Number 307 - December 2008
Hacking 101
by Marjie Tucker,
Editor,
Macon Computer User Group, North Carolina


   We are being bombarded with warnings about securing our data and the entry to our computers. Do you ever wonder what the big fuss is all about? How can a hacker possibly get into your data? And, what would he be looking for? Let's spend some time answering those questions.

How Does A Hacker Get In To Your Computer?
   When you give your computer access to the Internet, you need an IP (Internet Protocol) address. The IP addresses that we are currently using have 4 octets with periods between them. They will be something like 192.168.100.1. When you access the Internet, that address is read by the router, modem, whatever that links you to your Internet Service Provider. Then it is read by the routers that route all the data through the Internet. This address makes it possible for you to send data, such as e-mail or requests for web pages. And, in turn, that same address is used to direct incoming e-mail and web pages into your computer.

   There are several websites and programs available that will translate these IP addresses into the name of the company that purchased them. In many cases, like our residential usages, the company name will be the ISP. For commercial use, it will be the name of the company that rents the block of IP addresses. Hackers use this IP address information to find their targets much like we use a physical address to find a house or office.

   Once a hacker finds out your IP address it's relatively simple to send your computer a Trojan horse program, spyware, or a virus that will open a port that you usually don't use. Once that port has been opened, he can freely enter into your operating system and browse around just like he was there in person. He would look for programs that store valuable data like social security numbers and credit card account numbers. (Do you have that information entered into your Quicken or Money program?)

   He would look through your My Documents folder for password lists and search your Internet Explorer favorites for financial sites where you saved the username and password. And, before he leaves he usually plants another Trojan horse that will give him the ability to take control of your computer in the future.

Commercial Websites
   The most common way to hack into a company's website through the Internet is by using a Denial of Service attack. These DoS attacks use multiple computers to overload a website with bogus requests for information. The hacker usually creates a Trojan horse program that he sends into the computers of unsuspecting people (remember that program that was left behind when your computer was invaded above?)

   The message that he creates usually contains a header saying that it comes from an IP address that doesn't exist. When he is ready to attack, he calls up all the computers that he infected with his Trojan horse and tells them to contact a specific IP address. Those computers follow his instructions and send his preprogrammed message to that website.

   Servers that control websites always check to verify that IP addresses requesting information or webpage downloads are legitimate addresses. When a server is hit by a bombardment of these false address requests, it tries to track down every one of the fake addresses. Before long the server becomes overwhelmed by the fruitless process and crashes. When it crashes, the website will vanish and the hacker will be given access to a prompt for the server. He can then use Linux or DOS commands to request and view information on that server other servers.

How About Wireless?
   Let's put this hacker into an airport where hundreds of people are sharing a wireless network. It's like leaving a child alone in a candy store. In this case the airport's wireless system usually provides the IP addresses through DHCP and he can easily look at the list of addresses that have been supplied. He can test each of the addresses for available ports and it's quick work to access the most vulnerable. The same principles apply in hotels and restaurants that provide wireless Internet access.

   If you have a wireless network in your home, our hacker can drive down your street using a laptop or PDA to search for wireless networks. This process is called Wardriving. If he finds one that has not been secured at all, he doesn't even have a challenge. If you have added a password, he simply has to crack the password.


What Tools Do They Use?
   It's very easy for a potential hacker to find the tools of his trade. There are many websites that offer program tools and tutorials for using them. Here are some of the (most) popular:

   Anonymizers and Remailers - Anonymizers are online services that eliminate the trail of information that is left behind. These sites use anonymous proxies that a hacker can use to access computers and servers without leaving his IP address on any log. Remailers strip the header off a message and replace it with a meaningless header that can't be traced.

   Command.com - When this command is typed into a server it will basically give you administrative rights. You can then see all the folders and files. It's also very easy for the hacker to create a new administrative account that he can re-use in the future.

   Password Crackers - These programs try random passwords at lightening speeds. They are usually very successful.

   Key Loggers - Hackers frequently install these on computers, especially public PCs. The programs actually record every stroke that you make. Hence, when you type in a username and password, it has been captured.

   Port Knocking - This is a method of externally opening ports on a firewall by mimicking the process you normally use to add a port to your firewall.

   Wireshark - This popular program captures and analyzes the data on a network. It's used by hackers to find information they want and it's also used by network administrators to manage networks.

   Aircrack - This program is used to crack wireless WEP and WPA passwords.

   Metasploit Framework - This is a tool that can be used by hackers to search the Internet for sites that have dubious code. These are the sites that are the easiest to hack - especially when this program does the searching for you.

   Networks identifying the types of data and the internal addresses of this data. It's a valuable tool for administrators, but can save a great deal of time for a hacker.

   NMAP - This is a port scanner. Since a hacker knows that he needs to use a port to access your computer or network, he can use this program to see which ports you have open.

   NetStumbler - This program finds any wireless networks that are in range. Wardrivers drive through residential neighborhoods using NetStumbler to search for available wireless networks.

   Kismet - This program takes NetStumbler one step farther. It searches for wireless networks that are not broadcasting their SSID.

   NSLookup - If you type a domain name into this program, it will give you the company's IP address.

   Traceroute - This is a very valuable troubleshooting tool for technicians. It will trace a packet on its route through the Internet. It shows every IP address it visits along the way.

   Snort - This is an open-source intrusion detection system. It shows traffic analysis and packet logging on networks.

   TCPdump - This is the most widely used network sniffer/analyzer for UNIX networks.

   Net Cat - This has been called the Swiss army program for hackers. It performs many sniffing and cracking tasks.

   This was really just some of the basics. But, if we know why security is so important, we may remember to take the right precautions. Hope your web surfing stays secure.

   This article has been obtained from APCUG with the author's permission for publication by APCUG member groups; all other uses require the permission of the author (see e-mail address above).
  Number 307 - December 2008