intrusion.         contents of all e-mail composed by the
 The Phone Book Service that runs on
                                                                                      user. Keylogger programs are
 Internet Information Services (IIS) 5.0   Firewalls (see above) work only at a
                                                                                      commonly included in rootkits and
 has an unchecked buffer (a                network's point of entry with packets
                                                                                      remote administration Trojans. A
 temporary data storage area that has      as they enter and leave the network.
                                                                                      keystroke logger can also take the form
 a limited capacity but no specification   An attacker that has breached the
                                                                                      of a hardware device, independent of
 for the amount of information that can    firewall can roam at will through a
                                                                                      the operating system, which plugs in
 be written into it) in the code that      network - this is where an ID system
                                                                                      between the keyboard and the main
 processes requests for phone book         becomes important.
                                                                                      system (for PCs). They simply record
 updates. A specifically malformed
                                           Intrusion Prevention - systems             what is typed at the keyboard; the
 HTTP request from a malicious user
                                           monitor for suspicious activity with the   hacker can later retrieve the device
 can cause a buffer overflow in the
                                           aim of proactively blocking potential      and examine its contents.
 Phone Book Service, which might
                                           attacks. Typically, an IP system
 allow the malicious user to run unau-                                                Phishing - occurs when a consumer
                                           comprises a software agent that resides
 thorized code on the server, or cause                                                receives a deceptively legitimate
                                           near to the host's operating system
 the service to fail.                                                                 looking e-mail from what appears to be
                                           kernel, which monitors system calls
 Source: extract from a Microsoft                                                     a reputable company (see Spoofing).
                                           before they reach the kernel using a
 security update.                                                                     The e-mail might ask a recipient to, for
                                           rules engine to identify potentially
                                                                                      example, update their credit card
                                           suspicious activity. This can then be
                                                                                      information, and/or provide other
number, address, credit card number,       halted, or the systems administrator
                                                                                      personal details to avoid their account
or bank account number. The identity       alerted. A drawback is that IP systems
                                                                                      being terminated. Another approach is
thief can then use the stolen              can respond to legitimate activities and
                                                                                      for the sender of the message to offer
information to obtain loans or credit      generate false alarms. Defining
                                                                                      a service, for example to protect their
lines to buy goods and services under      exceptions can reduce such false alarms,
                                                                                      credit cards from possible fraud. Those
the stolen name. Identity thieves          but there are pros and cons to this.
                                                                                      stung by phishing are victims of
typically change the consumer's mailing    Keystroke logger (or keylogger) - is       "identity theft" (see above).
address to hide their activities.          a program that runs in the background
Intrusion detection - the art and          recording all keystrokes. Once logged,
science of detecting when a computer       the keystrokes are returned to the
                                           hacker who peruses them carefully to
                                                                                        Attempted identity theft
or network is being used inappropri-
ately or without authority. An ID          identify passwords and other useful          National Australia Bank customers
system monitors system and network         information that could be used to            became targets for an e-mail fraud in
                                                                                        which they were sent (grammatically
                                                                                        incorrect) requests, purportedly from
                                                                                        the bank, requesting them to connect
                                                                                        to the NAB web site.
                                                                                        "Dear valued customer," it read, "Our
                                                                                        new security system will help you to
                                                                                        avoid frequently fraud transactions
                                                                                        and to keep your investments in
                                                                                        safety." The e-mail encouraged
                                                                                        recipients to click a link in the body of
                                                                                        the message, which then connected
                                                                                        them to a site that mimicked the NAB
                                                                                        Web site but that had been set up to
                                                                                        capture their login and password
                                                                                        The scam used a message previously
                                                                                        used to targeted other banks'
                                                                                                                     into IT   I   19

Rootkit - a collection of tools and          Spoofing - in essence a technique that      Trojan horse - a name derived from
utilities that a hacker can use to hide      depends on forging the identity of          the classic Trojan horse in Homer's
their presence and gather data to help       someone or something else ("mas-            Iliad. After spending many months
them further infiltrate a network.           querading"), the aim being to alter the     unsuccessfully besieging the fortified
Typically, a rootkit includes tools to log   trust relationship between the parties      city of Troy, the Greeks evolved a
keystrokes (see keylogger above),            to a transaction.                           strategy. They departed leaving behind
create secret backdoor entrances to                                                      them as a gift a large wooden horse,
                                             In the online world, there are different
the system, monitor packets on the                                                       which the citizens of Troy brought into
                                             flavours of spoofing. A hacker might
network to gain information, and alter                                                   town. Unknown to them the horse
                                             employ sophisticated e-mail spoofing to
system log files and administrative tools                                                contained Greek warriors, who at night
                                             make it appear that an e-mail requiring
to prevent detection.                                                                    jumped out and opened the city gates
                                             the victim to confirm their account
                                                                                         letting in the Greek army who had
Social engineering - in his book, The        details, including such information as
                                                                                         been in hiding.
Art of Deception: Controlling the Human      their logon ID and password, has been
Element of Security4, arch hacker Kevin      sent by a reputable person or organisa-     In the IT environment - and setting
Mitnick poses the question: why bother       tion (see "phishing" and "social            aside the legitimate use of network
attacking technology when the weakest        engineering" above).                        administration tools - Trojans are
link lies not in the computer hardware                                                   generally considered a class of
                                             IP spoofing is another common form of
or software, but in humans who can be                                                    "malware" that, like their predecessor,
                                             online camouflage, in which a hacker
tricked into giving up their passwords                                                   contain covert functionality. They act as
                                             attempts to gain unauthorised access to
and other secrets? Mitnick goes on to                                                    a means of entering a target computer
                                             a computer or network by making it
state that social engineering "uses                                                      undetected and then allowing a remote
                                             appear that a packet has come from a
influence and persuasion to deceive                                                      hacker unrestricted access and control.
                                             trusted machine by spoofing its unique
people by convincing them that the social                                                They generally
                                             Internet IP address. A countermeasure
engineer is someone he is not, or by                                                     incorporate a rootkit
                                             is to use of a Virtual Private Network
manipulation. The social engineer is able                                                (see above).
                                             (VPN) protocol, a method that involves
to take advantage of people to obtain
                                             encrypting the data in each packet as
information with or without the use of
                                             well as the source address using
                                             encryption keys that a potential attacker
4                                            doesn't have. The VPN software or
    Wiley, ISBN 0-471-23712-4                firmware decrypts the packet and
                                             source address, and performs a
                                                                                                        About the author
                                             checksum. The packet is discarded if         N. Nagarajan CISA joined the Office
                                              either the data or the source address       of the Comptroller and Auditor
                                                  has been tampered with.                 General of India in 1989, and is
                                                                                          presently employed as Senior Deputy
                                                                                          Accountant General in Mumbai. In
                                                                                          addition to his wide experience in
                                                                                          auditing IT (particularly in the field of
                                                                                          Electronic Data Interchange) and in
                                                                                          training staff in IT audit skills,
                                                                                          Nararajan has also worked as a
                                                                                          developer of pensions systems.
                                                                                          Nagarajan's international work
                                                                                          includes audit assignments at the
                                                                                          United Nations in New York, and a
                                                                                          two year secondment to the Office of
                                                                                          the Auditor General of Mauritius
                                                                                          where he was involved in training
                                                                                          staff and in the audit of EDI systems
                                                                                          operated by the Customs
                                                                                          department. Nagarajan has been
                                                                                          published in a number of international

To top