For Immediate IT Support 613-288-5805 or email us

The Five Phases of a Hack – Reconnaissance

It can be beneficial to clients of Ottawa managed services providers to understand the process by which hacks and data breaches occur. In fact, users and providers across the spectrum of IT and network support in Ottawa
would certainly be better off being in the know than not. So what exactly occurs in a hack? Let’s address any misconceptions first.

Portrayals of a hack in Hollywood productions always seem to show a lone figure hunched over a laptop with a command line, intensely writing some exploit code. Although this image is correct, it is not a full picture of what happens in the planning and execution of a hack. There is more legwork, human interaction and use of common technologies involved. Nothing demonstrates this idea more than the first phase of a hack, reconnaissance/footprinting.

The term reconnaissance means the same in the security world as it does in the military sector i.e. information gathering. Information gathering skills are as important to a hacker as technical know how, and as such hackers have to be as clever in their reconnaissance endeavors. Businesses who use managed service providers in Ottawa would be doing themselves a disservice if they did not understand the dangers that publicly available information can pose to their company. Ottawa businesses should ask their tech support providers how to mitigate these risks. There are many ways a hacker can extract information, from the relatively simple Google searches to social engineering tactics. All information a hacker finds is considered potentially useful and can be used when it comes to the gaining access phase.

For instance, let’s say your organization is looking for a new network administrator, and your network uses Cisco devices. Naturally, your organization is going to want your new employee to have knowledge of Cisco
Systems, and is going to want proof of it in the form of certification. Within the job posting, the HR department decides to put in a Cisco Certified Network Associate/Professional (CCNA/P) certification as a requirement. If a hacker comes across this posting as they are planning their attack, or find an archived version of it, they now know that you are running Cisco devices.
That saves them a lot of time and hassle when it comes to the more active phases of the hack.

This is why reconnaissance is so important, it saves a lot of time and as information is gathered it aids in the formulation of a plan of action.

Information related to IT infrastructure is not the only information that can pose problems in the wrong hands. Although hackers do tend to look for information such as IP addresses, server information, system architectures etc. Any information that is publicly available has the potential to be used against an organization by a malicious actor. Newspaper articles, press releases and company history can be gathered and some useful information may be extracted from these sources too. Social media is also another treasure trove of information. Even emails sent from within your organization can be beneficial.

For example, a hacker can use an email address and social media to achieve their objectives by :

  1. 1) Arranging a job interview with someone from HR via email.
  2. 2) Now armed with a name and email address they can use social media to see if there is a connection between this person’s email address, full name or other personal information.
  3. 3) Search for other employees within your organization who would have greater privileges on your network. (Even if the employee does not post their position on social media, a quick look at their liked pages or followings can help guess their position. If an employee has liked IT related pages, the chances of them being in the IT department are much higher than someone who has not liked such pages.)
  4. 4) Figure out the employee’s organizational email address by applying the convention they have deduced from the first two steps.
  5. 5) Craft a malicious email tailored to that employee (known as spear phishing) that will either ask for login details or get them to unwittingly download malware (via a malicious attachment, drive-by download, or exploit kit) that gives the hacker access to your network.

What can be done about this? Obviously, you can’t have the public left completely in the dark about your business, that would almost certainly lead to no revenue being generated. Employees within organizations need to understand what both the information they work with, and their own personal information, can mean to a hacker.

Even the most seemingly trivial information combined with other seemingly benign information can be weaponized. Regular security awareness training for employees, evaluation of publicly available information, and actions to mitigate the risks of that information can help protect an organizations assets, networks, and ultimately their profit.