We often hear it and today was no different, some site that got attacked or defaced or some other thing and they announce, “We were hacked.” This time it’s the fox news twitter feed which Monday was compromised to announce that President Obama was killed. Of course he wasn’t and of course this was no hack.
This is just that someone got the password and username of the twitter feed. The most likely means of doing that are either a phishing email, or the account was compromised somewhere else and the user used the same password in two places, the user just used a stupid password and someone guessed it or it’s actually a disgruntled employee and we all know the percentages there I hope.
Another one we hear all the time is someones game account gets hacked and that is also a crock as it’s just that one user getting compromised so again, probably phishing or in the case of kids, they told someone else their password.
Now the attacks on Sony lately using sql injection is a case of a hack. So what is different. Well for one a hack means an active attack by the attacker. It’s not a virus or worm. It’s not someone calling you up and asking for your password, or email asking you to log into a fake web page. Social engineering is not hacking. It means the hacker has probed the target, done some looking at what ports are open, what software is running and what vulnerabilites the software has.
Then the attack, either by getting a user account on a wen server or just visiting the web server and using the vulnerability to get more access to the server then the owner intended. With sql injection it means using badly written web application and database code. SQL injection works because it allows the user to either get the database to dump itself onto the web or by making it think you are the administrator and letting you do as you want.
Other attacks involve badly configured web servers that allow user to just read everything on the computers file system. You then get the password files and after grinding the passwords out you login as root and all your base are pwnd. Other means are things like the buffer overruns and other types of introducing data into the software that breaks it in a way that lets the attacker gain control of the server. If you can overrun a buffer with data that the broken server then runs as code you can get it to do things for you.
There are other issues as well, such as poorly configured servers with open file sharing or shell access, no or poorly set up firewalls and web servers set up too open and allowing file system access. All of these require the attacker know what to do and how to do it. Or the person who made the script being used.
A lot of attacks are made not by the person who discovered the particular attack and vulnerability. Servers like Windows Server 2003 if not patched were made by people so have bugs. If not patched when vulnerabilities are found means that the server can be attacked and who can attack them all? So scripts are made, money exchanged and we get the well named script kiddies who then cause chaos.
Sometimes you hear of a determined attack. Where the attacker spent a long time probing, prodding, peeking into corners. Then they try known vulnerabilities and sometimes with small successes, but they keep pushing and learning the system. At the same time they have probably mocked up the target and are checking what versions are installed by comparing results. They flood both systems with attacks until they discover the weak link in the armor of the target. Then using that they compromise the system and they are in.
Now if they are after something specific they grab it and go but normally they don’t. They want more so first thing put in a back door or ensure that another means of access is available. If the owners find the machine is compromised the attackers want a way back in. And then they want to cover their tracks so no-one knows they have been in. Then to copy off files generate normal looking traffic but hide their off loads within that traffic.
So what is a hack? It’s a manual attack by a skilled attacker with some amount of skill. The more skill the harder it is to keep them out. It is thought that no system is complete immune to attack by a highly skilled attacker. But a hack doesn’t rely on tricking a user to let the attacker in. Social engineering can be involved to get information but generally if the attack is social engineering it’s not considered a hack. And a worm, virus or malware like a key logger unless placed there after the hack are not hacks.
- Previous Post (echlinm.wordpress.com)
- Fox News Twitter account hacked, reports Obama shot dead (geek.com)
- Fox News Twitter account announces Barack Obama dead after hack (nakedsecurity.sophos.com)