Friday, April 4, 2008

Website Defacements, A Game or Political Agenda? Decide yourself

A fast moving technological grounds, the latest discoveries of new vulnerabilities and the development of 0-day exploit (PoC - Proof of Exploit Code) has proven for years to be the most sophisticated arena on the internet underground. As show in the Press, Media and various Publications that those of hackers or crackers involved in illegal activities get down by U.S marshals or other federal authorities on day to day basis. On the other hand, these federal agents (e.g FBI or Interpol) in turn give leniency to those caught hackers/cracker to help them to invade more into real gang behind those criminals.
(Ref. TJX Data Breach late 2007)

Far from the world's open views about Hacker 'as a computer guru' or 'a cracker' who uses his computer related skills to carried intentional loss to an organization, it is bit clear that some of these activities are being carried out for malicious and non-malicious intents. Having look into one of the famous archived defacements proved out with statistics on various basis,
( - Statistics report 2005-2007)

From a given report, it is much easier to analyze the specific attack components as
a weakest link in these massive defacements. For instance,
WebServer Technologies: (Apache, IIS)
Operating Systems: (Linux, Windows2003)...and more... as shown in the screenshots.

The main difference which has been identified is a massived dropped down in defacements of Windows-based severs which is now turned back on Linux servers. It is because late in 2003-2004 when most of internet companies and e-Business organizations have decided to switch to Linux OS for their flexibility and security while transacting over the internet. But still if we look into "Top Attack Methods" applied for the last 3 years involved the very first "Misconfiguration". This is the reason that most of system administrators deployed the company's network infrastructure insecurely and push themselves with default installation procedures which turn out BLACKDAY to them when a defacement has been successful. From Web Application's security view, known attack vectors include SQL injection, XSS (Cross-site scripting attacks), File Inclusion attacks (LFI/RFI) and other application controls like authentication, integrity of transaction (eCommerce etc.) and confidentiality.

Getting into real world of defacers gave an insight look of terrible information warfare among various group of hackers. Some of them who hack for fame, some as political activists and some for fun.
(Ref. Video - "Cyberwars" at

What's the reality behind hacking into Pentagon? (U.S Trade secrets or more...) But why they hack them? It is a question remained unanswered for years. As described by media, this could be a cross-border Terrorism issue which lead into facts of cracking the Government systems to get secret information. As shown in above video in Discovery Channel "A 19-year
old boy from Malaysia claim to hold the most dangerous virus still operating under lab mode" iDefense has clearly sighted the dangers of such attack could cause billions of computers shutdown within a matter of seconds.

"This is this thing keeping everyones lungs and lips locked, it is called fear and its seeing a great renaissance."
- The Dresden Dolls