Hacking is becoming too frequent a headline for our liking these days. It seems as though the technology that’s been developed to make our lives easier is backfiring thanks to a small army of hackers.
Getting their kicks out of circumventing firewalls and other security measures are putting the rest of us at risk.
So how come these attacks keep happening?
Well, according to BullGuard, before launching an attack, hackers make sure they cover their tracks by:
- Breaking into poorly secured computers and using these hijacked systems as proxies through which they can launch and route attacks worldwide
- Using viruses, worms, phishing emails and other malware to take control of internet servers or personal computers to create a network of ‘zombie’ computers, also known as botnets
- These botnets are then used to launch attacks.
- As a result, an attack may appear to come from a particular server or computer, but this does not mean the attack originated at that device.
- Often a string of different proxies are used, typically located in different countries.
It is these factors that make it so difficult to find out where the original attack was launched.
As BullGuard states:
“ It can be done but requires law enforcement from different countries to co-operate with each other.
“On the surface, this may seem straightforward but political agendas can get in the way of forensics. For instance, law enforcement might trace an attack as far as a server IP address in Russia or a router on Chinese territory.
“This doesn’t provide definitive proof that the attack was launched from a server in Russia or a router in China, these devices could be proxies used by the attackers. But political relations, for instance between the US, Russia and China, ensure that the forensics investigations can’t go any further. This is why it is often difficult to catch attackers. That said, circumstantial evidence can certainly point a finger in the right direction.”
Attackers sometimes start small
BullGuard when on to explain:
“Attackers sometimes start their attacks by attacking small, remote and obscure computers or networks or piggyback into networks by infecting other devices. Their ultimate targets are often large organisations with sensitive information.
“But they don’t just press a big red attack button; instead they carry out surveillance and crawl through a victim’s network to find suitable launch points to reach their ultimate targets.
- Foreign nation state-backed hackers took over outdated Windows servers run by a small company. They then moved across the network onto other servers. Spear-phishing emails were then sent from these compromised servers to more than a hundred targets, including companies working for the US Department of Defense.
- Attackers exploited a vulnerable web application on public school servers to break into them. They moved around the networks and installed backdoors on the school’s computers to launch more attacks.
- Malicious hackers breached a community club network and then distributed malware to anyone who connected to the club’s Wi-Fi. The attackers then later piggybacked into corporate networks when the owners of the devices had been infected logged onto their company networks.
- Chinese spies penetrated an old computer belonging to a welding firm located deep in the Wisconsin countryside. The hackers used the compromised computer to plan and stage attacks on a major Manhattan law firm, one of the world’s biggest airlines, a prominent university and other targets.
“Often these firms or individuals have no idea their computers have been compromised until one day they receive a knock on the door from men in suits and raincoats who have a lot of questions.”