The Start of the Conversation
“Hi there, I am Grey Caesar”
“That is a catchy name, sir. I am Xl-Kal”.
GC – No Sir. You look a lot senior to me. I should call you sir.
Xl-Kal – I get it, mate. What brings you here to the hacking expo show?
GC – Oh yeah, I am into hacking. I am very fond of direct and active attacks in the systems.
Xl-Kal – I have caught a wind of you some days back in the news. You are that hacker who messed up with a couple of multi-million e-commerce websites.
GC – How Awesome is that! I have become popular that soon. Anyway, what do you do, sir?
Xl-Kal – Yup, I don’t do that sort of assault like you do. I incline toward the passive attack.
GC – What does that mean, Sir?
Xl-Kal – I just observe or copy the contents. I try to read or make use of the information from the system.
“Passive and active attacks are the two fundamental types of security attacks. There are sub-categories under these two categories. Eavesdropping and traffic analysis are two types of passive attacks; Denial of Services, Message modification, trojans, etc. are the other types of active attacks.”
GC (Active) – That means you don’t play around with the files and contents in the system.
Xl-Kal (passive) – No, I don’t modify the content of the messages. I am a threat to the confidentiality of the CIA triad.
GC (Active) – You’re kidding. You attack the Central Intelligence Agency?
Xl-Kal (Passive) – Not that kind of CIA. It is CIA Triad which is the Confidentiality, Integrity, and Availability.
GC (Active) – My bad! So, my work of active attack is the threat to Availability. Isn’t it?
Xl -Kal (Passive) – Yes and Integrity as well. You mess up the contents after attacking the system.
GC (Active) – Gotcha. You see it is fun to play around with the contents. Sometimes I do inform the victims about the attack for some thrill.
Xl-Kal (Passive)– Dude, chill out. I don’t prefer to inform the victims. I will rather be relatively invisible to avoid detection. The is the purpose of passive attack.
GC (Active) – Hmmm. What will you do with the data?
Xl-Kal (Passive) – Whenever or whatever is required, I can make use of the information.
GC (Active) – Like blackmail or selling contents for money?
Xl -Kal (Passive) – Maybe. Something like that.
GC (Active) – I guess it must be difficult to detect the passive attack because you do not affect the systems directly like I do.
Xl-Kal (passive) – You bet. I just simply listen to the messages exchanged by the entitles. I love eavesdropping and can make use of it.
GC (Active) – So the traffic must be unencrypted for you to eavesdrop, right?
Xl-Kal (passive) – Of course, if the information is encrypted. We also observe the frequency and length of the messages being exchanged. That is called traffic analysis.
GC (Active) – Sweet. Sorry I’ve gotta go. It was great to meet you. Hope you don’t snoop at me else I will change your name and make you disappear.
Xl-Kal (Passive) – You bet, Mr. Richard!
Conclusion
There will be incidents that will go unnoticed. We need to figure out how to distinguish them before mitigating the risks. There will be a threat of unauthorized access, vulnerability exploitation, malware, improper usage, etc.
There is one more hacker who can be the enemy of XL-Kal and Grey Caesar – it can be YOU. You can consider yourself as a white-hat hacker who can assist to protect the organization from the threats. You can find out about different kinds of hackers in this blog https://blogs.perficient.com/2020/06/22/operation-blackhat/
All the white-hat hackers don’t have to learn the hacking skills. You can protect the CIA Triad of your organization with the knowledge of information security practices.