Wednesday, September 14, 2011

How hackers find their targets

The rash of large-scale data breaches in the news this year begs many questions, one of which is this: how do hackers select their victims?

The answer: research.

Hackers do their homework; in fact, an actual hack typically takes place only after many hours of first studying the target.

Here’s an inside look at a hacker in action:

  1. Using search queries through such resources as Google and job sites, the hacker creates an initial map of the target’s vulnerabilities. For example, job sites can offer a wealth of information such as hardware and software platform usage, including specific versions and its use within the enterprise.
  2. The hacker fills out the map with a complete intelligence database on your company, perhaps using public sources such as government databases, financial filings and court records. Attackers want to understand such details as how much you spend on security each year, other breaches you’ve suffered, and whether you’re using LDAP or federated authentication systems.
  3. The hacker tries to identify the person in charge of your security efforts. As they research your Chief Security Officer or Chief Intelligence Security Officer (who they report to, conferences attended, talks given, media interviews, etc.) hackers can get a sense of whether this person is a political player or a security architect, and can infer the target’s philosophical stance on security and where they’re spending time and attention within the enterprise.

No comments: