[ISN] Hackers post achievements online

InfoSec News isn at c4i.org
Tue Oct 26 02:41:33 EDT 2004


October 26, 2004

Malaysia was the centre of 'hacker activities' on Oct 6 and 7 when
hackers from around the world attended the Hack-In-The-Box Security
Conference (HITBSecConf 2004) in Kuala Lumpur.

This year's lineup of speakers included John Draper, infamous for his
early phone phreaking exploits; Theo de Raadt, creator and project
leader of OpenBSD; and Adam Gowdiak, formerly of The Last Stage of
Delirium - the group that 'broke' Windows.

About 300 people attended the security conference organised by Hack In
The Box (M) Sdn Bhd.


ZONE-H (www.zone-h.org) is doing its part to keep the Internet safe
but in a very unusual fashion - it encourages hackers who deface
websites to log on to its site to post the details of their attacks.

A lot of people might think that this would encourage hackers to
deface more websites, and it does, according to zone-h founder Roberto
Rangoni Preatoni.

But it also does more good than harm because it encourages hackers to
find security holes in websites, which the owners would not be aware
of otherwise, he said.

These hackers are mainly interested in defacing websites, not causing
serious harm, said Preatoni.

Zone-h, which calls itself "the Internet thermometer," monitors
Internet attacks and keeps an archive of defaced websites, including a
snapshot of tampered websites.

Once the site owner is aware of the security flaw, he has a chance to
patch the flaw before it is exploited by someone who means to cause
real damage, said Preatoni.

"Website owners have to ask themselves which is better - being
attacked by a hacker who does some serious damage or just some script
kiddie defacing their website," he said.

"Imagine if a hacker manages to get access to a corporate website and
uses it to distribute porn. Chances are the company won't know about
it for some time and by the time someone finds out, severe damage
would have been done to the image of the company," said Preatoni.

He feels having your website defaced is a small price to pay to enjoy
better security in the long term.

A defaced website is a wakeup call to the systems administrator. It
has the effect of motivating him or her to be more diligent in
monitoring the website and applying security patches on time, he said.

In some cases, Preatoni said he managed to get in touch with the
hackers and convinced them to change their ways. He even employs
several to run his zone-h website.

Reasons behind the attack

By giving hackers an avenue to post their "victories," zone-h is also
able to collect useful information, such as the hacker's motive, which
top domain levels are popular targets, and which methods were used.

According to the statistics posted on zone-h, the most popular reason
given for defacing a website is "for fun" - which accounts for 32.1%.  
Another 17.6% did not want to reveal their reasons, while 14.7% said
they did it because they wanted to be the best "defacer," and 12.1%
were motivated by political reasons.

Surprisingly, most of the defaced websites were hosted on Linux. The
popular open source operating system, which has been touted for its
security features, took the top spot at 60.7%.

On the other hand, the Windows operating system which has been
criticised for having too many security holes came in a distant second
at 19.3%, according to the zone-h site.

In 29.9% of the attacks, hackers took advantage of configuration
errors or administration mistakes to "break" into websites.

While 25.3% took advantage of a known system vulnerability that was
left unpatched by the systems administrator, 23.1% took advantage of
new vulnerabilities and 14.6% used brute force. Brute force attacks
rely on sheer computing power to break in, usually by trying all the
possible combinations for a password.

Most of the defaced websites - or 38.3% - were hosted on .com domains,
while the next highest number - or 8.9% - were hosted on .de domains
and the third highest - or 6.5% - were hosted on .net domains.

The Malaysian top-level domain, .my, was not on the list.

More information about the ISN mailing list