|
Chess Hacking 101
Hackers never say they are hackers, just as politicians never
say they lie. "Those who talk do not know and those who know do not
talk",so wrote Lao Tzu. You'll never find the predatory habits of
computer system penetrators being discussed in an introductory
University level course. What then is Chess Hacking 101 ?
I hope to show here that hacking provides a useful analogy to
chess players as they prepare and execute their winning strategies. I
hope to demonstrate that lateral thinking continually provides the
ability to learn from any,even the most painful, situations and helps
us to repeatedly reap success.
Recently my wife's computer was terribly hacked, this intrusion
resulted in a painful loss of productive time and creative ideas and it
leaves us both with a sense of extreme vulnerability. Instead of
curling up in a corner and pulling the plug on the internet though I
decided to instead learn from it and remain positive. I began to study
how such hackers plan their attacks and used Lateral Thinking to
connect this to my Chess.
Although the vast majority of so called hackers are really just
greedy opportunists with little actual skill and discipline (sometimes
called "script kiddies" ) the professional hacker is quite methodical
and he will follow certain definite steps in carrying out his mission.
Firstly they perform Reconnaissance of the target. They gather as
much information as they can. In doing so they use both active and
passive means. Passive means are those which cannot be detected by the
target. Using Google and Facebook for instance or visiting a local
library to see the relevant literature are passive. Active means might
include asking questions of the target's friends or even the target
themself.
Next the hacker begins Scanning the target system. This is
easily picked up by the Intrusion Detection systems of the target
however it is also a common practice on the web and therefore not
normally enough to raise any major alarms. The chess equivalent might
be to actually go and watch your potential opponent playing in a live
event or watch them playing blitz online. They will see that you have
an interest in their games but this is not usually enough to make them
worry about you.
Service Enumeration comes next. The Scanning process would
likely reveal what type of target system it is,the Operating system
being used and the exact ports open. This allows what hackers call
"fingerprinting". The unique properties of the target are revealed. In
chess terms we begin to understand the Opening Preferences, Methods and
Style of play used by our "target".
Once their methods, style and preferred openings are known it
immediately becomes possible to Assess Vulnerabilities. Hackers use
databases of known exploits and Chess Hackers use databases of
Grandmaster games, like ChessBase and Chess Lab, to pinpoint weaknesses
in the opponent's configuration.
Even better is when you transcend database programs and
can carry out an unknown "live" exploit or what in chess terms may be
called a "novelty". Whether you use a known Exploit or create one of
your own though, this Exploit stage is where hackers cross the border
of legal and illegal in Computer terms and should not be taken lightly.
Luckily in chess hacking all is fair.
Once the exploit is successful the Hacker would have penetrated
the target and the professional will use this to create Privilege
Escalation. The initial access will be used to gain sensitive
information or other benefits, the hacker may become an admin level
user or a VIP instead of just a guest. In chess terms the opponent
becomes a repeat "customer" or "your client" and you develop what the
Russians called an "Indian sign" or a "hex" effect.
A Master hacker at this stage will continue the process and
eventually "Own the Box" which simply means they have full control over
the system. In chess terms you can now beat the opponent at will. They
collapse before you, their ego and ability to resist has been
shattered, or snapped, like Spassky's was against Fischer.
In the course of all this, hackers would continually Evade
Defenses and Erase Tracks. Likewise the Chess Hacker should forestall
all forms of counterplay and keep the opponent guessing. Hide the
Ladder after your Ascent.
Maintain and Expand Access. The sad reality is that most
hackers now destroy the system that they have illegally infiltrated but
the true masters will instead remain invisible like a Ninja, they may
even actually help the system thrive. They will then use it for access
to other systems. This is the stage where rootkits and backdoors are
created. In chess terms you don't sit on your laurels but continue to
Think Laterally and reap the bountiful blessings of Caissa.
|
|