How hackers pick their victem

[embalmedlenin]

I've always wondered how does a hacker choose his victem. Is their a typical set of steps they go thru or a tool they use to scan ips or is it they sortof fall upon your machine.

[knoledgesponge]

Proper Term: Cracker

These kinds of people usually just go for the easiest target, that simple. Most "hacking" nowadays is no more difficult than telneting somewhere, or sending them a game in an email. IPs can be found by social engineering, IRC, direct connections and numerous other ones

[j3r]

Yeah, pretty much what knoledgesponge said.

By one definition, most "breakins" are by Code Red, etc. Those programs just choose IP addresses at random, then try to exploit them using the same exploit they used originally.

For a less automated approach, people scan random IPs and look for vulnerable hosts. Extortion crackers ("I have noticed some security holes on your network. It would be horrible if your accounting records were erased and your customers' credit card numbers were posted in IRC. Would you like to hire me as a security consultant?") use this kind of method.

On the other hand, some people pick their targets for non-technical reason (they've been paid to do corporate espionage, the victim is a spammer, they disagree with the victim's political opinions, they want to steal from the victim's customers, etc.). These are the ones you rarely hear about, and also the ones who are really dangerous.

[Tiger Shark]

Sponge: While you are right for the majority of cracks you have to remember they are carried out by skiddies who are looking for a target, any target, to crack.

With regard to the people who actually "chose" a specific target the reasons are myriad - political difference, hatred of a given race, creed, religion.... etc. etc. etc. The motivations are too many to list.

The method is usually the same, (generally speaking). They need information, where are the "enemy", what can I find out about them generally etc. This is the footprinting phase and can take literally months if the chap is determined and wants/needs to do a good job. The reconnaisance can be very thorough and may include some social engineering to glean data that might not be publicly available. Slow and deliberate scanning of the available networks, careful taking apart of web sites etc. etc. etc all figure into this.

By the time the person is ready to attack he knows exactly where he will attack, what OS, version, patch level, application and results. Then the attack takes place.... Usually in a few seconds. The "dirty work" gets done, web page defacement or whatever. Cleanup then takes place - delete logs, or better yet delete the log entries that apply to him leaving the rest intact and then leave.....

All in all, those people who select their targets are formidable and talented adversaries, (i'm not speaking to their ethics you'll note... ), the skiddies..... Well...... I'll plead the 5th thank you.....

[neohunk]

wait till i pray upon u & u will come to know
i think they try & guess only that where they can go

[Lord Viczerez]

[Most "Hackers", mainly "script kiddies", go after the easiest targets...systems that don't take much effort. Then u have the hackers w/a purpose who attack oppressive gov sites like one's belonging to China, India, etc.]

[Emperor Viczerez]
[Lord of the Viczerian Empire]
[LordViczerez@yahoo.ca]

[n01100110]

[Most "Hackers", mainly "script kiddies", go after the easiest targets...systems that don't take much effort. Then u have the hackers w/a purpose who attack oppressive gov sites like one's belonging to China, India, etc.]

Most people that would do such a thing are trying to get a message out, or are disgruntled in some way, orrr are just some skiddiess scanning subnets for vulnerable systems.. Most "Hackers" in the true sense, wouldn't waste their time with such a thing unless they are hired to find the security holes and plug the systems..

[bpiedlow]

Just because I haven't seen it mentioned I thought it'd be worth mentioning...

One of the most common reasons I hear about for personal machines being hacked, is due to a shared interest in an internet based game. Or more specifically due to offending someone who plays the same online games...

Back when I was playing EverQuest - or EverCrack as we more commonly called it i heard of hundreds of players getting their machines hacked/cracked in one way or another. I personally even knew one person whose machine got owned to the point the cracker even popped up a dialog box on the persons machine to talk smack to him - even going so far as to tell him what 'group' had hired him to do the cracking - before trashing his PC to the point of needing to reformat.

Poor guy hadn't followed my advise of installing zonealarm - I had been preaching on multiple of group's game boards about the importance of running a firewall, he just happened to be the only one who found out first hand why...

I hear about many occurances very similar to this revolving around other internet based games also...

RRP

[sysmin770]

I think that it is good to note that there are many different types of attackers with varying skill levels. Lower level attackers will just look for targets of opportunity, while skilled attackers will go after a specific targets for different reasons political, monitary, or other reasons known only to them. There is no one group of people called "Hackers" besides, most people use the term Hacker wrong anyway. I love how people just throw that term around.

[knoledgesponge]

Its not too hard to get a pop up on their computer, any basic trojan can get dialog box to talk smack through, like any other direct connection...