Originally published by Robert Beisert at fortcollinsprogram.robert-beisert.com

Two Basic Security Attacks

We’ve talked a lot about techniques for preventing common attacks on our data, but fairly little about the attacks themselves. If t weren’t for attacks, of course we wouldn’t even need encryption.

Passive Attacks

The first kind of attack leaves absolutely no trace, because the attacker isn’t actually touching a target computer. In the passive attack, the malicious agent sits and monitors traffic, gathering data and playing with it. This is a very common attack against cloud data and/or web traffic, because it’s easier to intercept data before it’s stored on a machine than once it’s already protected. Think of it like eavesdropping – anyone around you could be listening and trying to figure out what you mean.

One common passive attack involves sitting on an unprotected (or weakly protected) WiFi network. On WiFi, all your data is flowing through the airwaves, and an unprotected WiFi sends that data around without any encryption whatsoever (the same is basically true for weak encryptions). A properly calibrated device can store any and all web traffic from any and all devices in the area and browse it later.

Another classic passive attack involves “scanning” a computer for all the free information it will give you. Most of the protocols we use on the internet start with plantext (unencrypted) exchanges that tell you what kind of connections a computer is willing to make. Because so many computers are always making these requests, most computers keep no records of who’s asking what, and those that do keep records have so many records that it can be hard to tell who’s legit and who’s sniffing around.

What kind of things can you learn from passive attacks? First, you can gather any data sent in the clear (without encryption), which can contain a lot of seemingly innocent information that some clever programmers can use. Second, there are common messages that you can train a computer to recognize. If you know what a message should contain, you can try to crack the encrytion at home without detection (because everything’s on your local computer), which can be used to decrypt encrypted messages.

Always be careful to use trusted WiFi connections with strong encryption. You never know who’s watching.

Active Attacks

The attacks we hear about are mostly active attacks which target someone else’s computer or data-in-transit. This is where “hacking” comes into play.

There are hundreds of different kinds of active attacks which target the Confidentiality, Integrity, Availability, or Authenticity of messages or systems. Basic patterns include:

  • Make a system unavailable, usually by flooding the network with so many connections that no one else can connect
  • Mess with messages somewhere between Alice and Bob, violating the integrity of any requests to gain some kind of special access
  • Mess with messages while making it look like they’ve never been touched, violating both integrity and authenticity (fairly hard)
  • Mess with initial key exchange between Alice and Bob so that you can read all their messages without either one knowing (usually very difficult or impossible)
  • Gain access to a computer by exploiting weaknesses hiding in the millions of lines of code they’re using. This requires the attacker to either mess with messages in transit (hijacking) or studying code to find weaknesses in common libraries and then passively probing for evidence that a computer uses the weak code (usually preventable by always installing security updates immediately)

With the exception of availability attacks, most of these are fairly easy to mitigate (not prevent – anyone sufficiently dedicated can eventually find a way in, but it’s rarely worth it). If you use strong encryption protocols like SSL/TLS (which we use to protect business transactions – look for the little lock icon in your browser), keep your computer updated, and stay away from programs which we know are unsafe (Flash Player, for example), you’re about as safe as you can get.

The Big Difference

Active attacks run the risk of leaving “fingerprints.” It’s relatively hard to tell when someone’s casing a home or a business, but once they break in it’s much easier to identify them. You can’t get DNA evidence that’s just not there, after all.

Every active attack is preceded by passive attacks. The harder it is to gather intel on your network/data/computer, the harder it is to break in.

Of course, as with everything involving security, the safest thing you can do is keep anything sensitive away from the network. Remember the iCloud attack – if you don’t put your nudes on the cloud, no one can ever get your nudes off the cloud.

photo by: