Israeli Internet Hacking Analysis for 2000 Hank Nussbacher hank@interall. co. il Internet Society of Israel Conference Tel Aviv, Israel, March 4, 2001 1
Israeli Internet Hacking Analysis for 2000 2 Preamble l The word hacking is used to mean cracking systems l Raw data: incident reports and Excel spreadsheet won’t be made available so don’t ask for it! l Names listed in this presentation have not been changed so as to not protect the innocent
Israeli Internet Hacking Analysis for 2000 From where does the data come? l My name registered on most Israeli IP blocks as contact - hank@isoc. org. il l , 192. 116. 0. 0/16 , 192. 115. 0. 0/16 , 192. 114. 0. 0/16 192. 118. 0. 0/16 , 192. 117. 0. 0/16 l Users report incidents to cert@cert. ac. il l Firewall logs, Jammer, Black. ICE l Users report incidents to contact name for. il domain l My estimate is that only 50% of incidents reach me (other than for IBM -> AT&T( 3
Israeli Internet Hacking Analysis for 2000 How many incidents reported? l 385 : 2000259 : 1999 l How many incidents reported that involved Israelis hacking foreign sites? l 272 : 2000238 : 1999 l How many incidents reported that involved foreigners hacking Israeli sites? l 99 : 200010 : 1999 l How many incidents reported that involved Israelis hacking Israeli sites? l 14 : 200011 : 1999 4
Israeli Internet Hacking Analysis for 2000 Monthly Distribution 5
Israeli Internet Hacking Analysis for 2000 From which ISPs? l Only those that had more than 10 incidents recorded l AT&T has all incidents recorded - since I am recorded as contact for their IPs l the other ISPs are underrecorded 6
Israeli Internet Hacking Analysis for 2000 Which domains are being hacked l Most attacked sites: l home. com (15( l llnl. gov (22( l ornl. gov (10( l cw. net (9( l renater. fr (8( l rr. com (7( l vt. edu (7( 7
Israeli Internet Hacking Analysis for 2000 8 Are the attacks successful? l 13% of reported attacks in 1999 are successful l 28% of reported attacks in 2000 are successful l most are site defacements l Which ISP has the most successful hackers? l Internet Zahav
Israeli Internet Hacking Analysis for 2000 What were the most popular attacks in 1999? l l Port scans - 32% Telnet attempts - 11% Netbus and Back Orifice - 10% Do. S - 8% l Smurf, Mail bombing, Win. Nuke, SYN flooding l RPC attacks - 5% 9
Israeli Internet Hacking Analysis for 2000 What were the most popular attacks in 2000? l Site defacements - 25% l only 2 out of 94 site defacements happened before Rosh Ha. Shana l l l Port scans - 21% Netbus, Sub-7, Hacka’Tack and Back Orifice - 17% FTP scans - 6% Telnet attempts - 5% Do. S - 4% l Smurf, Mail bombing, Win. Nuke, SYN flooding 10
Israeli Internet Hacking Analysis for 2000 11 Site defacements l First recorded site defacement - most. gov. il April 23, 2000 l Second recorded site defacement webgate. co. il - June 27, 2000 l Third recorded site defacement tel -aviv. gov. il - Aug 29, 2000 l October 3 - start of massive site defacements
Israeli Internet Hacking Analysis for 2000 12 Site defacements - part II l Last 3 months l - 57 co. il l - 27 ac. il l - 4 org. il l - 1 k 12. il l - 1 gov. il l - 1 net. il l Total - 88 site defacements l On December 29, 80+ sites defaced by Gforce Pakistan - #1 defacer group in the world
Israeli Internet Hacking Analysis for 2000 Site defacements - part III l Many other countries with many more site defacements l Brazil - 683 l UK - 234 l Mexico - 207 l To see more details: l http: //www. attrition. org/mirror/attrition/months. html 13
Israeli Internet Hacking Analysis for 2000 Site defacements - part IV 14
Israeli Internet Hacking Analysis for 2000 Site defacements - part V 15
Israeli Internet Hacking Analysis for 2000 Which IPs are the worst hackers? l 192. 115. 216. 131 -159 l Jan 2 - Sept 30, 2000 l 33 reported incidents l Netbus, BO, Sub-7 scans to mainly. com &. net l belongs to AT&T l 192. 116. 226. 252 l Jan 10 - July 5, 2000 l 16 reported incidents l SNMP, ICMP, port scans to many. gov sites l belongs to Internet Zahav 16
Israeli Internet Hacking Analysis for 2000 17 Lessons learned l Israeli ISPs don’t want to handle the problem l too much work and effort involved • legal - lawyers don’t understand hacking, courts give lenient sentences • police - overworked, lack of public interest l too few skills to handle the problem • Good security sysadmins earn over 20 K NIS/month l lose of revenue if customer leaves l Survival of the fittest l Arab hackers doing us a favor in weeding out the sites with poor server security
Скачать презентацию Israeli Internet Hacking Analysis for 2000 Hank Nussbacher
3c19984660ef61087aabc7f5be37cb43.ppt