Question

write a 3 to 4 page paper explaining the steps you would take in Phase III, Remote Targeting hacking.

Answer 1

REMOTE PRESENCE RECONNAISSANCE

Identifying remote workers is a relatively straightforward task, but we don’t just want to simply identify which workers work from home. Instead, we want to find as much information as we can related to any target employees, especially those that work remotely for our target organization. This includes identifying home addresses, travel habits, and even popular areas that target employees might frequent, such as coffee shops or restaurants.

If you haven’t already identified the target organization’s policy on remote workers, you can do that now. If you can’t find anything from public resources, you can always just call the organization in response to a job posting and ask if they allow employees a flexible work-from-home program and, if so, what the specifics are.

Identifying home addresses is actually quite easy. With online services like Spokeo and Intelius, it’s as simple as searching for the person’s name. Many times, you can even get address information free from these services. Not only will you get their current address, but often, you’ll get their entire history of addresses!

Identifying where employees congregate might be a little trickier, but in the end, it isn’t terribly difficult. Depending on the area where an office is located, it can be straightforward to determine the popular eating spots. Most employees won’t travel very far for their lunch breaks. By taking a few afternoons to visit a few local lunch spots, you can quickly identify where target employees choose to congregate. If you are unable to identify these hot zones ahead of time, you can always follow a few employees for a short period.

SOCIAL SPEAR PHISHING

Before we get out of our chairs to start targeting wireless technologies and remote workers, we want to put our stalker hats on and extend the social engineering phase a little. If we were unable to spear phish an employee or weren’t able to identify someone in particular to spear phish, then we will shift our attention to an employee’s family members.

Keep in mind the end goal is not to compromise a family member’s computer so that we can read their secret family recipes. We only want to compromise a family member’s system if it can give us credentials or meaningful access to a target employee’s data. This is also one of our “low and slow” or “hurry up and wait” attacks. If we compromise a family member’s computer, it may not immediately give us anything of value, but if we wait for a few months, we might get lucky when the employee logs into their e-mail or remote access system using the compromised system.

Not too long ago, families had a “family computer” that everyone in the house would share. However, it’s increasingly common for family members to have their own computer, whether that’s a full-blown computer system or a separate smart phone or tablet, such as an iPad. This means that this step won’t have the payout it used to, but it still has its advantages. If we compromise a system at the target employee’s house, we can use this system to pivot and directly attack the employee’s computer. Some of the attacks we can use are identical to the attacks we’ll cover in the next section on wireless phases. There might also be valuable information we can use for our physical infiltration phase—more on this in Chapter 9.

You’ll find that spear phishing family members can be far easier. Not only do you not have to worry about the same security software being in place, but these people tend to be much more lax about what they’ll view on the Internet and how they deal with people on the Internet, both known and unknown.

WIRELESS PHASES

To most effectively target wireless systems and vulnerabilities, we will perform this phase of attack in the following order:

1. Wireless reconnaissance

2. Attack wireless access points

3. Attack wireless clients