How does one company or one Web site find itself the subject of a hack, while others escape? In this tip, excerpted from Intrusion Detection by
The first step in a system hack is to decide which system to attack. Two major attack motivations become apparent at this stage of the attack. In the first, the motivation is entertainment or challenge, and the victim selection is almost random. Here the attacker (or a group of cooperating hackers) might use vulnerability scanners to search part of the IP address space, recording hosts that have security vulnerabilities. A subset of the process involves the user of war dialer software to identify dial-up network connections. War dialers sequentially dial ranges or lists of telephone numbers, noting those that are connected to modems.
The second motivation for selecting a hacking target is self-aggrandizement or other tangible incentives (including intellectual property theft and discovery of sensitive information). Here the targeting of the victim is much more focused, with the attacker gaining knowledge of the victim system through research and information collection. This is usually followed by a more deliberate search and seizure of the desired information.
The motivation for targeting your site can include the following:
- You may be in business competition with the hacker or an entity that has employed the hacker.
- The hacker may have some personal interest in your site, for example, a relative who is an employee of your firm, or a fascination with a product your organization produces.
- Your site may have an odd or amusing domain name.
- Your site may have received press coverage.
- Your organization may be located in a political or ideological matter of interest to the hacker.
Related book Intrusion Detection
By Rebecca Gurley Bace
This comprehensive guide to the field of intrusion detection covers the foundations of intrusion detection and system audit. Intrusion Detection provides a wealth of information, ranging from design considerations and how to evaluate and choose the optimal commercial intrusion detection products for a particular networking environment.
This was first published in November 2000