01 About

Network Nntrusion

The various ways and means of an intruder attacking your system are endless. The attacker could be a White Hat hacker who is merely curious about system security and spends their time finding new exploits in computer Operating Systems, however a Black Hat, or malicious hacker may have an agenda all of their own.
The agenda of the hacker is the most important key in this type of investigation. Prevention and apprehension is the other. Optimal Intelligence Investigators will audit your home or business network for known and unknown vulnerabilities and provide a comprehensive report in effort to rectify the miss-configuration.
Even the avid computer user may find their system appears to be functioning properly, however more often than not, vulnerabilities prevail - giving attackers free reign over your networks without the victim even knowing. Optimal Intelligence investigators posses the knowledge and expertise in identifying these exploits and implement proper IT protocols to prevent future

AOE/COE (Arising out of employment / In the Course of employment)

Optimal Intelligence will review your objectives prior to the genesis of any investigation, we will assign an experienced Operative to your case. OI clients expect direct contact with the Operative both online and via telephone. Upon completion of each case, the client will receive a detailed report documenting the incident, past history of claimant, background report, medical releases, pictures and a background investigation.

Methods of Network Intrusion

Trojans and Viruses: Sent via eMail or on-site, override exploit detection systems.

Packet Sniffing:

Data passing on Ethernet or Wireless networks can usually be intercepted. This is done by making use of a protocol analyzer, which sets the network card to promiscuous mode - meaning that it is able to pass all data on the network to the operating system without filtering. Passwords are typically "sniffed" off clear text protocols. Such protocols include Pop3, FTP and Telnet. In these cases, passwords flow through the network without making use of any encryption.

Replay Attack:

In some cases, intruders do not need to decrypt the password. They can use the encrypted form instead in order to login to systems. Tools are also available to make this kind of attack easier. This kind of attack is very popular against web applications.

Password File stealing:

System passwords are usually stored in files or in the Windows registry. On Windows NT 2000 and XP, the passwords are stored in encrypted form on the SAM file. On UNIX systems the password is usually stored in the /etc/passwd or /etc/shadow. Once an attacker gets his hand on the password file he can launch a dictionary or brute force attack against the encrypted passwords.


A very well known and traditional password stealing attack is dubbed "shoulder surfing" - which is basically when an intruder watches someone type in a password. Observation can also be done by going through a victim's personal objects. Typically passwords are written on small pieces of paper - and can also be written on sticky notes attached to the monitor itself!

Social Engineering:

Many successful hackers and attackers make use of human weaknesses - one such well-known hacker is Kevin Mitnick. A common technique is to simply call the user and say, "Hi, this is Bob from the MIS Department. We have problems within the network and they appear to be coming from your machine. Can you give me your password?" Many users will happily supply this sensitive information without thinking twice.

Default Passwords:

Sometimes it is not even required to guess the passwords, since the system would have default passwords put in by the system vendor. A lot of network devices such as switches and hardware routers will have default passwords allowing an attacker to easily gain access.

Port Scanning:

Port Scanning is the most common choice of attackers to find random vulnerabilities in Network Operating Systems. The attacker uses automated software that enables a remote system scan of the target network. These scans provide the attacker with known vulnerabilities and their associated means exploitation.


Several Spyware applications can be purchased for as low as $29.00. These applications, once loaded on the target machine, all key strokes, applications, emails, and Internet Chats are recorded and remain on the machine until the attacker has time along with it to retrieve the data – OR these data files containing the captured information can be eMailed by Optimal Intelligence to a predetermined eMail.