Security News > 2001 > January > [defaced-commentary] Top Level Domains: Winners and Losers, 2000
![[defaced-commentary] Top Level Domains: Winners and Losers, 2000](/static/build/img/news/alt/data-breach-stats-medium.jpg)
---------- Forwarded message ---------- Date: Fri, 5 Jan 2001 05:17:37 -0700 From: Small Grey To: defaced-commentary () attrition org Subject: [defaced-commentary] Top Level Domains: Winners and Losers, 2000 Top Level Domains: Winners and Losers, 2000 (An HTML and graphic version of this is archived at http://www.attrition.org/security/commentary/winnersandlosers.html as this was emailed out) Over year 2000, Attrition.org recorded over 5800 defacements, over 2000 more defacements over 1999. Where did all of these defacements come from? Did any Top Level Domains manage to reduce their share of defacements over the last year in what can only be described as a harsh environment? The answers surprised me. I didn't expect to see Brazil leading those countries with gains, or the U.S. military heading the list of those TLDs to reduce their absolute share of defacements. ------------------------------------------------------------------------ Losers The largest increase in defacements was Brazil, which actually outstripped the entire dot-com generic TLD (these tables are taken from the TLD logs http://www.attrition.org/mirror/attrition/tldlogs/): Brazil (br) ----------+----------- ----------+----------- Month |Defacements Month |Defacements ----------+----------- ----------+----------- Jan 1999 | 0 Jan 2000 | 27 Feb 1999 | 1 Feb 2000 | 46 Mar 1999 | 1 Mar 2000 | 42 Apr 1999 | 1 Apr 2000 | 26 May 1999 | 1 May 2000 | 49 Jun 1999 | 5 Jun 2000 | 40 Jul 1999 | 6 Jul 2000 | 39 Aug 1999 | 4 Aug 2000 | 28 Sep 1999 | 7 Sep 2000 | 44 Oct 1999 | 12 Oct 2000 | 65 Nov 1999 | 36 Nov 2000 | 88 Dec 1999 | 50 Dec 2000 | 69 | | Total | 124 Total | 563 ----------+----------- ----------+----------- The Commercial "com" TLD came in next with about 320 more defacements over last year. I imagined that this TLD would have done much worse, and that it would have dominated the losers by a very large margin: Commercial (com) ----------+----------- ----------+----------- Month |Defacements Month |Defacements ----------+----------- ----------+----------- Jan 1999 | 39 Jan 2000 | 178 Feb 1999 | 32 Feb 2000 | 153 Mar 1999 | 72 Mar 2000 | 162 Apr 1999 | 129 Apr 2000 | 137 May 1999 | 182 May 2000 | 124 Jun 1999 | 143 Jun 2000 | 114 Jul 1999 | 191 Jul 2000 | 166 Aug 1999 | 172 Aug 2000 | 275 Sep 1999 | 130 Sep 2000 | 192 Oct 1999 | 259 Oct 2000 | 157 Nov 1999 | 243 Nov 2000 | 214 Dec 1999 | 178 Dec 2000 | 219 | | Total | 1770 Total | 2091 ----------+----------- ----------+----------- The results for Israel are no surprise, having attracted the attention of a number of hacking groups in an on-going cyber-war: Israel (il) ----------+----------- ----------+----------- Month |Defacements Month |Defacements ----------+----------- ----------+----------- Jan 1999 | 0 Jan 2000 | 0 Feb 1999 | 0 Feb 2000 | 27 Mar 1999 | 0 Mar 2000 | 1 Apr 1999 | 0 Apr 2000 | 3 May 1999 | 1 May 2000 | 0 Jun 1999 | 0 Jun 2000 | 1 Jul 1999 | 0 Jul 2000 | 4 Aug 1999 | 0 Aug 2000 | 3 Sep 1999 | 0 Sep 2000 | 0 Oct 1999 | 0 Oct 2000 | 5 Nov 1999 | 1 Nov 2000 | 62 Dec 1999 | 0 Dec 2000 | 25 | | Total | 2 Total | 131 ----------+----------- ----------+----------- A pie chart puts this into perspective: each slice of the pie represents the TLD's share in the overall gain in defacements over 2000 (relative to the other TLDs. These pie charts do not represent a TLD's percent change over the last year, but the TLD's relative share in the increase in defacements). Other notables in the list of gains were Non-profit organizations, Korea, U.S. academic institutions, the U.S. country TLD ("us" TLD is usually United States schools, libraries, community colleges and state government institutions), Argentina, Italy (!), India, Germany, the UK, South Africa, U.S. ISPs, and Mexico. If there is anything of special note in this list, it's the number of Latin America countries. http://www.attrition.org/security/commentary/graphs/tldgains.gif [Pie Chart of TLDs that gained in 2000] The Winners The TLDs that reduced their number of defacements are perhaps not as surprising as those that gained: The largest single reduction came from the U.S. military, which appears to have been less of a target after 1999 (no Kosovo this year), and efforts to harden military networks. Likewise, the U.S. government TLD also reduced the number of it's defacements, but just barely. As to why Australia might have fallen, I won't venture a guess; perhaps some of the members of the defaced-commentary have an idea and wouldn't mind having something forwarded to the rest of the list? While the reductions are modest (except the U.S. Military: a 48% decline), a reduction after the year we just had is significant. Here, as before with the TLDs that gained, are the top 3 tables: U.S. Military (mil) ----------+----------- ----------+----------- Month |Defacements Month |Defacements ----------+----------- ----------+----------- Jan 1999 | 1 Jan 2000 | 8 Feb 1999 | 1 Feb 2000 | 2 Mar 1999 | 4 Mar 2000 | 4 Apr 1999 | 5 Apr 2000 | 6 May 1999 | 13 May 2000 | 4 Jun 1999 | 6 Jun 2000 | 4 Jul 1999 | 6 Jul 2000 | 1 Aug 1999 | 3 Aug 2000 | 3 Sep 1999 | 2 Sep 2000 | 11 Oct 1999 | 28 Oct 2000 | 1 Nov 1999 | 18 Nov 2000 | 2 Dec 1999 | 6 Dec 2000 | 2 | | Total | 93 Total | 48 ----------+----------- ----------+----------- Australia (au) ----------+----------- ----------+----------- Month |Defacements Month |Defacements ----------+----------- ----------+----------- Jan 1999 | 1 Jan 2000 | 2 Feb 1999 | 0 Feb 2000 | 1 Mar 1999 | 0 Mar 2000 | 4 Apr 1999 | 1 Apr 2000 | 3 May 1999 | 2 May 2000 | 3 Jun 1999 | 11 Jun 2000 | 1 Jul 1999 | 4 Jul 2000 | 2 Aug 1999 | 6 Aug 2000 | 3 Sep 1999 | 9 Sep 2000 | 3 Oct 1999 | 8 Oct 2000 | 4 Nov 1999 | 10 Nov 2000 | 7 Dec 1999 | 6 Dec 2000 | 5 | | Total | 58 Total | 38 ----------+----------- ----------+----------- U.S. Government (gov) ----------+----------- ----------+----------- Month |Defacements Month |Defacements ----------+----------- ----------+----------- Jan 1999 | 7 Jan 2000 | 11 Feb 1999 | 3 Feb 2000 | 15 Mar 1999 | 2 Mar 2000 | 6 Apr 1999 | 12 Apr 2000 | 4 May 1999 | 21 May 2000 | 27 Jun 1999 | 24 Jun 2000 | 9 Jul 1999 | 5 Jul 2000 | 21 Aug 1999 | 3 Aug 2000 | 8 Sep 1999 | 3 Sep 2000 | 6 Oct 1999 | 17 Oct 2000 | 11 Nov 1999 | 51 Nov 2000 | 19 Dec 1999 | 15 Dec 2000 | 15 | | Total | 163 Total | 152 ----------+----------- ----------+----------- The following pie chart illustrates the TLDs percent of the total reductions for 2000. The other TLDs in the list (Christmas Islands, Hungary, Niue, The Russian Federation, and Jordan) had such small counts to begin with that it's hard to say what might be going on: http://www.attrition.org/security/commentary/graphs/tldreductions.gif [Pie Chart of TLDs that fell in total defacements in 2000] Other useful resourses: The Country Table (available at http://www.attrition.org/mirror/attrition/country.html) links to more than 100 pages of TLD categorized defacements, which in turn link to individual defacements) TLD logs: The TLD logs (http://www.attrition.org/mirror/attrition/tldlogs/) are a series of very basic annual summary data for each TLD, along with a simple and spare plot of the defacements per month for the TLD over the year 2000. ------------------------------------------------------------------------ munge () attrition org ? 2001 Matt Dickerson for Attrition.org Last modified: Fri Jan 5 06:55:44 EST 2001 - The information and commentary is Copyright 2000, by the individual author. Permission is granted to quote, reprint or redistribute provided the text is not altered, and the author and attrition.org is credited. The opinions expressed in this mail are not necessarily the opinion of all Attrition staff members. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
News URL
http://www.attrition.org/security/commentary/winnersandlosers.html