Very Important

[shn]

A little far fetched but this is an example of what happens when you:

Do not update or refuse to use antivirus software
Fail to have sufficient firewall (software or router)
Think that getting hacked wont happen to you.
Neglect to consider the fact that your box could be compromised right now

Expert slams outlandish hacker claims
By Robert Jaques [27-06-2003]
Suggestion that hackers control three million servers is 'nonsense'


Security expert Neil Barrett has poured scorn on research released this week claiming that hackers are in control of at least three million servers around the world.

Intrusion prevention system vendor Trustcorps said that it had "scientific and anecdotal" research indicating that the average hacker 'owns' between 600 and 800 systems at any time.

The company estimated that there are at least 1,000 hacker groups, with an average of five hackers per group each owning at least 600 systems. Each hacker will own a compromised system for six months on average.

An extrapolation of these statistics by the security firm suggests that there are a minimum of three million systems owned by hackers at any one time.

"Much hacking is focused simply on 'ownership': knowing that you have complete and unfettered access to, and control over, a system," said Trustcorps.

"It is extremely desirable for someone to 'own' millions of dollars worth of computing power, and for the people they have 'stolen' it from to be completely unaware."

But Barrett, technical director at Information Risk Management, questioned how any hacker could own 600 computers at any one time.

From his experience working with the police, he said that hackers typically control no more than 12 systems at any time.

"The sheer mechanics of 600 computers - no. How can you control 600 computers?" he said.

Barrett added that a system is often not 'owned' by a single hacker, because others will have discovered the vulnerabilities as well.

But Trustcorps insisted that, while some hackers will launch targeted attacks on specific systems, taking weeks or months to penetrate them, this is unusual because much hacking is automated and indiscriminate.

Hackers use automated scanning tools to search for systems they can attack successfully. This way they can penetrate and own hundreds or even thousands of machines in a few hours, the company claimed.

Source -- http://www.vnunet.com/News/1141901

[I.am]

Good article shn. Hope this enlightens the users who laugh at the people who use firewall and are a little paranoid.

[muchspl2]

where's the ass that said anyone who uses a AV and firewall were stupid
what a tool he was, compleatly oblives to all the shit on the net, he also said he was the "founder/owner" of gamecopyworld in his sig

[Maximus359]

Dam they know I best pack me bags, sell the house, blow up the PC after smashing it & run

[h1]

Firewalls are your friend.

[Robert00000]

Whats the most popular method of hacker attack (to gain control of a server), is it bruteforce?

If so it can easily be prevented by using longer passwords and a more varied combination of characters, but too many people don't.

I've seen many hackers use accessdiver and other bruteforce software to gain entry into other peoples accounts (used it myself to test security of my server). But these software can only gain access if the login info has common words in them.

If repeated failure from a particular proxy is detected it can be blocked by installing a script on the server.

The reason a lot of servers are vulnerable is because the people who run them don't know much about security, and so get attacked.

As for home pc's, i think strong firewall should be installed by default on the OS, something similar to zonealarm with component varification activated. This way people who use it will be forced to learn about the security of their system.

[SeK612]

Access Driver struggles if a server has a proxy killer (basically blocks the IP after a few incorrect logins) or spits out fake logins. Of course some of these protections can be gotten around using different programs but on the whole they act as a pretty good deterent.

[mogadishu]

You can use various programs to leech proxies from the web (hundreds of thousands at a time) then test them in a proxy analyzer that uses a proxy judge. I did this one on my friends server and sure enough I got 2 hits.. (heh they were something like username:password and admin:password) But anyway.. you can get like 10,000 working proxies then the scropts that block those proxies can block all they want, u still have a ton.

But do you really have access to the whole server ( i didnt try beyond changing a few settings)? I would think the hackers have more advanced tools than access diver.

[SeK612]

Yes you can get around a proxy killer with lots of proxies. I believe you can get around fake pass servers using other programs (Sentry is one I've heard of). In my experience programs like Access Driver are used mostly for brute forcing porn sites and getting access for free. Actually breeching a top level server (and doing stuff like changing the sites pages) takes alot more work and loads of different methods.

[mogadishu]

yea, i used access diver to get into his php control thingi.. i forget what it was called.