Need to respond to the below two students discussions with at least 150 words each. Below in the bold are the questions their answering.
- Describe how an attacker could use a sniffer in conjunction with a Trojan to successfully gain access to sensitive data.
Student one answers:
This week we examine how an attacker can use sniffing (or spoofing) in conjunction with a Trojan to gain access to sensitive data on a target network or individual system. As it is, a sniffer is a software tool used to observe communications on a network, and done either in an active or passive mode. A sniffer is a standalone program that is offered both commercially and free providing users with varying capabilities that allow them to intercept and analyze certain data. Sniffing, used maliciously, can give an attacker access to all sorts of information, from email and web passwords, transferred files, email contents, and other sensitive data generally transmitted in clear text (Oriyano, 2014). Telnet is an example of a clear text unencrypted data transfer mechanism that an attacker can use a sniffer to view data as it crosses a network.
A Trojan can be used in conjunction with a sniffer to compromise other machines on the network from a remote location outside of the target’s network. While sniffing is traditionally done within a given subnet from within the targets corporate network, an attacker can take advantage of a well-placed Trojan to compromise a particular system using captured username and password information to further compromise the network from a remote location (Bradley, 2016). This method is more or less a hijacking of services.
A good example of a very successful sniffing/Trojan tool is one dubbed “blabla” that was created by Stephen Watt and used to siphon off more than 200 million bank card numbers (Zetter, 2013). Weak and unsecured wireless networks were the main contributing factor that allowed this packet-sniffing tool to be so successful. Further research into this incident also identified other individuals that exploited the use of SQL injection attacks and malware to exploit servers of the organizations targeted in this sophisticated data breach incident.
Bradley, T. (2016). Introduction to Packet Sniffing. Lifewire. Retrieved from https://www.lifewire.com/introduction-to-packet-sniffing-2486803
Oriyano, S. (2014). Hacker Techniques, Tools, and Incident Handling. [VitalSource]. Retrieved from https://online.vitalsource.com/#/books/9781284047455/
Zetter, K. (2013). Caught in the System, Ex-Hacker is Stalked by His Past. Wired. Retrieved from https://www.wired.com/2013/04/stephen-watt-stalked-by-past/
This week’s lesson covered sniffers, session hijacking, and denial of service (DOS) attacks. For the forum we are to describe how an attacker could use a sniffer in conjunction with a Trojan to successfully gain access to sensitive data. In order to explain this we need to understand what a sniffer and a Trojan is, and how to they both work.
A sniffer is an application that monitors traffic on a network, as it moves across the network. A sniffer allow an attacker access to all kinds of information, such as “e-mail passwords, Web passwords, File Transfer Protocol (FTP) credentials, e-mail contents, and transferred files.” (Oriyano, 2014) A Trojan is a malicious code that is designed to look like a legitimate file, but can take control of a computer once it is downloaded, installed, and executed on the computer. “You might think you’ve received an email from someone you know and click on what looks like a legitimate attachment. But you’ve been fooled.” (Symantec, 2019) There are multiple types of Trojan virus, but they are all designed to infect a computer to “damage, disrupt, steal, or in general inflict some other harmful action on your data or network.” (Symantec, 2019)
Now we can see how these two work or what they do, I can explain how a sniffer in conjunction can successfully gain access to sensitive data. There are two types of sniffers; active and passive. A passive sniffer basically collects information while sitting on a hub of a network where a collision on the network happen. An active sniffer is used when the network is more advanced and have a switch or something similar to break up the collision on the domain. With either type of sniffer, you can know start monitoring and stealing data to find information that will allow you to attempt to gain access or control of a computer. This is where the Trojan comes into play. You are going to need to collect information in order to trick the user to download, install, and execute the Trojan virus. Once you determined the information you need to trick the user, such as exploiting email content, you can send an email with the Trojan file that looks like it is from someone you know in hopes they will download and install the file. Once they attempt to execute that file, you now have full control their system.
I am sure there are other ways to use these two in conjunction, but from my understanding this way makes the most sense. I look forward to hearing you opinions, and thoughts on other ways to use these two in conjunction.
Oriyano, S., & Solomon, M. (2014). Hacker techniques, tools, and incident handling. Burlington, MA: Jones & Bartlett Learning.
What is a Trojan? Is it a virus or is it malware? (n.d.). Retrieved March 27, 2019, from https://us.norton.com/internetsecurity-malware-what-is-a-trojan.html