Hackers Attack Every 39 seconds

According to a recent study at the University of Marlyand, hackers attack computers every 39 seconds. At the 37th Annual IEEE/IFIP International Conference on Dependable Systems and Networks, the research team confirmed the already known fact that passwords are easily bypassed and experts are right to advise the frequent changing of longer passwords that consist of an amalgamation of uppercase letters, lowercase letters and numbers. Michel Cukier's team set up weak security on four Linux computers connected to the Internet and found that the hackers used a "dictionary script" that runs through lists of common usernames and passwords to break into the computer. After gaining access, hackers usually quickly changed passwords, checked hardware and software configurations, and then downloaded, installed and ran a program.

"Our data provide quantifiable evidence that attacks are happening all the time to computers with Internet connections. The computers in our study were attacked, on average, 2,244 times a day. Most of these attacks employ automated scripts that indiscriminately seek out thousands of computers at a time, looking for vulnerabilities. The scripts return a list of 'most likely prospect' computers to the hacker, who then attempts to access and compromise as many as possible," Cukier said. "Often they set up 'back doors' — undetected entrances into the computer that they control — so they can create 'botnets,' for profit or disreputable purposes," said Cukier.

Link: Forum Discussioin (Thanks Hum)
News source: MSNBC

Report a problem with article
Previous Story

AVG Free Edition 7.5.441a944

Next Story

NASA Employees Warned About Vista Security Loophole

5 Comments

Commenting is disabled on this article.

Heh, we get two or three ip's trying dictionary attacks on our FTP servers a day. My utility runs every 2 minutes and adds to the ip block list upon so many bad username/password attempts. But still, they get 3-4 thousand combination tries a day. Its insane. Out of the hundreds of abuse reports I've sent to the isp's of the computers attacking us, I've only gotten *5* responses saying that they fixed the problem. Earlier this week when we where experiencing a major slowdown, I temporarily turned my ip block off, and suddenly got slammed by 50 or so different ips trying to connect at once, some I'd reported to their isp months back.

On a semi-related note, when I had more time, I used to try and connect to the machines and was suprised as to how many non-windows where trying to attack(3/4rds gave me default Apache sites on port 80 and various of flavors of linux prompts on ftp/telnet ports).

NXTwoThou said,
On a semi-related note, when I had more time, I used to try and connect to the machines and was suprised as to how many non-windows where trying to attack(3/4rds gave me default Apache sites on port 80 and various of flavors of linux prompts on ftp/telnet ports).

That is surprising.

I guess though, that in general it's probably Linux novices if they're leaving those types of holes open. Obviously there's other ways to tell, but port 80? Gosh...if a home user is running ftp, http, or something like that, at least make it a non-default port.

As far as reporting to ISPs. I don't know, I used to run a default port server and got hit up pretty often, it just seems more effort than it's worth. Especially if its just some 14 year old script kiddie seeing what anonymous ftp sites there are out there. I say let em learn, as long as I don't detect some sort of theft of material or malicious attack on me, I cant say I've ever really cared...even if they tried to brute force me, they'd never have gotten in.

I don't know, a lot of the people that scan for the 'most vulnerable' aren't really constituting the population of 'hacker' either how it's used in this case (derogatory), or actually is intended (slips my mind...lol, just like the rest of the media's).

I wouldn't constitute scanning for open net bus connections as "hacking," (as used in this context), I would constitute "hacking" a specific target (i.e. school server) for a specific purpose (i.e. facilitate cheating somehow), and usually ranges beyond a mere brute forcing attack (since most well configured servers will block that type of thing).