Tuesday, January 11, 2011

COMPUTER ATTACKS: HACKERS

Commentary: This is the first in a series of four posts on Computer Attacks. This post focuses on hackers and their practices.  The notion is that if you want to stop a hacker then you need to think like a hacker. This post details the approach hackers use. 

The Computer System Hacker

Security is always a concern in software and operating systems. The structure of the operating system is critical to security. Microsoft divided their operating system into three components; command.com, MSBIOS.sys, and IO.sys files in order to make it easier for users to install peripherals and configure the system. Dividing the operating system into three components created vulnerabilities that permitted a virus and hackers to bypass the command.com file and access the system resources directly. Hackers and mal-contents wasted no time exploiting this vulnerability.  Microsoft has been chasing its proverbial tail on this problem with so many different viruses circulating today.

Hackers come in a variety of styles and flavors from the teen re-coder to nation states battling on the World Wide Web. Even the militant combatants, terrorists or individuals acting on their self interest,   have found the hacking to be an effective instrument in an asymmetric warfare campaign. The goal is for a relatively low cost and effort to cause the target, usually a nation state or large corporation, to spend millions, if not, billions countering the threat. This has the potential to economically exhaust the target and distract it from other more productive efforts. Thus, given a basic understanding of how the threat operates will yield insights into how to diminish their impact. However, keep a few things in mind:
  1. Almost all hacking requires physical access at some early point in the process in order to seed the system or to plant back doors. Therefore, physical security and monitoring is very important.
  2. Almost all advanced or experienced hackers go unnoticed for extended periods of time.
  3. Attacks are rarely temporally cohesive meaning they can be low and slow or erratic with respect to time appearing as noise or buried in the noise.
Hackers employ a series of nine steps when attempting to exploit vulnerabilities throughout the networks (McClure, 2009). According to McClure, who wrote a series of Hacking Exposed books, these nine steps are:
  • Foot Printing: An information gathering process that targets a range of addresses and\or naming structures in order to map a network.
  • Scanning: A focused assessment of listening ports and services to seek the most promising avenue of attack.
  • Enumeration: More intense and intrusive probing begins as user accounts and vulnerable shared devices are discovered.
  • Gaining Access: Enough data has been collected to make an informed attempt to access the victim systems.
  • Escalating Privileges: If the initial access was gained by a user level account, attempts to gain administrative control within the immediate system are made.
  • Pilfering: The attacker seeks to gain complete control of a system by gaining greater access to trusted systems.
  • Covering Tracks: Once complete control is obtained, the attacker seeks to hide his work from the system administrators by clearing logs and hiding tools.
  • Creating Back Doors: At will access is laid through out the information system to ensure that privileged access is easily regained. This involves rogue user accounts, batch files, trojans, remote control services, Bots, other virus programs etc…
  • Denial of Service: The attacker may decide to disable the victim for any justification. Numerous DOS methods exist and most of the data for such an attack is discovered in the footing-printing, scanning, and enumeration steps.
McClure remarks that defending a system involves detection, identification, and suppression of the threat. Understanding the mind of the ‘Bad guys’ is essential to countering their assault. Therefore, to know the vulnerabilities, methods, and processes used is imperative to expose and stop the attackers in the early stages of the assault.

CommentaryThe mindset of the hacker ranges from intellectual curios rebels to outright militant combatants seeking means to deter, deny, disrupt, and/or destroy their target's efforts. At one time, I tracked hacker groups. I also studied methods and technologies that could be exploited.  In extreme malicious efforts, it is possible through code to shutdown the CPU fan then run a high load on the processor causing it to heat and simply burn up. Cooling of the CPU is extremely important. Fortunately, many manufacturers use large heat sinks that can prevent the CPU from detonating without the fan running. However, in an over-clock situation that may not be the case since over-clocking will most likely require enhanced cooling. In order to over-clock a system the mal-content would need access at the board level in order to set the CPU clock speed jumpers. So physical security is essential. A disgruntled employee or service technician may be a typical culprit of such as act. System security and integrity checks, both physical and virtual, is essential to defending the informations systems. Typically, a trilogy of administrators, technicians\coders, and security inspectors  each having limited access is necessary for a system of checks and balances in the security system. 


Note: Over-clocking is a technique to gain higher speed performance out of a system. It often involves more than over-clocking a processor. System over-clocking requires adjustments to RAM and board speeds in order to keep everything in sync to the timing diagrams.  When over-clocking precision and accuracy are diminished. Also the cooling efforts dramatically increase. Over-clock saw its greatest gains when processors and boards were much slower than today. Over-clocking earlier technology often saw exponential speed gains. Processors and board speeds at the time of this post are approaching the limit where gains in speed are becoming negligible, processing is achieving near real-time capability. 

Reference:

Englander, I. (2003). The Architecture of Computer Hardware and Systems Software: An information Technology Approach. (3rd ed.). New York: John Wiley & Sons Inc.

McClure, Stuart, January 2009. Hacking Exposed 6, Mcgraw-Hill Company, ISBN 9780071613743

Other posts in this series

COMPUTER ATTACKS: HACKERS

COMPUTER ATTACKS: VIRUSES

COMPUTER ATTACKS: PROBING PORTS

COMPUTER ATTACKS: TCP/IP SECURITY

No comments:

Post a Comment