How to Hack the Pentagon

Obtaining information such as user names, e-mail addresses, login credentials, or classified documents requires a well-versed programmer to access the system by finding vulnerabilities and exploiting them. Doing so directly through a website would take too much effort, as these systems are highly secure. So you go to the weakest link: a human—a contractor or unsuspecting employee—who is conned by the hacker into opening what appears to be a valid document but carries malware. Once the malware is installed, the hacker can gain control of the user’s computer and credentials, giving the hacker access to secure areas on the server. Depending on the level of access obtained, the hacker may be able to get to databases of private content. If root access (the Holy Grail) is gained, the entire system and network is at the mercy of the hacker. Root access gives a user unrestricted access. With it a hacker can do as they please, erasing, copying, or modifying any file on the network.

If gathering of content is not the intent, a hacker can just take down a website by crashing the server with a distributed denial of service attack (DDoS), a regular embarrassment for sites such as financial institutions, government agencies, and social-media networks. This requires the orchestration of multiple computers, sometimes thousands, to ping, or push a packet of information, to a website’s server. To do this, the hacker can distribute an exploit embedded in a popular piece of software that is downloaded and installed by unknowing internet users. The exploit allows the hacker to band together the infected computers and flood a website with an unlimited amount of pings, packets of information, search queries, and incoming messages. Overloaded with these requests, the server slows to a crawl, rendering the website unavailable, sometimes for hours.

    Before it's here, it's on the Bloomberg Terminal.