Recon as a Hacker’s Tool

There’s an expression I always remember from my military days, and it goes like this, “Whoever wins the recon war, wins the war”. This is very true, and nowhere is it truer than in the Wild West world of hacking. But keep in mind that styles vary. Often times this is driven by knowledge and experience.

For example, some hackers will take a long time doing recon on their intended target. They’ll want to know every port, every possible method of a hacker attack, and most importantly, what they want once they get in. Usually they take their time, plan out how to attack, how to cover their tracks and so forth. These hackers are the Picassos of the hacking world and they think of everything, including getting caught. Since that’s something they wish to avoid, they do their level best to make sure it doesn’t happen. As a result, often they aren’t caught at all, and if they are, it takes months if not years.

Contrast that to the so-called “Kiddie Scripters” who are a bit like a bull in a China shop. Rarely is there a plan to what they want to do, they just go for it. I like to think of them as the spray paint vandals of the hacking world. Because of their lack of experience and planning, they often are caught. You probably already know this, but the hacker community is just that. And like any community, the personality types are all over the board. You have teachers and you have students. You have organizers and you have hermits. Some trade information freely, others hoard it. Some like working with others, while others are lone wolfs. Some of their goals make perfect sense. Others sound more than a little crazy.

What they all know is this:

  1. Most IT systems aren’t managed properly. Reality is that often administrators are stretched too thin and budgets only go so far. Systems aren’t patched correctly and shortcuts are taken to get things working. Add this to lack of user education, not to mention the plain stupid things humans do and you’re all but putting the welcome mat out.
  2. There’s a lot to keep up with and no way to know everything. There are new vulnerabilities and methods of exploiting them coming up every day and it’s difficult to stay current. Since we’re also spread thin, our time management is a big deal, and it becomes easy to miss things like security alerts and so forth. What you don’t know can hurt you. In a perfect world we’d have someone on staff whose only mission in life is to stay abreast of new developments and thus avoid security breaches.
  3. Systems get more and more complex every year. Not only do you have to sit down and learn them, they also have their own set of issues, not all of which will become obvious right away. Of course that also cuts into our time management and may rob our budgets even further. In truth, there’s the potential here of just adding more ways in for an attacker. Also the simple fact that we’re more mobile than ever, and that business happens literally anywhere, just makes it all harder to control.

Another thing most administrators don’t realize is that time is on the attacker’s side. And if we can choose the time to take the initiative, then we end up controlling the time line.

  • Some of the things that can happen are that our attacker may take their time about checking out the target. Where a sudden glut of port scans might get attention, one or two happening
    every once in while may not. An attacker might also take their time on the attack, moving certain pieces about in a slow methodical manner so it doesn’t draw attention.
  • Attacks often times happen after hours. Why? Well everyone who might catch it is home in bed. Here’s one place where automated alert systems are worth their price. Of course, a decent hacker might see them in their recon and figure out a way to take them down or better yet, subvert them as part of their attack.

Final word here. Hacking is a Darwinian process. What does that mean? It means the really good ones are learning constantly. They learn from their mistakes, and what worked to deter them once, might not work at all the second or third time around. Allow yourself to learn from your security practices.


Richard is a freelance IT consultant, a blogger, and a teacher for Saisoft where he teaches VMware Administration, Citrix XenApp, Disaster Planning and Recovery for IT, and Comptia Server+