Hackers' paradise

[InfoSec News <isn () c4i org>]

http://www.news24.com/News24/Technology/Infotech/0,1113,2-13-45_1210963,00.html

09/07/2002 
Elinor Mills Abreu 

San Francisco - Which part of the world has the dubious distinction of
being the most active hotbed of computer hacking?

Among the most highly wired economies, more cyber attacks originate
from Israel and Hong Kong on a per-internet-user basis than anywhere
else, while Kuwait and Iran top the list of the category of countries
with fewer Internet users, according to a study released on Monday.

Overall, the United States generates by far the most cyber attacks,
followed by Germany, South Korea, China and France, according to a
report from Riptech Inc, a managed security service provider based in
Alexandria, Virginia.

The most likely corporate targets were power and energy companies, the
study said. Political analysts have expressed concern hackers target
such companies to try to maximise the impact of any attack.

The Riptech study was based on a miniscule sample compared to the
number of companies connected to the internet, but because it was
based on computer logs of attacks, which are not widely tracked or
aggregated, it provides useful insight into global trends, industry
analysts said.

Riptech declined to speculate on why some countries were more active
as the launchpads of computer attacks.

"We try not to speculate as to motive," said Elad Yoran, co-founder
and executive vice president of Riptech. "We want to keep the report
as objective as possible."

But he said, "it's interesting that countries that are less
well-developed attack at a 50-percent higher rate on a per-person
basis."

Cyber attacks, which include everything from the spread of viruses to
hacks used to cripple websites, were 28 percent higher in the first
half of the year than attacks recorded during the second half of last
year, a projected annual growth rate of 64 percent, the study found.

Companies, on average, suffered 32 attacks per week, up from 25
attacks per week during the second half of last year. Most attacks
happened on Wednesdays and Thursdays, the study said, without offering
an explanation as to why.

The report was based on data collected from computer logs at about 400
Riptech customers spread across more than 30 countries. Riptech
monitors customer logs and traces attacks back to their purported
source.

Determining where attacks come from is complicated, said Tim Belcher,
chief technology officer at Riptech. While most attacks can be traced
back to what is believed to be the source country, it is possible for
malicious hackers to hide their exact location.

Still, 93 percent of the attackers monitored in the study were only
active on one day, leading the company to believe they were launching
attacks directly rather than going through another "zombie" system to
hide their tracks, Belcher said.

Forty percent of the attacks in the first half of this year appeared
to have come from the United States, followed by 7.6 percent from
Germany, 7.4 percent from South Korea and 6.9 percent from China.

Although the United States is the source of most of the attacks, it
also has the largest economy and a large share of internet users. To
get a more fair representation, the study also looked at attacks based
on population of internet users in each country, Belcher said.

Of countries with more than 1 million internet users, Israel had about
33 attacks per 10,000 users, followed by Hong Kong with 22 attacks per
10,000 users.

Of countries with fewer than 1 million internet users but more than
100,000, Kuwait had 50 attacks per 10,000 users, followed by Iran with
30 attacks per 10,000 users.

Attacks down in the US

A second survey, also released on Monday, showed reports of cyber
attacks may be waning in the United States.

Of the nearly 3,500 US companies and security professionals polled for
the InformationWeek magazine survey, 44 percent said they experienced
a virus, worm or Trojan horse attack, in which malicious software
masquerades as a legitimate program, down from 70 percent a year ago.

Reports of denial of service attacks, another common attack method
that is the internet equivalent to getting a busy signal from too many
phone calls, were also down slightly, the survey found.

"Although three in five firms report a security breach or espionage in
the last year, the frequency of security incidents in the United
States - regardless of type - is down in 2002," the InformationWeek
survey said.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.