Zone-H.org, an organization that monitors and catalogues Web attacks often using intelligence provided by the attackers themselves, said Web server attacks and site defacements are up sharply -- a trend to continue as more users adopt VoIP technology. But do the findings illustrate true havoc or just hyperbole? As far as one IT professional is concerned, it's hard to tell.
"Are Web server defacements up because the number of Web servers has increased proportionately, or because there's more vulnerabilities?" Paul Schmehl, adjunct information security officer for the University of Texas at Dallas and a founding member of the Anti-Virus Information Exchange Network, asked by e-mail. "If you take their argument for the projected increase, it's due to more Web servers, not more vulnerabilities. It's axiomatic that an increase in the number of servers will be followed by an increase in the number of servers hacked, because some percentage of the servers will always be vulnerable due to negligence, ignorance or other causes."
Zone-H's findings -- that Web server attacks and site defacements were up 36% in 2004
"Once GSM telephone platforms are replaced by VoIP /3G phones which work in the same way as Internet servers (they each might have their own IP address) the number of Web servers will increase to 1.5 billion," Zone-H founder Roberto Preatoni said in a prepared statement. "Each of these phones/terminals will be potentially subject to the same vulnerabilities as traditional Web servers and personal computers… By a process of simple multiplication there could be as many as 80,000 hacks a day on… devices that will often hold the digital equivalent of someone's life! The same hacks could even turn the phones/terminals into remote-controlled snooping devices leading to a complete loss of privacy and opening the way to massive industrial espionage incidents."
Among other things, the organization cataloged:
- 392,545 web server attacks in 2004, a 36% increase from the previous year;
- 70,357 single defacements and 322,188 mass defacements for 2004;
- 186 special attacks on U.S. governmental servers;
- 3,918 special attacks on worldwide compromised governmental domains; and
- 194,905 single IP attacks between 2000 and 2004.
Zone-H said its database contains information on nearly a million server intrusions spanning several years and that its volunteers receive about 2,500 attack notifications a day. It verifies and catalogues such information as the timestamp of an attack, the software version of the Web server, the operating system, motivation of the attacker and other technical details.
Preatoni added by e-mail that Zone-H has a permanent staff of 50 volunteers worldwide covering all time zones "whose job is to verify and eventually archive the notified intrusions while the intrusions are notified 99% of the time by the same attackers. Believe it or not, it's a common practice in the world of defacers as by definition it is their own interest to generate as much attention as possible."
He said anyone can anonymously notify Zone-H of a server intrusion simply by accessing its notification page.
Zone-H said it does not condone, promote and/or participate in attacks recorded within it database.
As for Preatoni's warning about VoIP, Schmehl said, "I'm not knowledgeable enough of VoIP to know if the 3G phones have a server or simply a client in them. Furthermore, if it is a server, does it have active content capabilities? If not, this is a moot point." Saying "they each have their own IP address" is a long way from "they each have web servers," he added.
"Overall, it sounds like the usual FUD to sell security 'solutions,'" he said.