°Û °Û ÞÜ ±Û °Û °Û ÜÛÛ ÛÜ ±Û ²Û°ÛÛÛÛß°Û ÜÜÜ ±Û ÜÜ ÜÛÛÛÜ°ÛßßßÛ°Û °Û ÛÛ ° ÛÛ±Û ±Û ÛÛ ±ÛÛßßßÛܱÛÛßß°ÛÜÜÜß °Û°ÛÛÛ ÛÛ ° ÛÛ±Û ±Û ÛÛ ±Û °Û±Û °ÛÜ °ÜÛßßÛ°Û °Û ßÛ ÛÛß °ÛÛÛ ßÛÛÜ°ÛßÛÛÛÛß±Û °ÛÛÛß°ÛÜÜÛ²°Û °Û Outbreak Magazine Issue #10 - Article 16 of 18 '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~' ------------------------------------------------------------------------------------------ Corporate Intrusion: How an attacker gets in By: Turbanator ------------------------------------------------------------------------------------------ I would first like to start off this text by stating that I in no way endorse the use of the methods contained in this text file to be used in ANY illegal activity, this is simply for informational purposes. -=I. Choosing the victim=- When a hacker attempts to infiltrate any system, weather it be through social engineering or through computer means, they most of the time choose their targets carefully, and for some unknown (at least to the victim) reason. Most hackers, at least the "leet" ones, wont simply go out and randomly choose some company to attack just because they don't like their website layout. -=II. Probing the victim=- Now that the hacker has chosen his designated target, he can begin to look for any weaknesses the victim may have. The attacker can find out as much info on any of the employees in a company as possible, then use that information in a process known as social engineering. When a hacker is social engineering, he will most likely speak in a calm monotone voice, and use words with complicated meanings, and repeat his "given instructions" to give a sense of authority over his victim. Once the hacker has extracted the information he needs, he then proceeds to use it in the correct way. -=III. Probing the corporation=- Once the hacker has the information he needs, he can then use it accordingly on the target corporation. Normally the hacker will play around with them for a bit, to see what the employees are actually like, and get to know their strengths, and more importantly, their weaknesses. If someone at the front desk, or even in the high level offices has given out personal information about thing they like, things they hate, etc. to someone they "know," then they have most likely been a target for an attack at one time or another. Just because you've talked to Jim in accounting in the 34th cubical on the 4th floor a couple of times, doesn't mean he is your friend, and a hacker will most likely pose as Jim, so that he can become your "friend" and get the information he wants out of you. -=IV. Testing the information=- With his newly accuired sensative information, the hacker then proceeds to find a major, yet unknown weakness in the corporation, and exploit it. So with his new passwords the hacker looks around the company web site for an "employees only" login prompt. Bingo, its cleverly hidden at http://www.victimcorp.com/employeelogin.htm. Now he can access some of the internal networks of the corporation, exposing sensative information, while posing as Jim from accounting in the 34th cubical on the 4th floor, even though Jim is out sick with the flu this week... -=More to come!=- With me being my lazy self I didnt have enough time to write as much as I originally wanted to, so look for "Corporate Intrusion: Part 2: Congrats! Your hacked!" soon. ------------------------------------------------------------------------------------------ This text file was written by:Turbanator For:Outbreak The author can be contacted at:turbanator2k2@yahoo.com, AIM=Turbanator2k2 ------------------------------------------------------------------------------------------