The Reconnaissance Phase

Any intelligent/experienced hacker is going to first attempt to find out information about a target before actually attempting an attack. Just as a bank robber would want to know about a bank’s alarm systems, number of guards, police response time, etc., a black hat hacker will want to know about your systems security. What may surprise you is how much information can be found easily on the Internet, without even attaching to the target system.

Passive Scanning Techniques

One of the easiest things one can do is check the target organization’s websites. It is common for businesses to put information up that can be very useful to an attacker. For example, let’s assume company XYZ lists John Doe as their IT manager. An enterprising hacker scans bulletin boards and discussion groups for references to John Doe at XYZ. That attacker might find information useful in spear phishing attacks (phishing targeted at a specific individual or group of individuals), or the attacker might find information useful in social engineering. For example, a number of former employees complain that John Doe is demanding and quick to fire people. Then, an enterprising hacker could call someone at XYZ claiming to be working for John D....