Criminals use many methods and tools to locate the vulnerabilities of their target. The target can be an individual and/or an organization.Criminals plan passive and active attacks.Active attacks are usually used to alter the system, whereas passive attacks attempt to gain information about the target. Active attacks may affect the availability, integrity and authenticity of data whereas passive attacks lead to breaches of confidentiality.
In addition to the active and passive categories, attacks can be categorized as either inside or outside. An attack originating and/or attempted within the security, perimeter of an organization is an inside attack. it is usually attempted by an "insider" who gains access to more resources. than expected. An outside attack is attempted by a source outside the security perimeter, maybe attempted by an insider and/or an outsider, who is indirectly associated with the organization, it is attempted through the Internet or a remote access connection.
The following phases are involved in planning cybercrime:
- Reconnaissance (information gathering) is the first phase and is treated as passive attacks.
- Scanning and scrutinizing the gathered information for the validity of the information as well as to identify the existing vulnerabilities.
- Launching an attack (gaining and maintaining the system access).
The literal meaning of "Reconnaissance" is an act of reconnoitering- explore, often with the goal of finding something or somebody (especially to gain information about an enemy or potential enemy).
In the world of "hacking," reconnaissance phase begins with "Footprinting" - this is the preparation toward preattack phase, and involves accumulating data about the target's environment and computer architecture to find ways to intrude into that environment. Footprinting gives an overview about system vulnerabilities and provides a judgment about possible exploitation of those vulnerabilities. The objective of this preparatory phase is to understand the system, its networking ports and services, and any other aspects of its security that are needful for launching the attack.
Thus, an attacker attempts to gather information in two phases: passive and active attacks.
2. Passive Attacks
A passive attack involves gathering information about a target without his/her (individual's or company's) knowledge. It can be as simple as watching a building to identify what time employees enter the building's premises. However, it is usually done using Internet searches or by Googling (i,e., searching the required information with the help of search engine Google) an individual or company to gain information.
- Google or Yahoo search: People search to locate information about employees.
- Surfing online community groups like Orkut/Facebook will prove useful to gain the information about an individual.
- Organization's website may provide a personnel directory or information about key employees, for example, contact details, E-Mail address, etc. These can be used in a social engineering attack to reach the target.
- Blogs, newsgroups, press releases, etc. are generally used as the mediums to gain information about the company or employees.
- Going through the job postings in particular job profiles for technical persons can provide information about type of technology, that is, servers or infrastructure devices a company maybe using on its network.
3. Active Attacks
An active attack involves probing the network to discover individual hosts to confirm the information (IP addresses, operating system type and version, and services on the network) gathered in the passive attack, phase. It involves the risk of detection and is also called "Rattling the doorknobs" or "Active reconnaissance."
Active reconnaissance can provide confirmation to an attacker about security measures in place,, but the process can also increase the chance of being caught or raise suspicion.
4. Scanning and Scrutinizing Gathered Information
Scanning is a key step to examine intelligently while gathering information about the target. The objectives of scanning are as follows:
- Port scanning: Identify open/close ports and services.
- Network scanning: Understand IP Addresses and related information about the computer network systems.
- Vulnerability scanning: Understand the existing weaknesses in the system.
The scrutinizing phase is always called "enumeration" in the hacking world. The objective behind this step is to identify:
The valid user accounts or groups;
Network resources and/or shared resources
OS and different applications that are running on the OS.
5. Attack (Gaining and Maintaining the System Access)
After the scanning and enumeration, the attack is launched using the following steps:
- Crack the password
- Exploit he password
- Execute the malicious command/applications;
- Hide the files (if required);
- Cover the tracks - delete the access logs, so that there is no trail illicit activity.