How Hackers Hack

Hacking 101

"You should understand," says Optyx, as he enters a few commands that bring our machine to its knees, "no matter what people do, hackers will always find a way to get into systems."

Just as he says this, Optyx uses a program to get the laptop to spew out a bit of data identifying its operating system and version.

He then runs the program that cracked the file sharing password in the blink of an eye. We watch as he uses another tool to root through files in the laptop's shared directory.

As hacking goes, the methods our two instructors use on our laptop are not very elegant--the equivalent of using brute force to knock in a door--and through the machine's software firewall, we are immediately aware that the machine is being hacked. But, save from disconnecting our machine from the network cable, we're powerless to stop it.

Most hacking attacks, however, are much more invisible.

Open Sesame

The methods hackers use to attack your machine or network are fairly simple. A hacker scans for vulnerable systems by using a demon dialer (which will redial a number repeatedly until a connection is made) or a wardialer (an application that uses a modem to dial thousands of random phone numbers to find another modem connected to a computer).

Another approach used to target computers with persistent connections, such as DSL or cable connections, employs a scanner program that sequentially "pings" IP addresses of networked systems to see if the system is up and running.

Where can a hacker find such tools? On the Internet, of course.

Sites containing dozens of free, relatively easy-to-use hacking tools available for download are easy to find on the Net. While understanding how these tools work is not always easy, many files include homegrown documentation written in hacker shoptalk.

Among the programs available are scanning utilities that reveal the vulnerabilities on a computer or network and sniffing programs that let hackers spy on data passing between machines.

Hackers also use the Net to share lists of vulnerable IP addresses--the unique location of Internet-connected computers with unpatched security holes. Addresses of computers that have already been loaded with a Trojan horse are available for anyone to exploit (in many cases without the owner of the computer knowing).

Once the hacker finds a machine, he uses a hacker tool such as Whisker to identify in less than a second what operating system the machine is using and whether any unpatched holes exist in it. Whisker, one of a handful of legitimate tools used by system administrators to test the security of their systems, also provides a list of exploits the hacker can use to take advantage of these holes.

Editors' Note: The above paragraph was modified on 4/26/2001 to correct an error.