
                                                     
                                                       
               ۰߰     ܰ۰  
             ۱      ܱ߰    ۰
             ۱          ۱      ۰  
                 ܰ߱    ߰۲    
              Outbreak Magazine Issue #10 - Article 16 of 18
           '~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~'

------------------------------------------------------------------------------------------

Corporate Intrusion: How an attacker gets in

By: Turbanator

------------------------------------------------------------------------------------------
  
  I would first like to start off this text by stating that I in no way endorse
the use of the methods contained in this text file to be used in ANY illegal 
activity, this is simply for informational purposes.

-=I. Choosing the victim=-

  When a hacker attempts to infiltrate any system, weather it be through social 
engineering or through computer means, they most of the time choose their targets 
carefully, and for some unknown (at least to the victim) reason.  Most hackers, 
at least the "leet" ones, wont simply go out and randomly choose some company to 
attack just because they don't like their website layout.

-=II. Probing the victim=-

  Now that the hacker has chosen his designated target, he can begin to look for 
any weaknesses the victim may have.  The attacker can find out as much info on any 
of the employees in a company as possible, then use that information in a process 
known as social engineering. When a hacker is social engineering, he will most 
likely speak in a calm monotone voice, and use words with complicated meanings, and 
repeat his "given instructions" to give a sense of authority over his victim.  Once 
the hacker has extracted the information he needs, he then proceeds to use it in the 
correct way.

-=III. Probing the corporation=-

  Once the hacker has the information he needs, he can then use it accordingly on the 
target corporation.  Normally the hacker will play around with them for a bit, to see 
what the employees are actually like, and get to know their strengths, and more 
importantly, their weaknesses.  If someone at the front desk, or even in the high level 
offices has given out personal information about thing they like, things they hate, etc. 
to someone they "know," then they have most likely been a target for an attack at one 
time or another.  Just because you've talked to Jim in accounting in the 34th cubical on 
the 4th floor a couple of times, doesn't mean he is your friend, and a hacker will most 
likely pose as Jim, so that he can become your "friend" and get the information he wants 
out of you.

-=IV. Testing the information=-

  With his newly accuired sensative information, the hacker then proceeds to find a major,
yet unknown weakness in the corporation, and exploit it.  So with his new passwords the
hacker looks around the company web site for an "employees only" login prompt.  Bingo, its 
cleverly hidden at http://www.victimcorp.com/employeelogin.htm.  Now he can access some of 
the internal networks of the corporation, exposing sensative information, while posing as 
Jim from accounting in the 34th cubical on the 4th floor, even though Jim is out sick with 
the flu this week...

-=More to come!=-

  With me being my lazy self I didnt have enough time to write as much 
as I originally wanted to, so look for "Corporate Intrusion: Part 2: Congrats! Your hacked!" 
soon.


------------------------------------------------------------------------------------------
This text file was written by:Turbanator
For:Outbreak
The author can be contacted at:turbanator2k2@yahoo.com, 
AIM=Turbanator2k2
------------------------------------------------------------------------------------------
