How Hackers Identify And Attack Their Victims
Internet has become a huge part in today’s society. Everybody uses it for many different purposes. Whether it is for job or for fun, your life almost revolves around it, and with the increasing amount of things you can do online, many have the tendency to ignore -at a certain degree- how exposed they actually are to possible attacks. Thanks to the fact that many ignore that, hackers have “free way” and take advantage of those who do not pay much attention to their internet security, or, for some reason, got unprotected.
Read Also: Identity Theft: Damage Control
First, you should know what a Hacker is.
Hackers are people that commit illicit activities, operating through electronic devices for many types of purposes:
- To find sensitive information such as credit card numbers, your bank account or your Social Security number.
- To have complete access to databases, websites, web servers, and other network resources.
- To spread viruses on computers.
- To fool Operating Systems.
- To take down websites.
- To steal identities.
- To take control over personal computers in order to hide their actual location and identity while committing a cybercrime.
“The biggest advantage hackers have is anonymity; no one is ever sure of who can be found on the other side of the screen”
That last point has a lot to do with possibly the biggest advantage hackers have, which is anonymity; no one is ever sure of who can be found on the other side of the screen. Since virtually everyone with a connection (wireless, or not) can access the World Wide Web, a virtual crime of that kind can be executed even from a foreign country.
Now, one important question: How do hackers identify their victims?
The answer is: researching.
By using different types of sophisticated hardware and software, they are able to scan thousands of computers at a time. Those softwares allow them to find vulnerable ports through which they can start the hacking process. Such attacks tend to take place after a time of target’s vulnerability research.
First, the hacker will create an initial map of the target’s vulnerabilities, focusing on platform version and usage. They could also fill out the map with information taken out of public sources such as government databases, financial filings and court records.
By doing so, hackers find out what your level of security is. For companies, they are most likely to look for previously suffered breaches, or to find out whether you’re using LDAP or federated authentication systems. Some hackers might also try to hack partners, customers and suppliers, since they could be easier to attack. Think of it as a form of “small to big” kind of attack. That kind of information is usually found on job sites, corporate career sites, and even basic search engines such as Google; it will depend on how safe your information is.
Now, the hacker is able to perform the attack. But… how do they attack their victims? It will depend on the type of hacker, and the purpose of the hack. Some of the most common types of attacks are done by:
- Creating fake wireless access points to receive unprotected data that the victims, without knowing, send to the remote hosts in clear text. They could be even receiving your passwords.
- Stealing Cookies, so they can freely log in to your websites as if they were you the one who supplied a username and password. To this, the best answer is to use the latest crypto cipher, or to disable certain features that people do not use any longer.
- Using fake names on files in order to trick people into thinking that is something different. Some computers change or hide a file’s extension, so it is better to search for the real name of the file before opening it.
- Changing, placing or replacing files, usually with the same name as built-in features of the computer. With this file location trick, they create a malicious identical file and hide it in the current directory or your home folder, so when you just execute it, it will run the infected copy instead. This is an easy way to use a computer’s own operating system against itself.