When you think of security, it's a good bet that some of your thinking drifts to hackers and crackers. These are both security threats that you have to take into account. But do you know the difference? Well, some people do, and although many of them don't want their names bandied about, as is the case with the author of this tip, they can tell us much about the shadowy hacker community, and other security threats as well. This tip defines the difference between hackers and crackers, and discusses some simple things they can do to get inside your systems.

To understand the methodology of a hacker or cracker, one must understand what a hacker or a cracker is. Internet enthusiasts have argued the difference between hackers and crackers for many years. [Here's] my contribution to that debate.

If I were forced to define the terms hacker and cracker, my bottom line would probably be this:

• A hacker is a person intensely interested in the arcane and recondite workings of any computer operating system. Hackers are most often programmers. As such, hackers obtain advanced knowledge of operating systems and programming languages. They might discover holes within systems and the reasons for such holes. Hackers constantly seek further knowledge, freely share what they have discovered, and never intentionally damage data.
• A cracker is one who breaks into or otherwise violates the system integrity of remote machines with malicious intent. Having gained unauthorized access, crackers destroy vital data, deny legitimate users service, or cause problems for their targets. Crackers can easily be identified because their actions are malicious.

Additionally, it should be mentioned that there are two major types of crackers. The first is fortunately few and far between. They are the expert crackers who discover new security holes and often write programs that exploit them. The second type, the script kiddie, only knows how to get these programs and run them. Script kiddies are more numerous, but much easier to stop and detect.

Tools of the Trade

The "tools of the trade" are the means a cracker or hacker might use to penetrate your network. Some of the tools covered are programs, and some of these tools are techniques.

Reconnaissance

When most people hear the word reconnaissance, they think of spies and the espionage world. Although that community does indeed use reconnaissance, so does the cracker community. What is reconnaissance, and why do crackers use it? Reconnaissance is the process of gathering information about specific target(s). When a good burglar decides to rob a house, he will scope out an area to see how often neighbours, cops, and other traffic passes through. This gives the robber a good idea of the best time of day to attack. The same basic philosophy holds true for a cracker when she wants to attack a network or Web site.

When a cracker decides she wants to attack a network, there are many "recon" tools at their disposal. Let's look at a few of them and see how they work.

Social Engineering

The first and probably the most underrated tool available is social engineering. Social engineering involves tricking, conning, or manipulating people into providing information detrimental to a company, organization, or a person. This type of information can be used to help plan, organize, or execute an attack.

NOTE: Ira Winkler's excellent book Corporate Espionage (Prima Communications) covers social engineering, along with many other tactics used in obtaining information. It also discusses how to protect yourself against these types of attacks. For more on Ira, you can go to http://www.annonline.com/interviews/970512/. Another good book on social engineering is The Art of Deception (John Wiley & Sons) by the famous cracker Kevin Mitnick.

How does social engineering work?

A good example is through a help desk. Cracker A wants to attack ABC123 Inc., a computer software company, and therefore wants to find out usernames, passwords, and maybe even some security measures ABC123 has in place. He begins by calling ABC123's main number, explains to the secretary that he is new to the company, works offsite, and needs the help desk number in order to set up his account and password. The secretary provides him with the number. Cracker A then calls up the help desk number, explaining the situation to the person on the phone and asks for a username, a password, and how he can get access to the network from the outside. Help Desk Worker B happily provides this information within seconds, not once questioning his request. (Why not? Most help desk operations I have seen stress customer service — "Remember: Never anger a customer.")

This simple scenario can provide the attacker with enough information to make an attack much easier to pull off without being detected. Other techniques that are related to social engineering are:

• Dumpster diving - A person goes through a dumpster or trashcan looking for trash that contains information, such as an IP address, old passwords, and quite possibly a map of the network. Although this technique is often a dirty one, it is very effective.
• Impersonations - A cracker pretends to be someone important and uses that authority to obtain the information she is looking for.

These social engineering techniques are effective, and there are many more that are beyond the scope of this book. Keep in mind that people still use these techniques, and they are a threat to both you and your company's security.