Data Security

6. Breaching Security

What is a security breach?


ICO Logo

The Information Commissioner's Office (ICO) defines a data breach or security breach as one that leads ...

"... to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed in connection with the provision of a public electronic communications service."

This means ...

Anything that leads to the loss or unauthorised access to data, applications or services.

Some people also use the term Data leakage to refer to the unauthorised release of data into the outside world.

Methods to breach security!

So there's this organisation you want to get into. Perhaps you've been hired to test the organisation's security (you're a 'white hat' hacker - a goodish guy.) or you want to fix the results of an election say (you're a 'black hat' hacker - a baddish guy). The first thing to think of, is how you're going to do it?

Fortunately, from the thousands of security breaches that have occurred, most are due to a handful of methods.

White hat Black hat

There are lots of sites that list the default settings of devices. If you can discover the manufacturer it's always worth it to try them before attempting a hack which could take many hours.

1. Exploit the Defaults.

Default Settings

Always try the default settings first.

There are sites that detail all default settings used by each manufacturer. These are set by the manufacturer and they rely on the user to change them to their preferred settings on installation.

However users, often fail to change them, either because they don't know how or because they are afraid to, in case they can't get back in. And its not just the password defaults, you need to try. There are all the 'standard' installation locations and folder to try. Unless the user has changed them from their standard places, they are available to attack with tools and exploitation scripts.

2. Steal the Password

Getting hold of a password makes your job a lot easier and as we know by now, there are a number of ways to do this.
  • Try a brute force attack.
  • Try to grab the password as it's passed in plain text if the target uses insecure protocols when web surfing, e-mail, using chat or IM or plain file transfer.
  • Use 'key-logger' software to record the password as its typed in.
  • By observation through 'shoulder surfing' or video surveillance.
  • Discovering if the password is written down.

It's always worth trying to steal the password first. Most users know that they should use long hard to guess passwords. The trouble is, they are always difficult to remember so few follow this advice and if its organisational practice to change passwords frequently the more likely users are to write it down.

Try this at home using airmon-ng and airodump-ng in Kali Linux. Don't forget to load the compat adapter file.

Three main steps to this wireless attack.

  1. Set up the monitoring process on the network.
  2. Disconnect network devices to force a handshake i.e causing the hashed password to be exchanged between the router and the device.
  3. Intercept the hashed password and save it automatically in a file.
  4. Decrypt the hashed password using a brute force, dictionary or rainbow table attack.

Then you’re into the network. Way hey!

3 Wireless attacks

Wireless networks provide an easy entry point to organisational networks. Compared to wired networks wireless networks are relatively insecure. It is much easier for example to mount:-

  • Denial of Service (DoS) attack
  • Hijacking or disrupting the wireless signal.
  • Eavesdropping, sniffing or launching MITM attacks

Wireless networks are extremely easy to establish and with advances in technology, it is now easier than ever for employees to set up their own wireless access point (WAP). If a WAP is connected between an employees desktop and the their wired network, then it would create a wireless gateway into the organisations network, bypassing all their expensive security systems.

A war-drive can easily reveal vulnerable wireless access points. Or a determined hacker could approach a disaffected employee to plug a WAP into the network for him. - just saying, that's all.

4. Trojans

Using Trojans to breach security has proven a successful attack method.

This is where a harmless or even a useful program contains a malicious payload which is unknowingly activated when the host program is installed. Trojans can built by hackers with basic programming skills can fulfil multiple tasks:-

  • Be purely destructive, destroying hard drives and corrupting files
  • Quietly record keystrokes, monitor network traffic, track web usage
  • Duplicate or send emails, transmit data files
  • Allow remote access and control.
  • Launch attacks against other targets.

Commonly Trojan can be hidden seemingly innocuous software like games, screen-savers, greeting card systems, admin utilities, archive formats, and even documents.

Trojan can delivered through e-mail attachments, be presented as a download on a Web site, or it could be placed on a removable media (memory card, CD/DVD, USB drives etc.).

Trojan Horse

Watch and work along with the video. It's best if you have another computer or smart-phone to use so that you can place yourself in the middle between it and the internet.

MITM attacks rely on spoofing; pretending to be something you aren't and so uses tools like ARPSpoofing and ARPPoisoning. These names become clear, when you know that ARP is an abbreviation of Address Resolution Protocol. This method is used to map IP addresses to hardware addresses and the ARPSpoofing tool grabs the IP address of one machine and uses it as the listening machine unknown to the computers at either end.

The basic steps are fairly straight forward.

  1. Find IP addresses: your own IP address, the IP address of the victim and the IP address with whom they are in communication. - In kali Linux we can use a program called NMap to discover these, but if you are using a computer to which you have access to, you can find this out by opening a terminal window and typing ipconfig
  2. Set up your computer so you are in the middle. by
    1. Use APRSpoofing to map the target's IP address to your own. So to the internet server you will appear as the target.
    2. Use ARPSpoofing to to map the internet server's IP address to your own, so to the target you will appear as the server.

    The result is that all data from the server comes to you believing that you are the target and you pass it to the target, pretending to the the internet server, and visa versa.

  3. Use a program like Driftnet to interpret that data now flowing through your machine as the man in the middle.

5. Man in the Middle (MITM) attacks

A popular approach is the man-in-the-middle attack. A MITM attack is where the hacker fools the target user into establishing a connection to a server or service through an object controlled by the hacker.

The object intercepts and misdirects communications from users without the target user being aware of it. A MITM can be:-

  • As simple as a phishing email which directs the target towards a particular URL.
  • A link that sends the user to duplicate of a real site and when the users logs on, records their login credentials.
  • More sophisticated MITM attacks are similar to the above, but the hackers object passes the credentials on to open a link to the real server. This allows the hacker to eavesdrop or possibly alter data as it passes unknowingly through the hacker's server.

In the video below, the author uses Screen and subdivides it into 3 windows using a series of short cuts. If you want to use Screen check out the short cuts at Pixel Beat Screen Short Cuts

You could of course, not bother with screen and open 4 terminal windows and switch between them.

6. Remain Informed

It's an arms race! This is not so much a method to breach security, but for a hacker, a way of life.

Security is constantly improving, patches to known problems are being produced, so for hackers its important to keep up to date with vulnerability research to stay ahead of the game. This involves:-

  • Reading web sites, discussion lists and blogs related to security and hacking.
  • Use the web to actively seek out issues related to hardware and software that could be exploited.
Research the target

7. Research the target

Unlike the movies, hackers take their time discovering as much as they can about the target and who works for them. Much of this information is freely accessible on the internet and includes:-

  • Names of top executives and star key employees from the press and news releases.
  • Company name, address, phone and fax numbers
  • Website address, email and internet service provider.
  • Employee details including names, home addresses, phone numbers, emails, employment history, family members and names, driving history and any criminal records.
  • Technical details like the preferred operating system, major programs, preferred programming languages, preferred devices: Job adverts are a good source for this.
  • Location layout, lines of sight, vantage points, entry points and hidden access points: Building plans, Google Earth & street view are good sources.
  • Web server platform, language and website development environments which can be found from website scanners.
  • Business intelligence including problems with products, issues with staff and company politics from company reviews and competitive intelligence services.

Answers to each of these points can lead on to other questions revealing even more about a target; all of which can provide a hacker opportunities ripe for exploitation.

8. Be Patient & Persistent

Hacking is not easy and it's not quick.

Successful hackers frequently follow a distinct series of steps, acquiring the tools, the knowledge and skills necessary to complete each phase.

  1. Reconnaissance: Where the hacker researches and gathers intelligence about the target.
  2. Scanning: Use the information from research to look for weaknesses and vulnerabilities and planning the attack.
  3. Gaining access: This is the attack phase where the actual hacking is done. The aim of the hacker at this point, is to 'own the systems' because once hacked, the hacker can do anything with the system.
  4. Maintaining access: Once in, hackers want to be able to return for future exploitation so they typically 'harden' the system against other hackers and system security by planting back-doors, Trojans and root-kits.
  5. Covering tracks: Hackers don't want to be caught, so the final phase involves covering their traces by deleting log files or obscuring their activities (stenography) within masses of other data.
Patience & Persistence

9. Confidence Games

Go for the weakest link in any organisation's security; the people.

Employees can be forced, paid, tricked or duped into violating security rules to give a hacker access. With proper research, it is easy enough to find who to target, then its just a matter of using social engineering techniques to get them to do what you want.

10. Being on the inside

Many security breaches have been initiated by internal employees, rather than some external hacker. In these cases the breach has been brought about by:-

  • A determined hacker getting a job with the organisation and exploiting their rights of access once some degree of trust has been obtained.
  • A disgruntled employee seeking revenge or retribution against the organisation.

In both situations, all the outward facing security is bypassed, and the organisation is left relying on internal defences.

Insider Hacking

Guess what? Create a page in your Data Storage Section, title it Breaching Security.

  1. Define what constitutes a Data Breach.
  2. Create a list of methods used to breach security.
  3. Explain why people are so careless with their passwords?
  4. What are the personal characteristics required to be a successful hacker?
  5. Go to Google Earth and discover what lies at the centre of the Pentagon USA.
  6. What is the weakest link in any security system
  7. What kind of attack is this weakest link susceptible to?
Breaching Security

If you don't have a second computer to try this on back home, try and use your smart-phone as the target instead.

Time to extend our hacking experience and knowledge. Release the Kali Linux. Answer these in your Hacking Methods section.

  1. Discover the make and model of your router. Use this to discover the default user and password - I'm sure you will have changed this. Haven't you?. Record this in your notebook.
  2. Explain 'hashing' and how 'salting' works.
  3. Watch the video on ARPSpoofing and DNSSpoofing and see if you can catch passwords on your fake website. Take screen shots and include them in your notebook as evidence.
  4. Write down the main steps in APRSpoofing together with aim of each step.
  5. Write down the main steps for a Wireless Access Point attack, also with the aim of each step.
  6. Check out the 8 Most Famous Computer Viruses of all time. Record their name, method of delivery i.e. how it got into the system and cost to put right.

Can you now do?

  • Define the term data security breach and understand the term data leakage.
  • Explain some common causes of data security breaches.
  • Describe the some of the personal characteristics required for successful hackers.

If you don't feel confident in meeting any of these performance criteria, ask your teacher or re-read the information again.

Cyber Security

  • Security Fundamentals
  • Data Security
  • Digital Forensics
  • Ethical Hacking
Supporting courses by the SQA Logo
css badge
html badgee