August 23rd, 2002 01:49 PM
A Professional Hack
What separates a "newbie" and an "experienced" hacker is defined by two ideas: finding/researching security flaws in a target system, and hiding one's location. For many, its a simple matter to hack a computer - run a scanner, get an exploit, and break in. But alas, this is (ironically) the least secure methods of hacking. You leave your IP address all over your actions, and its a simple matter of asking your ISP "who was where on this date".
So what would make a hack (more) professional? A professional would do all they could to keep themselves from being traced. Once you're caught, that's Game Over. You're in the slammer for life, and there's very little you can do about it. So experienced hackers employ a few trick to hide their location; Lets examine them:
There's two ways of hiding yourself on the 'net. The first way is through phone bouncing and the second is through computer/box bouncing. Imagine this example:
Joe Hacker was payed by Company Y to hack into company X. Joe doesn't want to live in a jail and "drop the soap," so he tries to hide his location. He will do the following things (in this order)
1. Find a good spot to connect his laptop to the phone network. Laptops are portable and allows Joe to flee the scene if anyone suspicious comes along. The phone network lets Joe connect to a phone-based ISP. The phone network also allows Joe to do a few other tricks...
2. Fire up a wardialer and search a block of phone numbers. When you call a phone number, often you'll get a ringing noise on the other end (duh). But sometimes companies will leave certain phone numbers for outgoing phone calls, so when Joe calls one number, he can then call another number immediately. Its the same idea as using your phone card to call one place after another. Joe is also a smart kid - he'll scan 800-numbers so that he can call anywhere in the world, without having to pay long-distance bills.
3. Find a free ISP-account (such as NetZero) to use for their 1st hacking attempts. Joe would like to have tons of cracked ISP-accounts for later, but he can't hack the ISP without being on the internet. Problem? No, because certain ISPs, such as NetZero, let you on for free, giving Joe the time he needs to safely find a few vulnerable computers and hack into other ISPs.
4. Scan the internet for vulnerable computers and anonymous proxies. These serve to hide Joe's IP address over the internet, else Joe's target may call Joe's cracked ISP, which in turn calls Joe's phone company, and then things get much harder for Joe. So by using computers to bounce his packets off of, Joe can effectively hide himself on the internet.
---Note--- Joe bounces his call around the phone network to hide his "real" location. Joe bounces his attack around the internet to hide his "virtual" location. Tu comprendes?
5. Carry out the hack. Joe has effectively hidden himself on the internet, and now carries out his attack on Company X. Its game over, because tracing Joe would reqire assitance from the ISP, the phone company, and possibly the police in Joe's area (quite a massive undertaking).
In conclusion, what do we learn from Joe's actions? We learn that being completely anonymous on the internet is impossible, but we can get pretty close to it. Such a hack would require skill in areas other than computing, such as phones (called "phreaking"). Learning this much requires skill, no questions asked. But most importantly, we learn that covering your tracks is all important. Once you're compromised, its Game Over. You can't come back from something like that.
Stretch your MIND