The Ashkelon Group - Computer Forensics, Data Recovery, Internet Investigations, Counter Surveillance, Network Security
The Ashkelon Group - High Technology Investigations
 
  Home  
    Return to Main Page  
  Services  
    Legal Support Services  
    Forensic Data Recovery  
    Email Tracing  
    Counter Surveillance  
    Network Intrusion  
  Client Quick-Links  
    Attorneys/Law Firms  
    Home/Small Business  
    Corporations  
    Law Enforcement  
  Contact  
    Info Request Form  

 


38.103.63.17

The various ways and means of an intruder attacking your system are endless. The attacker could be a White Hat hacker who is merely curious about system security and spends their time finding new exploits in computer Operating Systems, however a Black Hat, or malicious hacker may have an agenda all of their own.

The agenda of the hacker is the most important key in this type of investigation. Prevention and apprehension is the other. Ashkelon Investigators will audit your home or business network for known and unknown vulnerabilities and provide a comprehensive report in effort to rectify the miss-configuration.

Even the avid computer user may find their system appears to be functioning properly, however more often than not, vulnerabilities prevail - giving attackers free reign over your networks without the victim even knowing. Ashkelon investigators posses the knowledge and expertise in identifying these exploits and implement proper IT protocols to prevent future vulnerabilities. If in-fact and intrusion has occurred, our staff will respond immediately to preserve evidence of the attack and begin an investigation in effort to identify, locate, and apprehend the suspect.

Methods of Network Intrusion

Trojans and Viruses: Sent via eMail or on-site, override exploit detection systems.

Packet Sniffing: Data passing on Ethernet or Wireless networks can usually be intercepted. This is done by making use of a protocol analyzer, which sets the network card to promiscuous mode - meaning that it is able to pass all data on the network to the operating system without filtering. Passwords are typically "sniffed" off clear text protocols. Such protocols include Pop3, FTP and Telnet. In these cases, passwords flow through the network without making use of any encryption.

Replay Attack: In some cases, intruders do not need to decrypt the password. They can use the encrypted form instead in order to login to systems. Tools are also available to make this kind of attack easier. This kind of attack is very popular against web applications.

Password File stealing: System passwords are usually stored in files or in the Windows registry. On Windows NT 2000 and XP, the passwords are stored in encrypted form on the SAM file. On UNIX systems the password is usually stored in the /etc/passwd or /etc/shadow. Once an attacker gets his hand on the password file he can launch a dictionary or brute force attack against the encrypted passwords.

Observation: A very well known and traditional password stealing attack is dubbed "shoulder surfing" - which is basically when an intruder watches someone type in a password. Observation can also be done by going through a victim's personal objects. Typically passwords are written on small pieces of paper - and can also be written on sticky notes attached to the monitor itself!

Social Engineering: Many successful hackers and attackers make use of human weaknesses - one such well-known hacker is Kevin Mitnick. A common technique is to simply call the user and say, "Hi, this is Bob from the MIS Department. We have problems within the network and they appear to be coming from your machine. Can you give me your password?" Many users will happily supply this sensitive information without thinking twice.

Default Passwords: Sometimes it is not even required to guess the passwords, since the system would have default passwords put in by the system vendor. A lot of network devices such as switches and hardware routers will have default passwords allowing an attacker to easily gain access.

Port Scanning: Port Scanning is the most common choice of attackers to find random vulnerabilities in Network Operating Systems. The attacker uses automated software that enables a remote system scan of the target network. These scans provide the attacker with known vulnerabilities and their associated means exploitation.

SpyWare: Several Spyware applications can be purchased for as low as $29.00. These applications, once loaded on the target machine, all key strokes, applications, emails, and Internet Chats are recorded and remain on the machine until the attacker has time along with it to retrieve the data – OR these data files containing the captured information can be eMailed by stealth to a predetermined eMail.

If you feel we can be of assistance, call us today for a FREE consultation

The Ashkelon Group
8033 W. Sunset Boulevard
Los Angeles, California 90046
Fax: 561 892 0698
California Lic. # PI21559
Hawaii Lic. # PD62
 
Return to Home Page Contact The Ashkelon Group