BASIC HACKING ATTACKS
In this article, Dan Webers will address some of the most basic types of attacks you can expect from hackers.
A DOS/DDOS Attack is one of the most traditional and basic attacks a hacker can perform.
Denial of Service/Distributed Denial of Service attack are attacks performed to deny service to Machine, Website, or Address.
When it comes to Black Hat Hackers, they can use this type of attack to take down individual websites, or attack large companies and corporations.
They can be increasingly annoying for the White Hat Hackers working to restore access and service to customers and users.
This is due to the inability (In some cases) of traffic being denied in both directions of the network.
A Distributed Denial of Services attack, is one where there is more than one machine attacking one target, this gets into details about Botnets, but I will cover those in a different article.
Man-In-The-Middle attacks are when a hacker intercepts and modifies communications between two endpoints.
For example, I frequent a local mall in my area, and while connected to the public Wifi, I can see and capture packets of people checking their lottery tickets using their cellular devices.
I can see the request going out, and the reply coming back.
Using a simple tool, I am able to intercept those packets, and change the answer they see on their devices from “Not a winner” to “Winner”.
This technique can be especially dangerous when it comes to Black Hat Hackers wanting to infiltrate a target.
Lets go phishing! Probably something you’ve never heard someone say out loud to you, unless you are using a rod and some bait.
Phishing is when someone goes looking for user provided information.
It can be used in the form of a E-mail, text message, phone call (Vishing), and even snail mail using the postal service.
It can be a targeted campaign, or a general attempt to gain personal information from the victim(s).
Common campaigns include trying to get credit card numbers, personal identifying information (PII), as well as digital identities and information such as account names, locations,.
The best way to mitigate a threat like this is to educate employees of companies, and education of the public.
Passwords attacks are a fairly common practice.
If you’ve ever tried guessing the password to your friend’s phone, or trying to guess a password to an old e-mail you haven’t used for a few months, then you have attempted this attack.
However, there are different variations of this attack. The most sure way to find a password that works every time is a Brute Force Password Attack.
This is where the hacker will try every different possible combination of input until the password in discovered.
If you have a password like “hellothere”, then it will take a short amount of time to crack the password.
If you have a password like “H3ll0&h3re”, it will take much longer to crack.
As it stands today, with the technology available today, to the best of my knowledge, it will take about 5 days of constant Brute Forcing to crack a password that includes: lower case alpha, UPPER CASE ALPHA, numbers, and
special characters, that is 12 characters in length.
So, the more complex you can make your passwords, the safer you will be. Also, the longer the password the better, and the more time it will take for the hacker to crack your password.
Another way is a Dictionary Attack. This is where the hacker has a list of words that are commonly found in the dictionary (some lists may also contain slang, names, abbreviations, etc.).
The attacker would test the unknown password against the dictionary list they have to see if your password is included in their word list.
This can be a faster way to crack a password if the attacker knows more details or intimate details about the target/victim.
There are other ways to crack passwords, but I will cover that in more detail in a future article.
Thank you for your time (Dan Webers)