Our guest blogger this week is Tom Bowers, Managing Director, Security Constructs LLC

The rash of large-scale data breaches in the news this year begs many questions, one of which is this: how do hackers select their victims?

The answer: research.

Hackers do their homework; in fact, an actual hack typically takes place only after many hours of first studying the target.

Here’s an inside look at a hacker in action:

  1. Using search queries through such resources as Google and job sites, the hacker creates an initial map of the target’s vulnerabilities.  For example, job sites can offer a wealth of information such as hardware and software platform usage, including specific versions and its use within the enterprise.
  2. The hacker fills out the map with a complete intelligence database on your company, perhaps using public sources such as government databases, financial filings and court records. Attackers want to understand such details as how much you spend on security each year, other breaches you’ve suffered, and whether you’re using LDAP or federated authentication systems.
  3. The hacker tries to identify the person in charge of your security efforts.  As they research your Chief Security Officer or Chief Intelligence Security Officer (who they report to, conferences attended, talks given, media interviews, etc.) hackers can get a sense of whether this person is a political player or a security architect, and can infer the target’s philosophical stance on security and where they’re spending time and attention within the enterprise.
  4. Next, hackers look for business partners, strategic customers and suppliers used by the target.  Sometimes it may be easier to attack a smaller business partner than the target itself.  Once again, this information comes from basic search engine queries; attackers use job sites and corporate career sites to build a basic map of the target’s network. 
  5. Once assembled, all of this information offers a list of potential and likely egress points within the target.

While there is little you can do to prevent hackers from researching your company, you can reduce the threat this poses by conducting the same research yourself.  Though the process is a bit tedious to learn, it is free to use; you are simply conducting competitive intelligence upon your own enterprise.  By reviewing your own information, you can draw similar conclusions to the attackers, allowing you to strengthen those areas of your business that may be at risk.

For example, if you want to understand which of your web portals may be exposed to hackers, use the following search term in Google: “site:yourcompanyname.com – www.yourcompanyname.com”

This query specifies that you want to see everything on your site except WWW sites.  Web portals do not typically start with WWW and this query will show “eportal.yourcompanyname, ecomm.yourcompanyname.”

Portals are a great place to start as they usually contain associated user names and passwords;   this means that a database is storing these credentials, which is a potential goldmine for attackers.  You can set up a Google Alert to constantly watch for new portals; simply type in your query, select how often you want updates, and Google will send you an alert every time a new portal shows up in its results.

Knowledge is power.  The more you know about your own business, the better you can protect it from becoming prey to hacker-hawks circling in cyberspace.