Security News > 2004 > October > Hackers post achievements online

http://star-techcentral.com/tech/story.asp?file=/2004/10/26/itfeature/9173356&sec=itfeature BY M. MADHAVAN October 26, 2004 Malaysia was the centre of 'hacker activities' on Oct 6 and 7 when hackers from around the world attended the Hack-In-The-Box Security Conference (HITBSecConf 2004) in Kuala Lumpur. This year's lineup of speakers included John Draper, infamous for his early phone phreaking exploits; Theo de Raadt, creator and project leader of OpenBSD; and Adam Gowdiak, formerly of The Last Stage of Delirium - the group that 'broke' Windows. About 300 people attended the security conference organised by Hack In The Box (M) Sdn Bhd. -=- ZONE-H (www.zone-h.org) is doing its part to keep the Internet safe but in a very unusual fashion - it encourages hackers who deface websites to log on to its site to post the details of their attacks. A lot of people might think that this would encourage hackers to deface more websites, and it does, according to zone-h founder Roberto Rangoni Preatoni. But it also does more good than harm because it encourages hackers to find security holes in websites, which the owners would not be aware of otherwise, he said. These hackers are mainly interested in defacing websites, not causing serious harm, said Preatoni. Zone-h, which calls itself "the Internet thermometer," monitors Internet attacks and keeps an archive of defaced websites, including a snapshot of tampered websites. Once the site owner is aware of the security flaw, he has a chance to patch the flaw before it is exploited by someone who means to cause real damage, said Preatoni. "Website owners have to ask themselves which is better - being attacked by a hacker who does some serious damage or just some script kiddie defacing their website," he said. "Imagine if a hacker manages to get access to a corporate website and uses it to distribute porn. Chances are the company won't know about it for some time and by the time someone finds out, severe damage would have been done to the image of the company," said Preatoni. He feels having your website defaced is a small price to pay to enjoy better security in the long term. A defaced website is a wakeup call to the systems administrator. It has the effect of motivating him or her to be more diligent in monitoring the website and applying security patches on time, he said. In some cases, Preatoni said he managed to get in touch with the hackers and convinced them to change their ways. He even employs several to run his zone-h website. Reasons behind the attack By giving hackers an avenue to post their "victories," zone-h is also able to collect useful information, such as the hacker's motive, which top domain levels are popular targets, and which methods were used. According to the statistics posted on zone-h, the most popular reason given for defacing a website is "for fun" - which accounts for 32.1%. Another 17.6% did not want to reveal their reasons, while 14.7% said they did it because they wanted to be the best "defacer," and 12.1% were motivated by political reasons. Surprisingly, most of the defaced websites were hosted on Linux. The popular open source operating system, which has been touted for its security features, took the top spot at 60.7%. On the other hand, the Windows operating system which has been criticised for having too many security holes came in a distant second at 19.3%, according to the zone-h site. In 29.9% of the attacks, hackers took advantage of configuration errors or administration mistakes to "break" into websites. While 25.3% took advantage of a known system vulnerability that was left unpatched by the systems administrator, 23.1% took advantage of new vulnerabilities and 14.6% used brute force. Brute force attacks rely on sheer computing power to break in, usually by trying all the possible combinations for a password. Most of the defaced websites - or 38.3% - were hosted on .com domains, while the next highest number - or 8.9% - were hosted on .de domains and the third highest - or 6.5% - were hosted on .net domains. The Malaysian top-level domain, .my, was not on the list. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/

News URL

http://star-techcentral.com/tech/story.asp?file=/2004/10/26/itfeature/9173356&sec=itfeature