There are specific periods when Web servers are most vulnerable to hacker attacks, says Dino Covotsos, MD and founder of IT security provider Telspace.
Covotsos has undertaken research that reveals the holiday season of November to January each year is when most hacker attacks occur. Attacks during this peak period rise to almost double the height of previous hacking peaks over the past two years.
Covotsos argues that this end-of-year spike is partly due to hackers having more free time to escalate their attacks during the holiday season. This could mean that hackers tend to be either college students or employed individuals, whose schedules allow them this year-end window to escalate their attacks.
Peak attack periods occurred from November to January during 2002-2004 while lesser peaks occurred in August and July. The hacker monitoring site that generates these statistics, Zone-H (www.zone-h.org), reveals the intriguing fact that hackers` major motivation in these high-attack times is "just for fun".
Despite this rather frivolous intention, nearly all the other motivations shown up by the Zone-H poll reveal an upward trend in the holiday season. Hackers wreak their damage for reasons that range from challenging their ingenuity to making a political statement. But their desire for revenge against Web sites that have offended them goes down, suggesting they`re more relaxed in the spirit of the silly season.
But the most important thing to realise is that hacker attacks are happening all the time, warns Covotsos. For example, hackers called the Infektion Group defaced 37 South African sites out of a total of 94 sites they attacked on just one day in April this year - and that was the tip of the iceberg in this group`s assault tally.
Hackers like these deface thousands of Web sites in their offensives, but Covotsos points out that there are different types of attacks. "We have to differentiate between single attacks and mass defacements," he says. "Some servers are dedicated to hosting only one Web site and so would be vulnerable to a single attack. A mass defacement occurs when a Web server hosts numerous sites that are compromised by one attack."
The problem is that after hackers have gained entry to a server, all the information on that machine is vulnerable - everything from payroll books to client lists and personal details are free to be saved onto the hacker`s hard disk to do with as he wishes.
Hackers first find a vulnerability in one of the Web sites being hosted. "Once they have access to that box they can create a redundant code script that replaces all the index files for Web sites on that machine," explains Covotsos, "so it can take just a few minutes to deface all sites at that IP address."
So far 2005 has not been a very good year for South African Web site defacements. There have been many raids on local sites, although Covotsos observes that SA is not a hacker target specifically - "it is just that hackers or groups of hackers are finding vulnerabilities in our servers", he observes.
The Telspace MD states that companies have to face the fact that hacking is a ubiquitous reality. There are no 100% effective prevention strategies, but companies can minimise their risk.
To help combat the hacking threat, Telspace is currently offering free IT security audits in the month of May to SMEs - the sector that is most vulnerable to this kind of assault. The surveys (limited to one assessment per company) cover the full range of information security policy ranging from fail safe measures to steps to prevent corporate espionage, backups, data integrity, file server bug fixes and new security holes.
The resulting comprehensive reports on network security show exactly where security weaknesses exist as well as what can be done to resolve them. Telspace can use these details to deliver the relevant security solutions that range from small bug fixes to full-scale, enterprise level firewalls, while client privacy is protected by a non-disclosure agreement.
Whatever course of action you decide on for your company IT security, it`s clear that preventative measures are essential. Covotsos points out that even well-secured sites are hacked and that most major Internet sites experience a security breach at some time or another. "It is a competition between the top attackers in the world," he says.
"Globally even government sites get broken into on a daily basis, despite their heavy security. For example, in the last 24 hours you can see about 20 high profile sites around the world that have been broken into."
You might think that simple Web site defacements are not much to worry about - but Covotsos warns that the real danger is that server break-ins can also compromise your business and personal information. The hacker can potentially access all the information on the server and on other PCs connected to it on the network. This gives these data pirates the power to steal critical data or even force your business offline.
"You know you have a problem as soon as somebody defaces your site," he says, "but top class hackers don`t show that they have broken into your machine. You might never know if somebody has broken into a server, so we have system checkers to show backdoors on your system and virus-scanners that detect possible security breaches."
Smart administration also helps. Covotsos observes that many attacks make use of basic configuration mistakes that hand them a quick passport to defacing the site. Still, Covotsos is concerned at the fact that many hackers will gatecrash a server just for fun. "They can utilise your server to do anything they want and there is nothing to stop them erasing everything on your hard drive," he remarks.
Telspace has several years` experience in combating attacks and has found that there are many different reasons why hackers break into Web sites. There are a few instances where angry, disgruntled employees hacked a server in revenge, but the majority of public attacks originate from overseas.
Telspace has found that South African companies have an alarming tendency to ignore the fact that sites are being defaced. "The public are largely unaware of the risks associated with defacement," Covotsos observes.
"This is true even in large corporates that host their Web sites on their own network - once hackers gain access to the site they have free reign on that network. Too often by the time the company has realised what`s happening it is too late and they have lost everything."
While it`s clear that hacker attacks peak at particular times, it is essential to note that hackers are hitting sites all the time. As Covotsos emphasises: "Security is something that should be done on an ongoing basis - it is not a once-off investment. Once companies realise that they will be a lot safer."
If you are interested in keeping hackers at bay, formulating a security policy or even just asking about security packages, you can call Covotsos directly to chat about your security needs on 0823529296 or e-mail him on dino@telspace.co.za. You will find the Telspace Web site at http://www.telspace.co.za.