Web vandalism is on the rise around the world, underscoring the shoddy
state of affairs in IT security, according to the owner of a Web site that
tracks such information.
In the past two weeks, Zone-H.org
proprietor Roberto Preatoni said defacements have increased to more than
500 separate attacks a day and more than 1,500 over weekends. A year ago,
he said, his site got around 30 to 50 defacement notices a day from hackers.
This increasing trend, he said, should put IT managers on notice, because
if crackers (malicious hackers) have access to the Web server controlling
public pages, they likely have access to the entire network.
“There are some defacements not getting to the root level, but most of the
time there is a root privilege access behind the defacement, therefore
everything which is contained in the Web server is at danger,” he said.
A new wave of hackers, drawn both for the appeal of the underground
movement and for political reasons, has cropped up in recent times, giving
every indication more defacements and Web server compromises are
forthcoming. Preatoni predicts the number will rise to 700 defacements a
day before December.
Some of the new hackers are clearly neophytes (called n00bs or script
kiddies), with some computer knowledge and virtually no programming
experience. Consider one of the “tons” of e-mails Preatoni gets on a daily
basis, he said, even though the site only tracks defacements and network
“Hay, ma name is Artur and i from poland. I have 15 yers and i want ot
bo a haker, because i vey like it and not only. I need some good programs
or someone who will teach me.
More dangerous are the politically motivated hackers, who break into a
site, take information if they can, and leave a “calling card” in their
wake, in the form of a diatribe against governments.
Last year, a crew calling themselves PHC claimed they had hacked into the
Indian government’s nuclear power plant network and stole the plans for
India’s atomic energy consumption rates for the next 10 years. They further
claimed they passed it on to an organization called the Al Qaida Alliance,
which has since “officially” disbanded (the group was made up of many
pro-Palestinian and pro-Al Qaida hacking groups).
Most of the time, however, defacements are seen as little more than
vandalism, with the hackers leaving their mark on the defaced site, like
“You’ve been owned,” or their political agenda. In August, the Recording
Industry Association of America (RIAA) was subject to a high-profile
defacement, which drew a lot of public attention.
Whether these hackers are politically motivated or just looking for a
diversion, most of them frequently use known exploits (a.k.a., 0day in
hacker parlance), which target an operating system’s weaknesses. In many
cases, Preatoni said, these exploits can be rendered obsolete with a
security patch and pro-active network administration.
But the factor, he said, keeping most administrators from closing down
their networks from external attack is, for the most part, budget cuts for IT spending.
He also added that it is strange to see SecurityFocus doesn’t see the
threat. Owned by security software developer Symantec, the site also
maintains Bugtraq, a popular e-mail discussion list for security technicians.
Incidentally, the security site was defaced last November indirectly by
hacker “fluffi bunny,” who hacked into the ad agency serving SecurityFocus’ banner ads and inserted his
own with a banner sporting a pink bunny rabbit and the slogan, “You think
you know? You have no idea – security fluffi.”
SecurityFocus also maintains a ThreatCon indicator, which measures the
network “danger” level throughout the world. Currently, that indicator is
at Level 1, which indicates “no discernible (widespread) network incident
activity,” according to the Web site.
Preatoni said he doesn’t know why the ThreatCon indicator says there is no
widespread activity, since his site sees 500 or more defacements a day.
“SecurityFocus needs to wake up,” he said. “They chat about security
status, but we’re hands-on, we see how much of a problem this really is.”
In the past 24 hours, he said, he’s gotten almost 1,500 defacement
notifications and is thinking of expanding his staff of 40 volunteers to 80
in the coming weeks to process all the attacks.