Copy Link
Add to Bookmark
Report

HIR Issue 8: Data Externalization in the Eyes of a Hacker

By Frogman

Winn Schwartau spoke at the Def Con 6.0 conference in Las Vegas in the Summer of 1998. He also wrote the ground breaking book Information Warfare, the second edition of which was released in 1996. In his book grew the unclassified world's view of Information Warfare and the three class breakdown of types. Class 1 is personal warfare. Class 2 is corporate. Class 3 is global. In each of these is a particular phenomenon known as data externalization. What this means is that we have reached the point where accumulated knowledge exists in a larger volume outside of our collective human minds than in. The number of books, manuals, recordings and other media add up to more data than our own brains holdings. This is a very scary, albeit necessary, consequence of our current proliferation of information systems. To the enterprising hacker this provides both a distinct advantage and disadvantage.

Of the advantages, we can look at quite a few. There are many public and semi-public databases available for searching through personal information. This information is not exactly sensitive, but can be used to steal an identity, aid guessing weak passwords, compromise communication patterns, and a host of other, formerly more difficult practices. These databases can be grep'd and a nice precise built. Family history, employment records, legal records and other types of data can also be found and compiled. Using this information in a Class 1 attack as a part of a larger Class 2 attack, a list of corporate employees can be built. This list can be expanded and branched to give address, background, and personality profiles. This gives rise to identity theft, social engineering, and strait hacking. The attacker can use the likely weak security held by a sub- contractor's employees to access the communication network to the larger corporation. This is essentially piggy-backing into the firewall from the identity of a trusted host. The advantages to social engineering are obvious, calling into a company, and asking questions that lead to known data, from what should be a blind start. The hacker can also use this data to bug an employee's home, and communications equipment. A cellular phone can easily have it's ESN copied, and with a scanner and filtering software, a tail can listen in on cellular conversations. A laptop with a cellular modem suffers the same attack. The tail may not be necessary, if the attacker can plant a mole or maybe a filter in the computers of the company servicing the phone. This would also break several security methods used in PCS.

Hopefully those advantages to the hacker are clear as to how an unimportant Class 1 attack on an executive who works for Acme Specialty Gaskets could be a role in the attack on Boeing and their latest, greatest air superiority fighter, signaling the spectre of a Class 3 attack.

The disadvantages include an added ease for being tracked, the looming prospect of beefed security, and competition. In most major computing systems there are auditing systems. Records are kept and examined. The use of an unexpected auditing system can pose an extreme threat to the anonymity of a hacker. A passive sniffer, or even an inductive sniffer can be used by the hacker for a distinct advantage, but the security office can place these type of monitors on their own lines and have an invisible eye on the communications systems. The ease in which a database can be broken into will quickly spread across the underground, and thus the security level will eventually be brought into shape.

These small insights are not the only prospects for a hack to employ on their quest. Those with malicious intent can easily bring into fruition an underground TRW type of service for sale to the highest bidding Info. Warrior.

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT