The IT Law Wiki

Computer attack

32,299pages on
this wiki
Add New Page
Talk0 Share

Definition Edit

A computer attack may be defined as actions directed against computer systems to disrupt equipment operations, change processing control, or corrupt stored data.

Overview Edit

Different attack methods target different vulnerabilities and involve different types of weapons, and several may be within the current capabilities of some terrorist groups.

Three different methods of attack have been identified, based on the effects of the weapons used. However, as technology evolves, distinctions between these methods may begin to blur.

Department of Defense officials have stated that while CNA and EA threats are “less likely” than physical attacks, they could actually prove more damaging because they involve disruptive technologies that might generate unpredictable consequences or give an adversary unexpected advantages.[1]

Anatomy of a computer attack Edit

There are five basic steps traditionally used by computer hackers to gain unauthorized access, and subsequently take over a computer system. These five steps may be used to plan a computer attack for purposes of cybercrime or cyberespionage, and may also be employed for purposes of cyberterrorism. The steps are frequently automated through use of special hacker tools that are freely available to anyone via the Internet. Highly-skilled hackers use automated tools that are also highly sophisticated, and their effects are initially much more difficult for computer security staff and technology to detect. These sophisticated hacker tools are usually shared only among an exclusive group of other highly-skilled hacker associates. Steps are given below:

Step 1: Reconnaissance Edit

In this first step, hackers employ extensive pre-operative surveillance to find out detailed information about an organization that will help them later gain unauthorized access to computer systems. The most common method is social engineering, or tricking an employee into revealing sensitive information (such as a telephone number or a password). Other methods include dumpster diving, or rifling through an organization’s trash to find sensitive information (such as floppy disks or important documents that have not been shredded).

This step can be automated if the attacker installs on an office computer a virus, worm, or spyware program that performs surveillance and then transmits useful information, such as passwords, back to the attacker. Spyware is a form of malicious code that is quietly installed on a computer without user knowledge when a user visits a malicious website. It may remain undetected by firewalls or current anti-virus security products while monitoring keystrokes to record web activity or collect snapshots of screen displays and other restricted information for transmission back to an unknown third party.

Step 2: Scanning Edit

Once in possession of special restricted information, or a few critical phone numbers, an attacker performs additional surveillance by scanning an organization’s computer software and network configuration to find possible entry points. This process goes slowly, sometimes lasting months, as the attacker looks for several vulnerable openings into a system.

Step 3: Gaining access Edit

Once the attacker has developed an inventory of software and configuration vulnerabilities on a target network, he or she may quietly take over a system and network by using a stolen password to create a phony account, or by exploiting a vulnerability that allows them to install a malicious Trojan horse, or automatic “bot” that will await further commands sent through the Internet.

Step 4: Maintaining access Edit

Once an attacker has gained unauthorized access, he or she may secretly install extra malicious programs that allow them to return as often as they wish. These programs, known as "root kits" or "back door]]s," run unnoticed and can allow an attacker to secretly access a network at will. If the attacker can gain all the special privileges of a system administrator, then the computer or network has been completely taken over, and is "owned" by the attacker. Sometimes the attacker will reconfigure a computer system, or install software patches to close the previous security vulnerabilities just to keep other hackers out.

Step 5: Covering tracks Edit

Sophisticated attackers desire quiet, unimpeded access to the computer systems and data they take over. They must stay hidden to maintain control and gather more intelligence, or to refine preparations to maximize damage. The "root kit" or "Trojan horse" programs often allow the attacker to modify the log files of the computer system, or to create hidden files to help avoid detection by the legitimate system administrator. Security systems may not detect theunauthorized activities of a careful intruder for a long period of time.

References Edit

  1. Advantages of EA and CNA might derive from United States reliance on a computer-controlled critical infrastructure, along with unpredictable results depending on severity of the attack. Jason Sherman, “Bracing for Modern Brands of Warfare,” Air Force Times, Sept. 27, 2004.[1]

Source Edit

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.

Also on Fandom

Random Wiki