Empire Direct is an online electrical appliances shop and direct supply specialists in the United Kingdom. It provides all the electrical appliances for home and office use. As a hacker, I would aim at intruding the website an acquiring some of their state of the art electrical appliances for free (Empire Direct, 2011).
To start with, I would use some of the available hacking tools, for example, DNS Lookup and the Whois lookup in the internet to conduct a reconnaissance visit to the website. The main objective would be to find out the locations of the main servers and eventually the available machines and their interconnections. From this reconnaissance visit, I would then take advantage of any unprotected segments to obtain the IP address. Moreover, I would also obtain the locations of the Empire direct servers network and compromise the system.
The next step would be to obtain information on any exploits that I would use from the web resources and then choose remote exploits since I do not have authenticated access to locate a local vulnerability (Cyberspace and Cybersecurity, 2010). At this point, I would gain an administrator access. With this administrator access, I would then set up a cover-up to hide my tracks and begin my free online shopping.
To prevent this kind of intrusion to the systems of the Empire direct online shop, the organizations IT experts should take precautions against the hackers using the available methods. For instance, they should obtain updated Intrusion Detection Systems (IDS) that would prevent any intruder from gaining any administrative access to the websites systems. The IT experts should also put in use the firewall protection method (Nick, 2010). This would to cut off the network traffic and allow only sanctioned data to go by. Moreover, the organization should come up with a corporate security policy that requires he employees to be in possession of unique passwords to secure the network (Nick, 2010).
As a disgruntled employee who has been unfairly dismissed by an organization, I would be willing to take revenge by deleting some crucial financial details from their systems to destabilize their whole financial system.
At this point I would employ social engineering. This is where I would my employee identity to obtain the finance administrators department access. As a former employee, I either take advantage of some of the employees who may not be aware of my dismissal or use some of my sympathizers in the organization. From either of these targets, I would obtain the crucial username and password I need to start my revenge mission (Cyberspace and Cybersecurity, 2010).
The next step would be to create my internal company account to access the company’s network. This would enable me to easily break into other computers. With my main target, the finance department, in mind, I would gather the required information and single out the weaknesses of the system. At a vulnerability point in the system, I would compromise the network and give myself administrator’s access (Cyberspace and Cybersecurity, 2010). The access would allow me to carry out my mission of deleting some of my target files both in the system and in the backup.
At this point, and with all the required access and control I need, I would cover up the intrusion and also create a backdoor entry point for future access to the system. To prevent this kind of intrusion, the organization may use the defense in depth method. This is where the network security personnel use a multi-layered approach where the most valuable files would be behind a number of layers hence making it difficult for any attackers to reach it. Therefore, I would have no access to this kind of crucial financial files (Nick, 2010).