• Choose a category
• All
• Classic-Fiction

Then he called the name he’d been given, posing as a guy from IT. “Later tonight,” he said, “we’re swapping out a router and need to make sure the people on your team don’t lose connectivity to your server. So we need to know which servers your team uses.” The network was being upgraded all the time. And giving the name of the server wouldn’t hurt anything anyway, now would it? Since it was password-protected, just having the name couldn’t help anybody break in. So the guy gave the attacker the server name. Didn’t even bother to call the man back to verify his story, or write down his name and phone number. He just gave the name of the servers, ATM5 and ATM6.

The Password Attack

At this point, Ivan switched to a technical approach to get the authentication information. The first step with most technical attacks on systems that provide remote access capability is to identify an account with a weak password, which provides an initial entry point into the system.

When an attacker attempts to use hacking tools for remotely identifying passwords, the effort may require him to stay connected to the company’s network for hours at a time. Clearly he does this at his peril: The longer he stays connected, the greater the risk of detection and getting caught.

As a preliminary step, Ivan would do an enumeration, which reveals details about a target system. Once again the Internet conveniently provides software for the purpose (at http://ntsleuth.0catch.com; the character before “catch” is a zero). Ivan found several publicly available hacking tools on the Web that automated the enumeration process, avoiding the need to do it by hand, which would take longer and thus run a higher risk. Knowing that the organization mostly deployed Windows-based servers, he downloaded a copy of NBTEnum, a NetBIOS (basic input/output system) enumeration utility. He entered the IP (Internet protocol) address of the ATM5 server, and started running the program. The enumeration tool was able to identify several accounts that existed on the server.

lingo

ENUMERATION A process that reveals the services enabled on the target system, the operating system platform, and a list of account names of the users who have access to the system.

Once the existing accounts had been identified, the same enumeration tool had the ability to launch a dictionary attack against the computer system. A dictionary attack is something that many computer security folks and intruders are intimately familiar with, but that most other people will probably be shocked to learn is possible. Such an attack is aimed at uncovering the password of each user on the system by using commonly used words.

We’re all lazy about some things, but it never ceases to amaze me that when people choose their passwords, their creativity and imagination seem to disappear. Most of us want a password that gives us protection but that is at the same time easy to remember, which usually means something closely connected to us. Our initials, middle name, nickname, spouse’s name, favorite song, movie, or brew, for example. The name of the street we live on or the town we live in, the kind of car we drive, the beachfront village we like to stay at in Hawaii, or that favorite stream with the best trout fishing around. Recognize the pattern here? These are mostly personal names, place names, or dictionary words. A dictionary attack runs through common words at a very rapid pace, trying each as a password on one or more user accounts.

Ivan ran the dictionary attack in three phases. For the first, he used a simple list of some 800 of the most common passwords; the list includes secret, work, and password. Also the program permutated the dictionary words to try each word with an appended digit, or appending the number of the current month. The program tried each attempt against all of the user accounts that had been identified. No luck.

For the next attempt, Ivan went to Google’s search engine and typed, “wordlists dictionaries,” and