In modern culture, hackers are portrayed as people that sit in their basement and look at black screens filled with green letters. That cannot be further from the reality. A smart hacker rarely has the need to do any work at all to get through to the victim. In fact, most of the job is automated once the necessary software is created. My recent favorite TV show Mr. Robot shows exactly the same. Sam Esmail has done an excellent job at showcasing close to real, smart and highly sophisticated hacking techniques, be it social hacking, hacking a smart house or well-coordinated geo botnet attack.
One of the most common attacks aimed towards the average man is the Trojan horse and its many mutations. A Trojan horse is necessarily a two-piece software composed of the Client (control center) and a very tiny program (server) that when clicked or otherwise ran, installs itself on the victim’s machine very quietly, with no messages or notifications whatsoever. Once installed, the server connects to the Client, also quietly and reports that it is ready to receive commands. From that exact moment, the machine where the server was installed is a zombie. The hacker is presented with a neat interface on his Client software which enables him to do literally anything with the machine. He can look at passwords, add/delete/modify any file, watch what the victim is typing real-time or also watch their screen real-time, see the web camera. Heck, he can put the load on the CPU and then turn off the CPU cooling fan if he so desires, leading to physical damage to the computer which on modern CPU’s usually happens with a relatively loud explosion which sprays shrapnel everywhere and could be a fire hazard also. There are known cases where hackers use Trojan horses to monitor the victim’s activity and then when they are positive that the victim is not at home, cause physical damage to the computer which in turn sets the house/apartment on fire. It was also a very reliable way to assassinate senior citizens, by causing a fire while they sleep since they are rarely able to act swiftly.
However, the cases mentioned above are not very common, and those are situations where the hacker has personal issues with the victim, in other words, vengeance or settling a score. Most commonly though hackers would infect computers to gather valuable information, be it credit cards, accounts or sensitive personal information which is then used to blackmail the victim into making a payment. Lastly, a hacker could also infect the machine and only leave it alone. The computer would connect to a remote host where thousands of other computers, all infected, become an accomplished Army available at the hacker’s demand. This is called a botnet and bluntly said; there is no protection against it. With a big enough botnet, a hacker could bring down a conglomerate such as Google to its knees. It is a very standard tool in blackmail and industrial sabotage. Well, E-Corp may be fiction but isn’t too far from reality, is it?
Infection happens relatively simple. As mentioned, the server software must be clicked or otherwise ran on the machine that is to be infected. There are several techniques to do this. The server can be disguised to look like a very lucrative software offered for free. A crack or cheat for the latest game, a key for expensive software, or even the software itself. To pass a Trojan as legitimate software, hackers would even sell the software for a small fee, thus bypassing people’s pragma that there is nothing free in this world. Another method is to simply take a legitimate software and inject the server into it. The software would run or install correctly, with no sign that at the same time a payload was dropped and activated on the machine. Once installed, depending on the purpose of the attack the software can spread itself. Since it has complete control over the victim’s computer, it can send e-mails or IM’s without the victim knowing or seeing anything. Usually, it makes a copy of itself looking like a photo. Then it grabs some legitimate photos from the victim’s machine, say 11 legitimate photos. It renames them in sequence from photo 1 to photo 12, and it names itself photo 7 for example. The victim would accept all photos, look at the first few, and they would open just fine. When they come to photo 7, it would fail to open. The victim would disregard it, thinking that the photo got corrupted during the transfer and proceeded to look at the next photos. Little do they know that their machine was just infected. The spreading process continues.
Antivirus software is rarely useful in these cases sadly because real viruses are mutated to the extent where the antivirus can no longer recognize them as a threat. They can slip right through the defenses, including firewalls. The antivirus never stands a chance. There are even new viruses called polymorphs which can change themselves automatically to adapt to antivirus updates, rendering any new installed update or antivirus useless. The best practice, in reality, is not to trust any file, or at least executable files and run them through Virustotal. If there is even one trigger, do not run it, simple as that.