Information gathering is considered first and most important part before launching any types of attacks, hacking or penetration testing.
Information gathering is known by several names – Reconnaissance, Intelligence assessment, surveillance etc. The better an attacker/analyst is in information gathering with regards to the target the better he/she can exploit it.
In cyber world there are multiple techniques for information gathering :
- Footprinting – profiling internet or intranet network
- Enumeration – Looking for weakness in known services.
- Scanning – Determine targets are alive or not – active or passive scan
- Social Engineering – The best active and passive technique – will be writing about this and my experience in relation to this in coming posts.
- Dumpster diving – going through the garbage and collecting information
Back in 80’s we did not have tools such as nmap, maltego, distros with inbuilt tools to make our life easier and also no complex network deployment and sense of security that we have now a days.
However, good side of this was, information gathering was still being done. Mostly it was via passive information gathering. Sitting hours and hours using binoculars to spot the target and understand their movement – in military and they still uses it. Understanding the patterns and using your brains to identify weakness or what we now call vulnerabilities. Unfortunately, these days at-least in cyber world, we just run tools and wait for them to show results while you are playing games on your console.
in old days, analysts or attackers used websites and manually catalogue them like a telephone directory. Communications were mostly carried out on telephone network. Using PING and TRACEROUTE to understand network and manually creating network graph. It was challenging but worth it. Some attackers may do dumpster diving.
In past decade, sophistication of these tools for information gathering have definitely increased. Recently nmap announced a new version of itself. I always wonder that new tools does assist in sophisticated information gathering and attacks however, does a person need to be intelligent. Where is out of the box and intelligent thinking going these days ? Why an organisation’s offensive team is failing against those sophisticated tools ? Are the hackers now a days smarter ? or Sense/awareness of security in organisations is just on papers ?
A defender or an organisation should invest smartly in resources to make sure information gathering sweats the attackers. You know when your security controls are just an illusion when your corporate data is an easy search on google. This is likely the reason why hackers are always one step ahead due to organisation’s ignorance towards security but concentrating on selling/marketing their product. This is one of the reason organisations don’t invest on offensive/security team to make sure they are not only secured internally but also from external threats.
I have journeyed from offensive side to defensive and able to understand how an offender or hacker thinks or looks for the ways to get into a system. Beside following standards and deploying expensive hardwares, we must invest in brains that can actually carve the data into meaningful intelligent information and recommend/configure security controls to actually stop the attackers.
As information gathering is the first step in attacks on a target, we must make sure to harden our security controls and understand what information is publicly available and what risks it can pose when used by an attacker.