Reconnaissance | Intel471 Skip to content


The process of identifying critical technical, personnel and organizational elements of intelligence in order to learn how to best attack an network (in the case of a bad actor) or set up defense for a network (in the case of a defensive security team).

Homepage slide 1
2 Reconnaisance

Criminals use reconnaissance to gain access to networks and systems, with the aim to gather information that can be used to attack a network or system. Generally speaking, reconnaissance is the act of gathering information about a target before launching an attack.

Reconnaissance is done to find weaknesses, vulnerabilities, holes, activity, and nodes that can be used by attackers to go after an organization. The same tactics can be used by penetration-testers so that they can focus their attention on the most critical areas.

What is an example of reconnaissance?

Reconnaissance’s most common form involves scanning networks looking for vulnerabilities - such as email messages, websites, social media sites, messaging applications and a company's internal network looking for access to systems and computers running outdated software or security systems that can be vulnerable to attacks.

Once a vulnerability has been identified, criminals will exploit it by using malicious code. They may attempt to steal information and intelligence from the system, or they may use it to send spam emails or launch denial-of-service attacks (DDoS) against another website. Hackers often use automated tools to perform this kind of reconnaissance. These tools are commonly referred to as "bots."

What is the purpose of reconnaissance?

The purpose of reconnaissance is to gather information about an opponent's network infrastructure, including its vulnerabilities, to exploit them later on.

The reasons an attacker wants to hack into a system are:

  • To steal information

  • To disrupt operations

  • To cause damage

  • To gain access to networks

What happens after a criminal conducts reconnaissance?

Criminals will then weaponize code, mainly by using a piece of malware to gain access to another person's computer or an organization’s computer system. The attacker then uses the victim's computer system to launch attacks against other systems or to steal data from the organization.

Some notable examples:

  • In 2017, the U.S. Department of Homeland Security warned that Russian hackers targeted U.S. electric power companies, water utilities, wastewater treatment plants, dams, and nuclear facilities. Hackers could shut down the power grid by attacking critical control systems, according to DHS.

  • In the case of a breach at Equifax, hackers used spear-phishing emails to trick employees into giving them login credentials. Once they had those, they could access the company's network devices and database and steal people's personal information.

  • In 2017, researchers at Kaspersky Lab discovered a new form of malware called NotPetya. It was designed specifically to target Ukraine's energy sector. When appropriately executed, the virus encrypted files stored on infected machines and demanded payment in Bitcoin to decrypt them.

Can I protect my business from reconnaissance?

One way to protect your business from reconnaissance is to use a VPN service. A VPN encrypts all data sent through the internet, making it incredibly difficult for anyone else to intercept it. Only the employees will have access to resources.

There are other forms of software that also use encryption to secure your computer. Many free programs are available, but they aren't as effective at protecting your data as paid services.

There are many different types of VPN services available. Some of these additional tools cost money, some don't require subscription fees, and some offer free trials. It's essential to choose a VPN provider that offers strong encryption and has servers located around the world so that you can access your network regardless of where you are physically located.