The Home Burglar Analogy
with an analogy. Imagine a burglar wants to break into your house.
He does some
He observes who comes and goes from the house, your schedule, and your habits.
You typically lock your doors and windows, but the burglar will check to see if you left your basement window open.
Even better, let’s say this is a new house.
The burglar might see that you installed an alarm system.
So, now this burglar can go online to see the vendors that work with your builder to determine the alarm system brand.
Once he has the brand, he can find its vulnerabilities, and so forth.
Apply the same concepts
Now Let’s Apply
the same concepts to how a hacker might operate. Before doing anything, the hacker determines his
mission and objectives.
Remember the goal could be to steal secrets and intellectual property...
or disrupt or destroy networks or information.
Now he begins casing the company and its computer networks—known as footprint analysis—which will help him determine the best way to go about getting his prize.
First, the hacker researches all potentially related company information...
such as size, subsidiaries, vendors and customers, as well as individual employees and affiliates that might have access to the target’s computers.
Remember, the easiest way into a system may be the long way around—through a third party.
Much of this information is publicly available. The Intelligence Community refers to publicly available information as open source intelligence (OSINT).
The hacker conducts online research, viewing news organization, social media, job search, and
Internet Protocol (IP) Address
He’ll also want to know the Internet Protocol (IP) addresses associated with his target.
For many companies,
he’ll be able to look-up an IP
address by knowing the company website address or domain name.
Knowing the IP address will help the hacker infiltrate the network.
You’ll see how they come into play when we move into
The Adversary’s Techniques
may also use
All of these tidbits are used to identify vulnerabilities
and potential human targets of a social
is a broad definition referring to using deceitful techniques designed to manipulate someone into divulging information or performing actions that may result in the
release of that information.
The Low-Tech Method
Someone claiming to be calling from a help desk...
tricks a user into revealing their username and passwords.
uses email in an attempt to get people to reveal sensitive information or unwittingly install malicious code.
In this example, an email
that looks like it’s from the
help desk, is really
from a hacker.
The email instructs the user to download and install an update, but the file contains malicious code.
The Hacker’s Perspective
Here’s your chance
Click the Start button below for your chance to experience a cyber intrusion from the hacker’s perspective.
Want to review the activity steps? Click Close (X) to return to the activity menu.
As you move through the experience, the videos will provide context and direction.
View an animated demonstration of what might happen behind the scenes of a hack.
Complete the activity here when prompted. Click Reset Experience to review the activity again.
To ensure your interaction with the activities is optimized, please refresh the Virtual Cursor after each experience section has loaded by using the JAWS command "Insert" + "z" twice.