Everand Logo

Welcome to Everand!

  • Discover millions of ebooks, audiobooks, and so much more with a free trial

    Only $11.99/month after trial. Cancel anytime.

    Anatomy of a cyberattack
    Anatomy of a cyberattack
    Anatomy of a cyberattack
    Ebook187 pages1 hour

    Anatomy of a cyberattack

    By Mikko Niemelä

    ()

    Read preview

    About this ebook

    They have the power to destroy lives, shut down businesses, and affect every one of us all around the world. They always come unannounced and you hear about them every day. Cyberattacks. The plague of today's technology-reliant world.

    Many consider cyberattacks pure computer magic; something too complicated to comprehend. But let me assure you, it's definitely not magic. Cyberattacks do, however, require a certain level of intelligence and computer knowledge. That's why the only way to successfully defend yourself against a cyberattack, is to learn and understand its anatomy. In this book, I explain how a cyberattack looks like from a hacker's perspective so that in case he picks you as his next victim, you're not going to be vulnerable and defenceless.
    LanguageEnglish
    PublisherBookBaby
    Release dateMar 16, 2016
    ISBN9781483562100
    Anatomy of a cyberattack

    Related to Anatomy of a cyberattack

    Related ebooks

    Security For You

    View More
    View More

    Related podcast episodes

    Related articles

    Related categories

    Reviews for Anatomy of a cyberattack

    0 ratings

    0 ratings0 reviews

    What did you think?

    Tap to rate

    Review must be at least 10 words

      Book preview

      Anatomy of a cyberattack - Mikko Niemelä

      ACKNOWLEDGEMENTS

      Wharton Mortars pesäpallo tournament participants for the spirit of the game

      arnas, ukk1, debugmaster4000, bufferlobill, dr pet, doppio, massimo, börek, remington, maximus, jim, jee-man, jennifer, ruke, millie, harry, lahtinen and the machine gun, mercedes, tykki, passo, aivo and king for hacking (hucking)

      Maja Nowak for editing

      Print ISBN: 978-1-48356-209-4

      eBook ISBN: 978-1-48356-210-0

      © 2016 Mikko S. Niemelä. All rights reserved. This book or any portion thereof may not be reproduced or used in any manner whatsoever without the express written permission of the publisher except for the use of brief quotations in a book review.

      CONTENTS

      ACKNOWLEDGEMENTS

      PROLOGUE

      ANATOMY OF A CYBERATTACK

      48 hours

      Targeting the supply chain database

      Top 5 clients

      Top 5 suppliers

      Key Persons

      The first fortress

      Admin rights

      Breaking insider’s trust

      The second objective: access to key person’s e-mail

      Elaine, you’ve got new invites waiting for you

      PHASE 1: RECONNAISSANCE

      Boring is dangerous

      Follow the tracks

      A hacker begins to draw a map…

      Watch out for those job advertisements

      Intranet – world’s most common name for intranet

      Wherever you go, I’ll be watching you – telecommuting

      Way to a man’s heart is through his WiFi

      Backing up your mistakes

      Source code tells tales

      Do not give away access rights in the code

      History repeats itself

      Hack naked

      PHASE 2: SCANNING

      Knocking on your ports

      B-grade student

      The sea of WiFi

      Tracerouting to crown jewels

      Waking up the computers in the internal network: man wins over machine

      The oldest computer controlling the most critical systems: SCADA

      Don’t trust that Windows XP

      A hacker stops a wind farm with a single e-mail

      Webspy: reveals the secret surfing of the executives

      Magic of the probability guesser

      Legal status of scanning

      Water-resistant cybersecurity

      PHASE 3: EXPLOITING

      3+1 equals access to your computer

      Social engineering

      Knowledge from the reconnaissance phase

      Spam messages

      Phishing

      Watch out for LinkedIn and Twitter

      It’s all about getting your trust

      Beware of fake apps

      Fax is old school, and hackers trust old school

      One e-mail gains access to company’s treasure

      I know your password, now all I need is your username

      How do hackers learn about our username and password habits?

      Getting the password

      Breaking the password

      Salted password hashing

      How to get yourself a good password?

      Denial of Service at the post office

      DDOS the money-maker

      Always cut the middle man out

      Feigned elections

      PHASE 4: MAINTAINING ACCESS

      Knock knock – it’s me

      Watching through fake binoculars

      PHASE 5: COVERING TRACKS

      The dark alleys of the Internet

      Dark marketplaces

      We all have our history

      Anti-Antivirus

      Covert channels – when normal Internet tools become dangerous

      EPILOGUE

      APPENDIXES

      Threats and vulnerabilities

      Hackers

      Why do vulnerabilities matter?

      What makes a good hacker?

      Each hack has a beginning

      Would you make a good hacker? The light bulb test

      100 ways to switch off the light

      How to hire an external hacker?

      ABOUT THE AUTHOR

      GLOSSARY

      INDEX

      PROLOGUE

      This book is a compilation of short stories based on my own experience as a hacker, cybersecurity startup entrepreneur, and international cybersecurity businessman.

      All stories in this book are about cyberattacks. A cyberattack is a systematic process that eventually leads to a security breach. Each cyberattack consist of five phases: reconnaissance, scanning, exploiting, maintaining access, and covering tracks. Stories here are arranged in a way that explains in detail what these terms mean and how they work.

      In spite of popular opinion, hacking is nothing out of the ordinary. In fact, it’s a day-to-day thing, and can even be someone’s job. Having said that, however, I must admit there are some addicting elements surrounding the art of hacking; elements which give enormous adrenaline rushes, making hacking so mystical and interesting.

      The book is based on roughly 400 penetration tests (controlled cyberattacks against companies and systems). Techniques presented in this book are, of course, illegal when conducted without a permission of a particular company officials, but legal once the permission is granted. As you can see, in this aspect, hacking is all about context.

      As I wrote this book, I wanted to help those of you who are interested in the subject, but are not professionals, better understand the whole concept of cyberattacks and hacking. The stories may scare you, piss you off, or even outrage you. And that is good, because for me it is imperative they stir reactions and emotions. I want these stories to make you think about cyberattacks and cybersecurity the way you have never thought before.

      The names of the characters and companies in these stories were changed and some of the cases are a compilation of several events.

      The first story covers a series of events that landed a company called Limax in a lot of trouble – all because of a cyberattack.

      ANATOMY OF A CYBERATTACK

      Shocking news are popping up on mobile screens all around the world. The reports say Limax, a detergent and chemicals conglomerate, has been releasing toxic production chemicals directly into waterways for years. The chemicals, which include mononitrochlorobenzene, are known carcinogens in both humans and animals.

      Limax’s switchboard is overloaded with reporters’ calls and speculation on social media ramps up by the hour. As of yet, the news hasn’t reached the television – reporters are waiting to confirm the scandal. However, it’s only a matter of time before it becomes the top headline across all media.

      At that point Limax was still managing, but the rumour soon began to take toll inside Limax’s headquarters. Dismay and consternation were spreading among the employees like an epidemic.

      Yet the employees knew dumping waste water into the environment made no sense. Also, nowhere in the company’s corporate responsibility report was there any mention of the speculated chemicals. In fact, the company had never used any illegal substances and the delivery chain of all production chemicals had always been managed with utmost care. The employees were confused.

      After a brief investigation, the communications department discovered the reporters’ source, and it was disquieting. The e-mail about the toxic release had been sent to the media from a Limax address. The message itself was signed and sent by the communications director. At Limax’s management team emergency meeting, however, the director stared at the copy of the message and firmly denied his involvement.

      About that time the management team realized the company’s data had been breached. It was clearly a smear campaign. The libellous claim was not only unconvincing, but completely false. The communications director said he had personally checked with the production managers whether the substances in question had ever been used in production. All production managers denied. Nevertheless, the management team still wanted to analyse the delivery chain and environmental reports, which included information on all of the ingredients in Limax’s products. Until the documents were thoroughly analysed, the team decided that the CEO would only make cautious comments to the press.

      The company issued a brief press release stating the leaked information was pure slander. Limax said the e-mail sent to the media was fake, and that there might have been a third party involved. The company also announced the launch of an investigation to identify individuals responsible for the e-mail. Limax didn’t exclude legal action against the perpetrators. At the end of the release, the company promised to provide more information as soon as possible.

      But that didn’t satisfy the media. The possible scandal was a hot topic, and Limax’s CEO was invited to speak on an evening talk show to explain if such a major toxic release would be unprecedented in South Africa. The CEO laughed the implication off in front of the cameras, and again stated the whole fuss was a hoax. He added that Limax always verified the source of all of its raw materials. To prove the company wasn’t hiding anything, the CEO promised to make all documents regarding raw materials public by Thursday. Other members of the management team congratulated him on a job well done.

      With the public appearance, Limax bought itself additional 48 hours. But the scandal showed no signs of subsiding. In fact, it was quite the contrary. On social media various activists claimed the company was lying and violating both environmental laws and human rights. The issue became increasingly uncomfortable for Limax. The company was scheduling internal crisis meetings one after another.

      48 hours

      At the company’s headquarters, Limax’s CEO and two other management team members sat down to discuss the pressing matters. Everyone else had left for the day hours ago, but the executives had decided to get to the bottom of the case, and perform a thorough investigation on raw materials used in the production of their hit product.

      Limax had a recipe database that listed all raw materials, but the recipe as a whole was kept secret; each production department only knew its respective part of the recipe.

      To view the recipe in

      Enjoying the preview?
      Page 1 of 1