The various ways and means of an intruder attacking your system are endless. The attacker could be a White Hat hacker who is merely curious about system security and spends their time finding new exploits in computer Operating Systems, however a Black Hat, or malicious hacker may have an agenda all of their own.
The agenda of the hacker is the most important key in this type of investigation. Prevention and apprehension is the other. Optimal Intelligence Investigators will audit your home or business network for known and unknown vulnerabilities and provide a comprehensive report in effort to rectify the miss-configuration.
Even the avid computer user may find their system appears to be functioning properly, however more often than not, vulnerabilities prevail – giving attackers free reign over your networks without the victim even knowing. Optimal Intelligence investigators posses the knowledge and expertise in identifying these exploits and implement proper IT protocols to prevent future vulnerabilities. If in-fact and intrusion has occurred, our staff will respond immediately to preserve evidence of the attack and begin an investigation in effort to identify, locate, and apprehend the suspect.
Methods of Network Intrusion
Trojans and Viruses:
Sent via eMail or on-site, override exploit detection systems.
Data passing on Ethernet or Wireless networks can usually be intercepted. This is done by making use of a protocol analyzer, which sets the network card to promiscuous mode – meaning that it is able to pass all data on the network to the operating system without filtering. Passwords are typically “sniffed” off clear text protocols. Such protocols include Pop3, FTP and Telnet. In these cases, passwords flow through the network without making use of any encryption.
In some cases, intruders do not need to decrypt the password. They can use the encrypted form instead in order to login to systems. Tools are also available to make this kind of attack easier. This kind of attack is very popular against web applications.
Password File stealing:
System passwords are usually stored in files or in the Windows registry. On Windows NT 2000 and XP, the passwords are stored in encrypted form on the SAM file. On UNIX systems the password is usually stored in the /etc/passwd or /etc/shadow. Once an attacker gets his hand on the password file he can launch a dictionary or brute force attack against the encrypted passwords.
A very well known and traditional password stealing attack is dubbed “shoulder surfing” – which is basically when an intruder watches someone type in a password. Observation can also be done by going through a victim’s personal objects. Typically passwords are written on small pieces of paper – and can also be written on sticky notes attached to the monitor itself!
Many successful hackers and attackers make use of human weaknesses – one such well-known hacker is Kevin Mitnick. A common technique is to simply call the user and say, “Hi, this is Bob from the MIS Department. We have problems within the network and they appear to be coming from your machine. Can you give me your password?” Many users will happily supply this sensitive information without thinking twice.
Sometimes it is not even required to guess the passwords, since the system would have default passwords put in by the system vendor. A lot of network devices such as switches and hardware routers will have default passwords allowing an attacker to easily gain access.
Port Scanning is the most common choice of attackers to find random vulnerabilities in Network Operating Systems. The attacker uses automated software that enables a remote system scan of the target network. These scans provide the attacker with known vulnerabilities and their associated means exploitation.
Several Spyware applications can be purchased for as low as $29.00. These applications, once loaded on the target machine, all key strokes, applications, emails, and Internet Chats are recorded and remain on the machine until the attacker has time along with it to retrieve the data – OR these data files containing the captured information can be eMailed by Optima Global Investigation to a predetermined eMail.