At the FBI InfraGard seminar today in Dania Beach, I
learned a lot about the current state of hacking. Of course, I’ve learned a lot
over the years as I write about Steve Levitan, a (somewhat) reformed hacker who
solves crimes with the help of his golden retriever, Rochester. But it’s always great to have things
presented in a simple, digestible way.
One of the presentations covered the hacking cycle, which I’ve
recreated here. (Note: all errors are my own, not those of the presenters!) Interesting
note is the evolving nature of threat attackers – the bad guys innovate faster
than the good guys.
The Hacking Cycle
Research
The first step. The hackers are interested in a particular
company or industry, but need to figure out who to target and how. They use
corporate websites to get employee names—sometimes high-level employees like
the CEO or CFO, but also they might go after someone like an executive’s admin,
because that person often has the same access to information that the boss has.
They search through social media to discovering personal
information about the targeted employee. Since email is the biggest way that
hackers get access to an organization’s system, their goal is to construct an
email that is tailored enough to the individual that it seems reputable and
makes him or her willing to click on a link—which then leads to the next step.
Infiltration
The act of actually getting the hacker’s software into the organization’s
system, allowing these outside agents access to your server and data.
Discovery
Once the hacker gains access to the organization’s system,
he may take some time to snoop around at what’s in the environment and how he
can use it. Perhaps the data is contained in a particular brand of software or
type of database. The hackers can put up a bid for a specialist in that on the
dark web. More and more, hackers are specializing in specific areas, and then
collaborating on projects.
Capture
Actually getting into the appropriate database or finding the data within the system
Extraction/damage
Removing the data or causing harm to the system
Monetization
Selling the data that has been stolen or collecting payment
for the hack.
I learned a lot more at the seminar which I'll be posting in the future. For now here's a link to Infragard: https://www.infragard.org/