By targeting, I'm referring to the process by which a hacker will decide which of all possible computer installations to attempt to breach. This may seem like a trivial topic for many reasons, but in fact it is a topic well worth discussing.
Let's suppose you are a rookie at this game. You have gotten - through research of some kind, or just plain luck - a piece of information you feel will be helpful in entering a specific system. For ex-ample, suppose you've discovered through the computer crime grapevine the phone number of a large governmental espionage database. Naturally, it seems reasonable to call the number and see if it actually is what you've heard it to be. On the other hand, it might be better to first research your target to see if it's worth the time and the risk, and the phone bill. Look up the number in a criss-cross telephone directory for that region. Criss-cross directories., which are available at many libraries, are books (usually non-licensed by the phone com-pany) which list the names and addresses that go with phone numbers. Unlike regular phone books, criss-cross directories are sorted by number rather than name. If you can't get this sort of directory, call the operator and ask who the number belongs to. Naturally it is preferable to use a directory on your own, eliminating extraneous interaction with phone company employees ("witnesses"). If the phone number is publicly available, it probably isn't a computer line after all, let alone a secret one.
It may seem crazy to you to go out of your way to look up a number before dialing it, but remem-ber, it is important to get as much information as you can about a system before you make the first call. If it really is a top-secret database, it's reason-able to assume that your call will be traced, or at the very least, will arouse
suspicion. As a novice one tends to get excited with one's first big break -and tends to do stupid, dangerous things. You may not yet have the expertise to alter phone company data, or call from a pay phone, or in some other way make it seem like you are not the person placing the call. The rookie who calls a number of this kind after doing a bit of research might be taking a stupid risk, but that's a few steps higher on the professional hacker's scale than the one who calls without any preparation at all. That's just be-ing stupid, period.
So, as far as targeting is concerned, you may not want to follow up that first big lead right away. It may be preferable to wait awhile, until you have the expertise to do it properly. If you know some-thing about a system no one else knows, it's very likely going to remain a secret unless you spill the beans. If you try to act on your inside knowledge and fail, you are ruining your chances of getting in later, as the system managers might see their mis-takes and correct them.
My word of caution is this: Don't get in over your head. Get familiar with floating on your back before trying to scuba dive for sunken treasure or else you may end up being the one who's sunk.
Targeting also involves other research. What if you do have some exciting secret that will let you get in somewhere? Perhaps you should think about the best way of reaching that system in the first place. For instance, if the system you're stalking is on the Internet, you would have to determine a way to access the Internet disguised as someone else before you could proceed to your main goal. If you are enrolled at a college, or live near one and have access to your own Internet computer account, it is a trifling matter to log mi as yourself and, from there, attempt to connect to other systems. It's not only trifling - it's dumb!
Regardless of whether you have mischief in mind, it's irresponsible and lazy to do hacking logged in as yourself. Before you can move out of the few directories allowed by your minimal access level, you will have to figure out a way to disassociate yourself with what you do. That is - and I can't repeat it enough - you
will have to find a way to connect as somebody else, and through that connection go on to bigger things.
Breaking into major league computer systems is very often a matter of, first, personal hacking, and second, institutional hacking. That is, first you hack a person (figure out a way of masquerading as that person), and then you hack the institution (figure out a way of disguising that person as a legitimate user of the protected system).
Time, money and effort can be spent needlessly on attempts to access systems that ultimately turn out to be dead ends. Maybe your target is a school's computer, because you want to change your grade from an F to A. You may think your target individ-ual would be the dean or some other school head, but as it turns out, in
many instances you would be wrong. School heads often have little or no access to the computers which hold grades, unless they themselves teach classes. In this case you would want to target a professor or more likely, a teaching assistant (T.A.). They're the ones who have to do the actual inputting of grades.
Consequently you would want to research the professor or T.A. to get a handle on what their passwords might be.
Then there's the matter of the computer. Which computer should you target for your hack? Teach-ers, especially in math and computer science courses, will usually tell you their computer ad-dress so you can send them e-mail. But that isn't necessarily where you need to go to change your grade. More likely there is
some hush-hush admin-istrative computer which carries out those func-tions, and it is that computer you would want to hack.
It seems logical to assume that the president of a university has the highest level of computer ac-cess. But does he or she really? Does the president actually have a computer account AT ALL? You're probably better off targeting individual professors. One English teacher I had mentioned Kojak a cou-ple times in class, and on several occasions made references to things that could be interpreted as having some relation to that television show (sometimes he would use phrases that Kojak used in the series). Obviously, Kojak is the place to start if one is interested in forcing one's way into this guy's account (especially since he's an English pro-fessor, and therefore less likely to understand the value of non-real-word passwords). And trying Kojak-related words like "Telly Savalas," "lollipop," "bald," for passwords is the obvious way of per-sonally targeting that English teacher's account. But is he REALLY the one you want to use in the first place? If I had been failing that class and wanted to get into his account to change my grade, Kojak wouldn't have helped me; as far as I was ever able to determine, it was the teaching assistants who had control over the grading, not the profes-sors! This is why it's necessary to target in order to achieve your intended purposes. If you have goals
in mind, do the necessary research to find out if you are targeting the right PEOPLE, as well as the right computers.
Potential targets can often be found by reading publicly available documents about a site. Documents pertaining to "ethical use" of the system, and articles encouraging "preventative security" are often particularly enlightening. For instance, here's a little quote I picked up from an outdated merno-randurn about security policies. This is one sugges-tion taken from a list of what was felt to be necessary improvements in security. By the time I read the article the improvements had already taken place, but thoughts of needing security were long gone from the minds of those who had written the memorandum, and so security was lax. Here's the one suggestion from the list that stuck out: Net 19 must be isolated completely by gateways from PCs and from the broadband.
Terminal server logins must be strictly enforced on all machines. PCs should be implemented which will run software that will monitor the network for signs of misuse andlor unethical usage. Look at the goldmine of information that is given here. We have these suggestions for improvement, so now it should be a simple task to determine which software was purchased to implement the suggestions. From there we can see what the
soft-ware will and will not do, find out about bugs or loopholes, and use other means to discover ways around that software. But most interesting of all (and the point that is related to this discussion of targeting) is the mention of "Net 19." What is Net 19? Obviously it is something that the administra-tion wants to go out of
their way to protect. Clearly it's something well worth hacking. If you had been the hacker to first read these words, clearly Net 19 would be the target of your hack.
Keep in mind that I read this document from a public terminal, without having to log in as any-body. It was accessed from a public information system. It is information available to anybody, and look at the wonderful clue it holds for all who see it! Now, when I read this I didn't know what Net 19 was, but I knew immediately to target all efforts to finding that system and penetrating its security.
This is an example of accidentally found knowl-edge being put to good use. But don't forget - I was reading through every publicly available document for the SOLE PURPOSE of breaking into the system. The specific bit of information I found was accidental, but my finding it wasn't.
In a way, doing this kind of on-line research -exploring every inch of the system available to you before going after the private regions - is a kind of targeting. If your goal is a specific private computer system, target all public systems related to it before you begin. This can only help you in the long run. It might lead to helpful
hints, such as the mention of Net 19, or it might at least familiarize you with various aspects of the system.
Things you should be looking for when you target a public system in this way, with the intent of going after a correlated private system, are: how it handles input and output; if any bugs are present and how the system reacts to them; what the command format is (three letters? control sequence?) and what kinds of commands are available; and machine specifications and hardware. Of course, there are numerous other things you should either be looking for, or will unconsciously be picking up anyway as you look around, like what the visual display is like and how long it takes the computer to process commands. These are things that will be helpful later on, because when you actually are trespassing, you won't want to spend hours trying to find the help command or how to log off.
Targeting may seem not just trivial, but dis-tracting as well. After all, a scientist can analyze a rainbow using specific technical terms that explain what a rainbow is, how it is formed, and why it displays its colors as it does. But in a way, this complicated description of a rainbow is completely unrelated to the rainbow being
described. The ex-planation ignores the beauty of it. The technojargon shuns the poetic connotations that we associate with the rainbow we are so interested in describing.
You may use similar arguments to complain that targeting and pre-thought and planning of hacking attacks distract from the pleasure of the hack itself. If you are a hired hacker you will need to get the job done if you expect to get paid. But otherwise, why should we bother to discipline our-selves with such nonsense as
targeting? You're right! Certainly you're correct! There is no reason to feel obligated to apply these suggestions that I pre-sent. There is no pressing need to think carefully about what you do before you do it, but you should be aware of these things as you start. At least, if you break the rules, you should understand
how following them might have helped.
Targeting specific computers that hold interest to you, and that you are sure hold the information you seek, and targeting people who have specific access levels and abilities - all of this is like ana-lyzing a rainbow and ending up with nothing but gobbledygook. But in the long run, if you really want to end up at a position further
from where you started, if you want to hack for the enjoyment of it and maintain high pleasure levels throughout the endeavor., I suggest you do these things. They will help lessen the amount of frivolous searching and brute-force monotony needed to get in, and will help you stay out of trouble. So, set up a gen-eral plan of action.
Make sure the goals you've out-lined are really the ones that apply to your case. That way you'll know that what you are hackin won't turn out to be a series of blind alleys.
I keep bringing up the point of "intentions," and it goals," but unless you're a private investigator or some sort of muckraker, you're probably willing and happy to break into any computer available any and all opportunities that present themselves. This is fine too, and many hackers are so devoted (fanatical?) in their
pursuits that even if they know a computer system will offer them nothing exciting once they get inside, they persevere because it is the thrill of the break-in itself that drives them.
But as you can well imagine, it is much more in-teresting to break into a system that holds secrets, than one whose contents are worthless to you. Is it worth it to spend months trying to get into a system that contains statistics on the copulation pat-terns of lab rats? (Not unless you happen to have an interest in that sort of
thing.) Choose your targets carefully. Getting into the system is half the fun; once you're inside, the other half can be more exciting.
