How they Get In

Posted by systemsupport On September 19, 2018

Last week we introduced our topic of seeing if someone was in your system. While we gave 5 quick tips to check if someone had snooped around, this week we dive into just how someone hacks in. This is not a comprehensive guide, and it only skims the surface of the possible ways someone gets in. There are two broad categories of how someone gets in we will take a look at: either accidentally gave them access, or they force their way in. In order to not bore you with technical details, we will ignore the more involved methods of getting around different protocols. If the technical details do interest you, I highly suggest going on YouTube and looking up DEFCON videos. From there, you can watch hour long videos of people hacking into anything imaginable, complete with code samples and technical jargon galore.

Getting back on track, we will start with accidentally giving someone your credentials. Stealing your credentials is easier than you think. The easiest method is if someone hacks in to a large company that has your username and password, and then posts it online or sells it on the dark web. If you use one password for everything, or a series of passwords that aren’t that different, someone now can get into most of your accounts! This is the worst, as there’s nothing you can do about it except have a robust personal password policy of variety across sites. Change passwords often, and change them completely, no adding an exclamation point at the end of your old one!

The next easiest is a website spoof. One way is you get an email that your account information changed and you didn’t change it, so you follow the link in the password, enter your credentials, and right there you’ve provided them to an attacker. Luckily, most of those emails are blocked by spam filters. Another way to trick you into entering your credentials is through DNS hijacking. Long story short, through a configuration change, an attacker can redirect your web traffic to a fake website that looks identical to the real deal but the rogue DNS server diverted your connection before it made it to the real website.

Next is another classic method: malware embedded in a downloaded file. We’ve all done it: downloaded a program from a somewhat sketchy site because we didn’t want to pay full price for it. Chances are the site embedded some malware in the software that could execute a variety of attacks. Or, in combination with the DNS hijack, have you download a malware file that looks like the real program. From there, the malware can do as it pleases letting in the attacker and any other connections.

While social engineering and tricking someone into giving up their credentials is the easiest way to do it, sometimes an attacker uses good old brute force to make their way in. Computers can send and receive commands with lightning speed. When comes to cracking a code, sometimes it just takes throwing a few hundred thousand guesses out there to see which is the right one. Most computers can fly through 100,000,000 iterations in a second. To put that in perspective, a Masterlock padlock has 64,000 possible combinations. If a computer only had to guess the numbers, it would take less than a millisecond to guess! That’s why most websites will lock you out after a few tries; if you let someone sit there and try a few billion guesses, chances are they will figure it out. This is the guess and check method, and unless you have an unsuccessful attempt limit or two factor authentication, someone will eventually get in.

The next method is a password cracker. Currently the most famous is a program called ‘hashcat’. It’s important to note that the program is not intended for nefarious purposes; it is meant to help you recover a lost password in scenarios where you otherwise might not be able to. Say your saved your family photos on an encrypted hard drive and without the password the photos are lost for all time. With hashcat, as long as you know which encryption algorithm was used, you can attempt to get the password back. Encryptions work on a specific algorithm, which is a special way of scrambling the message. To avoid rambling on about encryption, I highly suggest you check out this video to learn more. An example of someone using a password cracker to get into a network is the most recent wi-fi password vulnerability. To check out the steps, and get the code to do so, here’s a link to the article. Head’s up, it’s super technical. To summarize, it grabs the garbled string of characters that is the encrypted password and cracks it to provide the Wi-Fi password. From there, an attacker can listen on the network to any communications and has an easy path to getting at your machine directly.

Another recent example is another guess and check, but instead of just guessing the password, both the user name and password is guessed. Instead of guessing randomly however, an attacker may have a library of usual suspects: standard username and password combinations for a device like a home router, usual credentials for a printer, or generic usernames with no or simple passwords. From there, they can try to use RDP (Remote Desktop Protocol) to attempt to connect to a PC. A few simple guesses later, viola, they’re in, and can go about their business.

Those two categories are the usual suspects of how someone gets into a system. However, if you want to see some more in-depth vulnerabilities and hacking, google the term ‘Microsoft Zero Day’ and take a look at the vulnerabilities listed there. The articles are all highly technical but boil down to a simple principle: someone or something can perform actions or get past security when they’re not supposed to. Stay safe out there, and we’ll see you next week where go over what you have to do if someone did get in.