The first step of the hacking process is gathering information

on a target. Information gathering, also known as footprinting,

is the process of gathering all available information

about an organization. In the age of the Internet, information

is available in bits and pieces from many different sources.

Seemingly insignificant bits of information can be enlightening

when pieced together—which is the purpose of information

gathering. Footprinting can be effective in identifying highvalue

targets, which is what hackers will be looking for to

focus their efforts.

A hacker uses information-gathering techniques to determine organizations’ high-value targets, where the most valuable information resides. Not only does information gathering help identify where the information is located, but it also helps determine the best way to gain access to the targets. This information can then be used to identify and eventually hack target systems. Many people jump right into running hacking tools, but information gathering is critical in minimizing the chance of detection and assessing where to spend the most time and effort. Social engineering can also be used to obtain more information about an organization, which can ultimately lead to an attack. Social engineering as an information-gathering tool

is highly effective at exploiting the most vulnerable asset in an organization: the people.

Human interaction and the willingness to give out information make people an excellent source of information. Good social-engineering techniques can speed up the hacking process and in most cases will yield information much more easily.

Reconnaissance

The term reconnaissance comes from the military and means to actively seek an enemy’s intentions by collecting and gathering information about an enemy’s composition and capabilities via direct observation, usually by scouts or military intelligence personnel trained in surveillance. In the world of ethical hacking, reconnaissance applies to the process of information

gathering. Reconnaissance is a catchall term for watching the hacking target and

gathering information about how, when, and where they do things. By identifying patterns of behavior, of people or systems, an enemy could find and exploit a loophole.