Web Vandalism on the Rise

Web vandalism is on the rise around the world, underscoring the shoddy state of global IT security, according to the owner of a website that tracks such information.

by Jim Wagner of internetnews.com [October 22, 2002]

In the past two weeks, Zone-H.org proprietor Roberto Preatoni said defacements have increased to more than 500 separate attacks a day on weekdays and more than 1,500 per day over weekends. A year ago, he said, his site got around 30 to 50 defacement notices from hackers each day.

IT should be worried, he said, because if crackers (malicious hackers) have access to the Web server controlling public pages, they likely have access to the entire network.

"There are some defacements not getting to the root level, but most of the time there is a root privilege access behind the defacement, therefore everything which is contained in the Web server is at danger," he said.

A new wave of hackers is drawn into hacking both by the appeal of the underground movement and by politics. Preatoni predicts the number will rise to 700 defacements a day before December.

Some of the new hackers are clearly neophytes (called n00bs or script kiddies), with some computer knowledge and virtually no programming experience. Consider one of the "tons" of e-mails Preatoni gets on a daily basis, he said, even though the site only tracks defacements and network breaches:

"Hay, ma name is Artur and i from poland. I have 15 yers and i want ot bo a haker, because i vey like it and not only. I need some good programs or someone who will teach me.

More dangerous are the politically motivated hackers, who break into a site, take information if they can, and leave a "calling card" in their wake, in the form of a diatribe against governments.

Last year, a crew calling themselves PHC claimed they had hacked into the Indian government's nuclear power plant network and stole the plans for India's atomic energy consumption rates for the next 10 years. They further claimed they passed it on to an organization called the Al Qaida Alliance, which has since "officially" disbanded (the group was made up of many pro-Palestinian and pro-Al Qaida hacking groups).

Most of the time, however, defacements are seen as little more than vandalism, with the hackers leaving their mark on the defaced site, like "You've been owned," or their political agenda. In August, the Recording Industry Association of America (RIAA) was subject to a high-profile defacement, which drew a lot of public attention.

Whether these hackers are politically motivated or just looking for a diversion, most of them frequently use known exploits (a.k.a., 0day in hacker parlance) which target an operating system's weaknesses. In many cases, Preatoni said, these exploits can be rendered obsolete with a security patch and pro-active network administration.

But two factors, he said, are keeping most administrators from closing down their networks from external attack: budget cuts for IT spending and SecurityFocus, a popular site that gives customers early warning of new software and network attacks. Owned by security software developer Symantec, the site also maintains Bugtraq, a popular e-mail discussion list for security technicians.

SecurityFocus also maintains a ThreatCon indicator, which measures the network "danger" level throughout the world. Currently, that indicator is at Level 1, which indicates "no discernible (widespread) network incident activity," according to the website.

Preatoni said he doesn't know why the ThreatCon indicator says there is no widespread activity, since his site sees 500 or more defacements a day.

"SecurityFocus needs to wake up," he said. "They chat about security status, but we're hands-on, we see how much of a problem this really is."

In the past 24 hours, he said, he's gotten almost 1,500 defacement notifications and is thinking of expanding his staff of 40 volunteers to 80 in the coming weeks to process all the attacks.

— End