Editor’s Note: This excerpt is a reprint from Leonard Chin’s whitepaper “5 Phases Every Hacker Must Follow”. It has been republished with permission. This is the fourth installment of the series on hacking. You can also find part 3 of the series here.
Hackers can gain access to a system for many reasons.
First, depending on the target, hacker may have needed a lot of effort, time, or resources to gain access to the computer. Hackers consider losing access to the computer or other system they were trying to hack into as a waste.
Sometimes hackers are not able to achieve all their goals in one go. Sometimes hackers need to make multiple attempts to change or steal the information they need. Hackers might also make it their business to hack into systems and sell that access to hackers for money. This business model wouldn’t be sustainable if their customers couldn’t access the system later.
Hackers must be capable of accessing victim’s computers or systems despite numerous reboots and virus scans. Hackers call this “persistence”. But hackers want to keep their persistence.
If hackers are not detected, they will not be caught. The user or IT staff will not detect the hacker. They will quickly address the intrusion. Malware that is sent as an email attachment will run in the background, or in a small browser in the background behind the main window. To avoid detection by scanners looking for known signatures, malware is often encrypted.
It is important for attackers to not reveal their identities. To reduce the number of packets, they often slow down network scans for other targets. This can cause scanning networks for other targets to take longer (hours in some cases), but IT staff and network intrusion tools can help avoid this.
When hackers find a target, they often use slow methods to extract data from servers and computers. They don’t want the machine to be slow or cause any problems. They want the data to be mixed in with the legitimate data to avoid detection.
They also make sure that the connection between the target’s collection machines and the target is established from within, so it looks legitimate traffic. Sometimes hackers hide their data in innocent-looking Domain Name Server Requests (DNS) and web service requests in extreme stealth situations. This is preferable to FTP, which is an obvious file transfer protocol.
Hackers might also use steganography in order to hide data in other files. One common technique is to hide data in unutilized bits of a photo or soundfile. This allows hackers to transfer data “in plain sight” from an organization.
Hackers can hack servers and computers to try to gain higher-level permissions. This is called privilege escalation and serves two purposes.
First, the hacker may create a new account to be the server administrator. This account will be assigned a unique ID number as well as a password. This allows hackers to log in to the server administrator, and not try to inject malware each time.
This allows the hacker to install and run additional software. This is useful for scanning other machines, and then hacking into them.
Privilege escalation is also possible at the network level. Hackers can gain remote access to any machine in the network by hacking into Windows Active Directory servers, granting administrator privileges, and getting access to all other machines. Hackers can also gain administrative access to routers and switches to make changes and access remote sections of the organization.
Hackers could install