Who is Hacker Target | How do hackers pick their targets?
The primary target of hackers in a computer system
Usage Portals
Usage portals are application programs that consist the bulk of a user’s daily computer usage where he or she interacts with the outside world E-mail, Web browsers, chat clients, video streaming remote software, Web-enabled application software, and a variety of other applications are among them.
These and other usage portals are frequently used by attackers to turn a system against itself or hijack its applications to alter the system or other connecting systems it hosts.
Electronic mail is claimed to be the most widely used communication application nowadays (e-mail). We use e-mail to write letters and send attachments like images and spreadsheets, and depending on the setting of the e-mail client, it can even accept Web page content inside a received email.
When a university student in the Philippines developed and published the Love Bug virus, this particular usage portal is said to have caused between USS3-15 billion in losses globally.
When you consider that Hurricane Andrew caused US$25 billion in damage when it passed through Florida, this is no trivial thing. Essentially, this small e-mail virus was programmed to cause harm to the computer of whoever opened the message and automatically send itself to everyone in the user’s address book.
The deliverable was a virus, the gateway was an email client, the target was everyone connected to the initial victim, and the damage was to spread itself and subsequently damage the host computer system.
This is only one example of how a virus can use this site. These viruses are increasingly being utilized to infect specific installations (i.e Military, government, corporate, etc.) sends tens of thousands of emails designed to overwhelm the organization's e-mail server while attempting to propagate to other systems with messages it can't manage (ie., a cascading damage effect).
Because the proper use of email clients is not always taken, e-mail servers do not always have properly designed filtering systems, and users are not always selective, e-mail servers do not always have correctly designed filtering systems. In terms of what people open and read, the e-mail will continue to be a popular route for conducting assaults.
Web Browsers
The Internet has grown and prospered as a result of web browsing by providing a point-and-click approach to informational Websites about everything from basket weaving to building roadside bombs.
With over 8 trillion Web pages, the statistical probability that some of them are intended to disrupt, hijack or damage a connecting computer cannot be ignored The tools and scripts are built inside a Web browser (i.e., small executable programs that execute requested resources such as Install on Demand, JavaScript, VB Script, etc.) that can be programmed to turn against a user’s computer.
The same mechanisms that allow a browser to play a video on a news site can also be used to trigger remote executions of other programs and subroutines that allow a Web site's host server to take control of elements of a visitor's system.
These mechanisms can then be used to read and execute files on the visitor’s system so as to access information such as the account details of the user (ie, full user name, login name, e-mail addresses, permission levels, last time a password was changed, IP address, etc.),
Gather previously browsed sites and files saved in the operating system and application program working folders, find out configuration settings such as version levels and the settings of the operating system and/or application programs, as well as many more details that are saved on the computer of the user.
Furthermore, malicious sites can take advantage of these built-in capabilities and run malicious malware when a photo is opened and/or viewed by using executable code that is embedded inside a digital photo.
Security protocols such as Secure Socket Layer and techniques such as digital certificates have application program interfaces and plug-ins in browsers, allowing for more secure surfing and communications.
When browser application vulnerabilities are known, caustic Web site servers can be set up to exploit them, resulting in site redirection, server authenticity spoofing (intentional identity fabrication), and the installation and execution of malicious code.
The following concerns, as well as those not mentioned, can be mitigated or eliminated if a Web browser is correctly set and updated on a regular basis, and so must be regarded seriously. Unfortunately, most Web browsers are built with an “open systems approach for total interoperability and interconnectivity with available Web services” in mind. This portal's core flaw renders it open for exploitation.
Chat Clients
Internet relay chat (IRC) software such as MSN Messenger, AOL Instant Messenger, mIRC, and a variety of others is sometimes used to facilitate computer-to-computer conversations.
Some chat applications allow for a direct, dedicated connection between two computers, while others use a centralized server to log in and interact with others on the server in both individual chat sessions and group forums Adding voice and/or video feed via a microphone and/or video camera is an extension of this fundamental concept.
This joint approach combines text messaging. Voice Over Internet Protocol, and video streaming software such as Apple’s iChat AV. The vast majority of the products in this usage portal lack privacy protection (i.e., encryption apps, IP address obscuration, etc.) and are vulnerable to monitoring, hijacking, and substitution of communication content attacks, as well as any pertinent information, gleaned from a conversation.
Also, an attacker can use this type of software to gather configuration information so that they can subsequently use a computer's microphone and video camera to watch and listen in on the room where the computer is located.
When using this portal, care must be given in selecting the software, chat server, and those who will be chatting with you. However, This portal will be exploited by technological savvy intruders and social engineers due to people's natural tendency to grow familiar with systems and trust prior interactions.
Remote Software
Remote software enables a user to control an existing computer or server from a different computer. This is normally done with the use of a modem or a network connection. This usage portal is used to operate servers remotely (similar to telnet) and access limited or shared network resources like databases, application software, work files, and other resources.
The remote connection is sometimes completed in such a way that the user's computer serves as a terminal for keystrokes and screen captures performed on the remote computer using software like Laplink or pe.
As in the instance of Microsoft's Terminal Services, the machine being remote is actually a virtual, fully functional, generated desktop that emulates the look and feels of an actual desktop.
When remote services are enabled and made available, intruders can use modems and/or network address ports to get access to a network's internal structure.
These access points are typically merely protected by a username and password, with little or no privacy protection (i.e., encryption), and are thus vulnerable to external surveillance, brute force (i.e., incremental creation of characters until a lookalike is discovered), and dictionary password attacks (ie. A dictionary list of potential passwords) When existent in an organization, this portal is most likely the least defended and one of the easiest to breach.
Web-Enabled Applications
Everyday apps like word processors and spreadsheets are built to be Web-enabled, allowing for the transfer of information and work-in-progress projects between systems (ie, integrated applications and collaboration systems).
Attempting to put clip art into a document is pretty usual, and he asked if you wanted to look at more clip art on the manufacturer's website. Other apps are directly integrated with e-mail and Web browser software as a result of being part of the same software suite as Microsoft Office so that when specialty functions are required, these connected apps are started and executed.
Many apps and utility software also check for an Internet connection on a regular basis, and if one is found, may contact the manufacturer's server for updates and/or registration validation. Some software is even more intrusive in that it instructs the computer to dial or connect to the Internet without the user's authorization when a connection is not available.
An intruder's malicious malware can use web-enabled apps to communicate information about a system (e.g., via File Transfer Protocol), carry out further attacks (Le, transitive capabilities), and propagate more malicious malware. The selection and configuration of various sorts of software, as well as the source manufacturer, must be done with caution.
The use of shareware and freeware sources for Web-enabled software might occasionally have additional built-in communications and backdoors that can be abused by the software's developers and/or are the consequence of a shoddy program development process.
It's one thing to have software that can access the Internet outside of its hosting system; it's quite another when that program is built to accept connections from the Internet without informing the user, as many of Microsoft's Office products are. The challenges connected with this technique will be present for a long time since consumers have been given the capacity to integrate applications with the Web (willingly or not).
You May Also Read This
