Tuesday, September 29, 2015

The hacking cycle



At the FBI InfraGard seminar today in Dania Beach, I learned a lot about the current state of hacking. Of course, I’ve learned a lot over the years as I write about Steve Levitan, a (somewhat) reformed hacker who solves crimes with the help of his golden retriever, Rochester.  But it’s always great to have things presented in a simple, digestible way.

One of the presentations covered the hacking cycle, which I’ve recreated here. (Note: all errors are my own, not those of the presenters!) Interesting note is the evolving nature of threat attackers – the bad guys innovate faster than the good guys.

The Hacking Cycle

Research

The first step. The hackers are interested in a particular company or industry, but need to figure out who to target and how. They use corporate websites to get employee names—sometimes high-level employees like the CEO or CFO, but also they might go after someone like an executive’s admin, because that person often has the same access to information that the boss has.
They search through social media to discovering personal information about the targeted employee. Since email is the biggest way that hackers get access to an organization’s system, their goal is to construct an email that is tailored enough to the individual that it seems reputable and makes him or her willing to click on a link—which then leads to the next step.

Infiltration

The act of actually getting the hacker’s software into the organization’s system, allowing these outside agents access to your server and data.

Discovery

Once the hacker gains access to the organization’s system, he may take some time to snoop around at what’s in the environment and how he can use it. Perhaps the data is contained in a particular brand of software or type of database. The hackers can put up a bid for a specialist in that on the dark web. More and more, hackers are specializing in specific areas, and then collaborating on projects.

Capture

Actually getting into the appropriate database or  finding the data within the system

Extraction/damage

Removing the data or causing harm to the system

Monetization


Selling the data that has been stolen or collecting payment for the hack.

I learned a lot more at the seminar which I'll be posting in the future. For now here's a link to Infragard: https://www.infragard.org/