So what is hacking?
Let’s start off with an analogy. What if I tell you the address and room number of my hotel room and that it’s filled with gold? The entire room is filled with gold and you want to steal it.
How would you do it?
The first piece of information you would need is the name and address of the hotel where I’m staying. Next, you would need to know my room number.
Third, you’ll need a way into my room, which could be accomplished one of two ways. Either you’d have a vulnerability in the lock where you’d physically break in (by unscrewing the lock, swiping a credit card, etc.), or you would have to take advantage of a weakness in a person (such as lying to gain access into my room).
If you do those three things, you’re in my room and able to steal my gold.
It’s that simple.
Well, that’s all hacking is. If you want to hack into an organization, you first have to go in and find a target. You could either target a server or an individual within the organization.
Since targeting the server is a lot like robbing the gold, we’ll start with that scenario.
If you want to break into a company’s server (and steal their virtual gold!), you’d have to find the IP address, which is like the physical address for a building.
Not to get too technical, but we call them data decimal notations.
Right now, on the internet, most systems are still running what we call Internet Protocol IPv4. It uses four numbers, so the IP would be something like “188.8.131.52.”
If you’re curious, go to your computer’s search bar and type, “Command.” Then, a DOS Prompt will pop up. Next, type, “ping.www.[whatever
*Disclaimer: My examples are for illustrating points. I’m in no way telling you to go online and do anything illegal or unethical.*
Typically, it will respond, “Resolving to an IP address.”
Most sites, today, have Ping’s system blocked, but the point I’m trying to make is that when you type in a domain name (like secure-anchor.com), that is for the user’s convenience.
That’s like saying, “I’m staying at the Sheraton,” but if I’m going to get an Uber, I’d have to give them an actual physical address. Whenever you type in a link, it has to resolve to an IP address so you can connect to that server.
Once you find the IP address, you need to find an entry point into the system. Just like a hotel has rooms with numbers, computers have ports.
You probably don’t realize it, but
The more open ports
If we went back 10 years ago, most companies were locking down their systems with patches. A patch is applied when an operating system vendor realizes that they have a vulnerability. When a company has a fully patched system, it means that they don’t have any known vulnerabilities.
Unfortunately, most companies’
The scary part is that there are actually tools on the internet that will tell you the system’s exploit! Every major breach would have been avoided if the company just knew the system, closed the open ports, and PATCHED their server.
The most common way companies get hacked is by targeting a person. A lot of times, employees will get a
As soon as the link gets clicked, the company gets compromised. When you get these emails, there’s always
For example, it’ll say something like, “The item you just purchased is almost out of stock – reply within 2 hours or it’s gone.”
It’s usually spoofed.
Pick up the phone or go to the website, but don’t click on the link.
Another method we see is
Some hackers will even send out emails that say, “We’ve turned on your webcam and found out that you’ve been on some very bad sites. We’d hate to
All hacking really is… finding open ports and vulnerabilities in the system. I just showed you two of the ways it’s done.
It’s not that hard. And, unfortunately, the adversary knows it.
To have a security assessment done for your company, or for any other questions, feel free to reach out to me at secure-anchor.com/contact.