location
& lt& lt Who moved enterprise data? & gt& gt Xiao Zhang, Data Storage Service Department
Xiao Zhang was busy registering the customer who took out the information when the internal telephone rang.
Xiao Zhang: Hello, Data Storage Service Department.
Xiao Wang: I'm Xiao Wang from the data storage post-service department. Our front desk computer is out of order. Uh, I need your help.
Xiao Zhang: May I know your work permit?
Xiao Wang: Well, the ID is 97845.
Xiao Zhang: What can I do for you?
Xiao Wang: There is something wrong with our network. I need you to make a copy of the information of XX enterprise and put it in the customer reception desk on the second floor. Our people will accept it.
Xiao Zhang: OK, there are many things around me now. I'll send them to you right away.
As the attacker thought, he got the internal data of an enterprise and published it online. This caused serious economic losses to enterprises, and they began to report the case to the network police. But in the absence of all the clues, the telephone is an enterprise insider, the so-called Xiao Wang does not exist at all, and the data storage server is intact. As a last resort, they began to try to trace the source of IP from the enterprise data circulating on the Internet. However, the data was multiplexed and encrypted, and the case was in a desperate situation. I believe there must be three doubts in the DVD: 1. How did the attacker know the inside number? 2. Why does the attacker have an employee ID? 3. What methods did the attacker use to hide the IP? This is very simple. If you go to the hospital, you will notice the list of attending doctors on the wall, which is marked with ID, contact information and room number on the floor. The purpose of the hospital is to provide better services for patients. Similarly, data storage companies have set up such a list. However, in this case, Xiao Wang did not enter the data storage service company, but paid some fees to the garbage disposal company so that he could find something from it, and the attacker was looking for a contact list of an old employee with an internal number attached to it.
How is IP hidden? Let's look at four ways to transfer logs: 1. Direct IP, 2. ADSL dialing, 3. Agent, 4. Random routing transmission. Here's an explanation for the small dish. Direct IP means having an open IP, and the published log also shows the real IP. I don't recommend this practice. When ADSL goes online, ISP will record when this IP address goes online and through which phone number. Do you think it's safe? Is it safe for agents to surf the Internet? If the car owner or agent service provider who provides the agent compromises with the network police, the key is that the network police have the patience to negotiate with the agent service provider. Random routing transmission, every time information is requested to be transmitted, it will be transmitted through random routing, and every series of steps are encrypted. In addition, every computer on this series of transmission lines will only know the address of the nearest computer. In other words, router B only knows that router A transmits web pages through it, and this transmission request may be forwarded by router C. So, do you think the network police can find clues from it?
Next, what are we doing to understand the cyber police? Can their technology compete with social engineers? If readers are looking for some research on computer forensics technology and tools, I think you will find the most important information, that is, their focus is on intrusion detection system, data recovery, encryption and decryption, reverse engineering technology and the use of computer forensics software tools. However, they ignore the human factor. The wonder of social engineers lies in finding fatal loopholes in people and laws. At present, the attack protection against social engineers is still a blank in the network security course. When this kind of attack tends to be serious, it becomes the primary consideration of network security experts. What is even more surprising, however, is that cyber police occasionally find that the source of attacks comes from within them. Now some media deify cyber police. For example, a mobile network policeman caught an attacker in an Internet cafe on the spot, which is nothing special, except that the attacker did not hide the IP and used a public computer, so it is easier for the network policeman to determine the source of the IP. behaviour
Do you believe in polygraph? No, I refuse to believe it! There are only two kinds of people who say this, one is a psychologist and the other is a social engineer.
Here is a typical case, which is the well-known story of the police catching thieves. What we are more concerned about is, what conditions do the police and inspectors rely on to analyze who is the most like a thief? How do thieves in the crowd turn themselves into a wisp of air? It's simple. Once the people in the surveillance encounter two obvious characteristics: the thief's eyebrows and the thief's eyes, they will judge by this. Xiao Cai must have met a so-called fortune teller. They have an extraordinary ability to judge what kind of work you are engaged in and what kind of trouble you are in from your clothes, behavior and words. Yes, Xiao Cai can definitely guess what I want to say: behavior can reflect people's state.
Ok, now let's talk about the behavior of people in reality and online. From the above, we know that behavior can reflect people. What if we change our behavior? Do you think it's possible for northerners to behave like southerners, not only dressed and behaved alike, but also living southerners? Of course, the side dishes will also list some N actors such as Andy Lau and Jacky Cheung. In social engineering, "disguise" is "acting" in the eyes of stars. Everyone can perform. Once trained simply, their behavior can escape people's eyes. The side dishes must be incredible. Here is an assignment for you, which is very simple and a joke for your family. Call your mother by imitating your father's way of speaking and find out what the purpose is. Yes, it will be a little difficult, but the accent is disguised, so social engineers don't care. They just download a voice-changing software on the Internet and convert what they say through the voice-changing software. Hmm? What software or props do social engineers often use? Dishes must ask this question. It's simple. As long as social engineers have something, they will try their best to use it.
The last requirement is psychological quality. A polygraph is based on your tone of voice and your physiological state. When we take advantage of the loopholes in the polygraph program to test, there will be wrong results. Why do murderers occasionally fail the polygraph? They are extremely nervous, and every answer will definitely upset their mood. Social engineers have a strong psychological quality in this respect. If the network police can't find a trace of evidence, the initiative is still in his hands.
What are people like in the online world? Dish is definitely looking for a skilled master to study, but I can only see their extraordinary talents on the internet, but I can't find their contact information. Fortunately, I may be rejected. After reading this part, I began to play a little joke with the experts. About the word "master", we have to start with Jin Yong's martial arts masterpieces. Masters above the master level generally have their own skills, while those below the intermediate level try to compete for the championship in Wulin. Those below the junior level are all supporting roles (novices should never throw bricks at big players). For a simple example, everyone knows what a master is, and those above the intermediate level usually leave their names, otherwise it would be a waste if people on the Jianghu don't know. Masters usually tell stories after n years. & lt Hacker X File >> If it is true, it will reach intermediate level in three years, then master level in n years, and then ... Oh, that's beside the point.
Life in martial arts is related to reality, and real life is related to the internet, or they are different only because the environment is different, but the decisive factor is people. Next, we will play a game between a master and a rookie through a few simple skills. Preparation: IM(QQ, MSN, Gtalk), Firefox browser (to prevent some websites from letting go).
Step 1: Find the target. You can't just look for it. If you speak incorrectly, you will soon be blacklisted by the other party. Small dishes can start from here: for example, the author of Black X, forums, blogs, or some original websites.
Step 2: Behavior analysis. This is very simple. You can see the technical level and psychological state from the works and speeches of the object, which determines that although you can't talk about technology, you can become friends.
Step 3: Go straight to Huanglong. It's a bit difficult to be friends directly, but it's not. It's simple. If you put the author's name in a magazine on QQ to find friends, a function of finding friends by nicknames, for example, we use "Xufang" to find friends, then it is estimated that my buddies will beat me up (small question: What is Xufang? Hey, hey, just look through the back issues of magazines. The next forum is relatively simple and conforms to Jin Yong's definition of intermediate chivalrous man. Usually their works leave emails and blogs. If you click on the personal information of the forum, you will also see QQ, won't you? Then start a blog and have a look, huh? There are only a few articles and friendship links that I can't understand. That's a lie! Curse of dishes. If we are more careful, QQ contact is still hidden in the dark. Let's open the friendship link and have a look It happened that one of his buddies left his contact information, so we simply pretended to get the target number Q.
Step 4: Copy identity: This is the key. Some of them have set up authentication. First, use the QQ function to find a friend to fill in the number and view personal information. Pay attention to their personal signatures and explanations. If someone wants to find a job, Cai Xiao will change his identity into a big enterprise. If someone specializes in technology, Cai Xiao will change his identity to xx engineer ... and so on, the success rate is high, and it is estimated that there is something wrong with his personality if he is rejected. -
Well, the behavioral analysis is small, but it is complete. And my Q number can also be found by the above method. According to reports, novices can also find the Q number of the black X editor directly in the book. As for how to find ... (sagi: Don't you dare say, don't try to take it this time, haha. . . Speaking of this, anti-detection technology is also included, how to disguise the attacker's behavior. mark
In the network, the main things that can reveal your privacy are forums, blogs and IM (QQ, MSN and Gtalk). Of course, the registration information of social engineers is forged, because any sensitive information will give the network police an opportunity. As for hackers invading the server, they sometimes prefer to make a phone call to get the password rather than leave too many logs on the host computer, which makes it more difficult to obtain evidence. This fleeting attack leaves few traces, and investigation and evidence collection will remain a difficult problem in the next few years.
Counter-detection, back door problem. Since hacking into the mainframe will leave a back door, won't social engineers leave a back door for attacks? The answer is yes. Occasionally, those back doors are very simple. They will observe the development of the situation in the dark and occasionally intervene to disrupt the plan.