Information Security News mailing list archives

Re: Italian Police Nab Hacker Group

From: InfoSec News <isn () c4i org>
Date: Sat, 19 Jan 2002 22:58:13 -0600 (CST)

Forwarded from: Robert G. Ferrell <rferrell () texas net>

At 01:10 AM 1/18/02 -0600, you wrote:

Website defacements are no more than graffiti in digital form.
Should their entire lives be ruined because they did this?  how
about if they were doing it with a can of spray paint on the side
of your office building?  and exactly what are the monetary
damages?


The reason this analogy is not entirely accurate is that most graffiti
is applied in public areas; i.e., on spaces that can be legally
accessed by members of the public.  A Web page is more akin to a
window display than an exterior wall. The attackers must break into
the building first, then leave their graffiti in an area to which they
had no legal access. It is the action of compromising the system which
does the real damage, not the actual Web defacement.  If all that was
required to address a defacement was to replace the defaced page(s),
the damage would be trivial.  However, once a box is compromised, any
admin with even a vestige of a clue will be forced to consider the
entire system tainted, with all the work that implies.

Of course, the mechanism of compromise is relevant here, as well.  If
the exploit merely replaces the index page via an HTTP-based buffer
overflow or something of that nature, the potential for system-wide
damage is obviously considerably reduced over, say, a full rootkit
install. Unfortunately, the mechanism of compromise is often not clear
until some digging into logs and examination of other system
components has been achieved, and by then the cost of recovery is
already non-trivial.

My real point is simply that, while I agree that digital graffiti
itself is little more than an annoyance, the costs of recovering from
attacks of this nature are sometimes disproportionately large.  It's
important to keep in mind the psychological impact of intrusions on
the peace of mind of both the victim companies and their customers.
These costs are difficult to quantify, but no less real for it.

Cheers,

RGF

Robert G. Ferrell
rferrell () texas net
http://rferrell.home.texas.net/rgflit.html 



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.

Current thread:

Italian Police Nab Hacker Group InfoSec News (Jan 16)
- <Possible follow-ups>
- RE: Italian Police Nab Hacker Group InfoSec News (Jan 17)
- Re: Italian Police Nab Hacker Group InfoSec News (Jan 18)
- Re: Italian Police Nab Hacker Group InfoSec News (Jan 18)
- Re: Italian Police Nab Hacker Group InfoSec News (Jan 18)
- Re: Italian Police Nab Hacker Group InfoSec News (Jan 20)
- RE: Italian Police Nab Hacker Group InfoSec News (Jan 21)