Definition[edit | edit source]
Overview[edit | edit source]
Three different methods of attack have been identified, based on the effects of the weapons used. However, as technology evolves, distinctions between these methods may begin to blur.
- A physical attack involves conventional weapons directed against a computer facility or its transmission lines;
- An electronic attack (EA) involves the use the power of electromagnetic energy as a weapon, more commonly as an electromagnetic pulse (EMP) to overload computer circuitry, but also in a less violent form, to insert a stream of malicious code directly into an enemy's microwave radio transmission; and
- A computer network attack (CNA), usually involves malicious code used as a weapon to infect enemy computers to exploit a weakness in software, in the system configuration, or in the computer security practices of an organization or computer user. Other forms of CNA are enabled when an attacker uses stolen information to enter restricted computer systems.
Department of Defense officials have stated that while CNA and EA threats are “less likely” than physical attacks, they could actually prove more damaging because they involve disruptive technologies that might generate unpredictable consequences or give an adversary unexpected advantages.
Anatomy of a computer attack[edit | edit source]
There are five basic steps traditionally used by computer hackers to gain unauthorized access, and subsequently take over a computer system. These five steps may be used to plan a computer attack for purposes of cybercrime or cyberespionage, and may also be employed for purposes of cyberterrorism. The steps are frequently automated through use of special hacker tools that are freely available to anyone via the Internet. Highly-skilled hackers use automated tools that are also highly sophisticated, and their effects are initially much more difficult for computer security staff and technology to detect. These sophisticated hacker tools are usually shared only among an exclusive group of other highly-skilled hacker associates. Steps are given below:
Step 1: Reconnaissance[edit | edit source]
In this first step, hackers employ extensive pre-operative surveillance to find out detailed information about an organization that will help them later gain unauthorized access to computer systems. The most common method is social engineering, or tricking an employee into revealing sensitive information (such as a telephone number or a password). Other methods include dumpster diving, or rifling through an organization’s trash to find sensitive information (such as floppy disks or important documents that have not been shredded).
This step can be automated if the attacker installs on an office computer a virus, worm, or spyware program that performs surveillance and then transmits useful information, such as passwords, back to the attacker. Spyware is a form of malicious code that is quietly installed on a computer without user knowledge when a user visits a malicious website. It may remain undetected by firewalls or current anti-virus security products while monitoring keystrokes to record web activity or collect snapshots of screen displays and other restricted information for transmission back to an unknown third party.
Step 2: Scanning[edit | edit source]
Once in possession of special restricted information, or a few critical phone numbers, an attacker performs additional surveillance by scanning an organization’s computer software and network configuration to find possible entry points. This process goes slowly, sometimes lasting months, as the attacker looks for several vulnerable openings into a system.
Step 3: Gaining access[edit | edit source]
Once the attacker has developed an inventory of software and configuration vulnerabilities on a target network, he or she may quietly take over a system and network by using a stolen password to create a phony account, or by exploiting a vulnerability that allows them to install a malicious Trojan horse, or automatic “bot” that will await further commands sent through the Internet.
Step 4: Maintaining access[edit | edit source]
Once an attacker has gained unauthorized access, he or she may secretly install extra malicious programs that allow them to return as often as they wish. These programs, known as "root kits" or "back door]]s," run unnoticed and can allow an attacker to secretly access a network at will. If the attacker can gain all the special privileges of a system administrator, then the computer or network has been completely taken over, and is "owned" by the attacker. Sometimes the attacker will reconfigure a computer system, or install software patches to close the previous security vulnerabilities just to keep other hackers out.
Step 5: Covering tracks[edit | edit source]
Sophisticated attackers desire quiet, unimpeded access to the computer systems and data they take over. They must stay hidden to maintain control and gather more intelligence, or to refine preparations to maximize damage. The "root kit" or "Trojan horse" programs often allow the attacker to modify the log files of the computer system, or to create hidden files to help avoid detection by the legitimate system administrator. Security systems may not detect theunauthorized activities of a careful intruder for a long period of time.