At least eight Australian institutions, including LaTrobe University, the University of Sydney, Southern Cross University and Monash University, have, between January and August this year, had their servers hacked. The potential ramifications of such attacks were starkly illustrated last weekend when the University of Oslo was hacked and 52,000 user passwords stolen.
The Oslo incident was a textbook example of a procedural deficiency causing a security breach.
The system administrators didn't realise that they had installed a copy of Microsoft SQL server on the machine that was later hacked, so they didn't apply relevant security patches to it.
Lax security patching is still among the most common methods of entry for hackers; Australian university systems targeted by hackers are often neglected and un-patched back-end servers, unimportant "bit player" machines in large networks.
The logged incidents all consisted of web site defacements, attacks intended to draw attention to themselves. More stealthy attacks, such as an attacker hacking into a system and "sniffing" user passwords, as was the case at Oslo University, are much more difficult to detect. The object of these attacks isn't to draw attention, as is the case with web site defacement, it's to avoid it.
Although alarmists are quick claim that hackers who can modify the content of a website can modify sensitive information such as student records, this is a rather unrealistic scenario. Student records in universities are stored in a much higher security environment than their back end servers, and are also protected by a robust audit trail.
The frequency of these security breaches is a concern, each individual breach represents a virtual foothold from which a hacker could propagate a more serious attack, but the logged incidents more closely represent cases of hacker tomfoolery than serious crime.
The vast majority of these hackers are never identified, let alone caught.
More up to date "hacker stats" are hard to obtain. In the past, hacking activity logs were recorded by Alldas.org, an online archive of defaced Web pages. Due to the high profile nature of Alldas, many hackers did not appreciate the "heat" caused by their activity being recorded and made public.
It is rumoured that Alldas disappeared (it is now offline) due to a series of denial of service attacks directed at them from disgruntled crackers.
Security news in context
Visit this page for ZDNet Australia's comprehensive coverage of the latest hack attacks.
What can I say. Just another bunch of sysop, editors and computer consultants blowing the story out of all proportions. One of our sysops made an estimate that about 5% out of many thousands attacks on our site are malicious. When asked if he has reported these to the police he said: “no, what is the point”. That is just the point. If he really believed that it would be reported. Yes, sometimes it is true, but hey not every probe at the firewall is a nasty uni student that hell bent on destruction. It is probably a script kiddie having fun, or more likely someone like me who can’t spell.
I am totally sceptical about the interpretations sysops put on these events. My guess is that the Internet is a big place where lots of activity is directed and misdirected every millisecond of the day. The paranoid and security conscious will always think the worst, but I think that this is nothing more than sysop wanking designed to make the management pay attention and keep the money rolling in for less than useful security geeks. Even worse consultants throwing oil on the fire for their own gain (remember Y2K).
I bit strong? Probably.
Ned