Record wave of hacking targets UK businesses
by Bill Goodwin, © 2002 ComputerWeekly.com Ltd.
All rights reserved
Cyber-attacks reached their highest-ever recorded level this month as
pro-Islamic groups launched a new wave of attacks in protest at western governments'
support of the war against terrorism and the threatened war against Iraq.
Wednesday, 30 October 2002 - The victims were not governments, but small-
and medium-sized companies, particularly in the US and UK, now considered
by politically-motivated hackers as legitimate economic targets.
Since the anniversary of the 11 September terror attacks, the number of malicious
hacking attempts reported worldwide have increased almost by a factor of three.
In just four weeks, digital attacks caused damage worldwide of more than £3.5bn,
as political hacking groups increasingly focus on what they perceive as economic
These politically-motivated attacks, in tandem with a new generation of computer
viruses which exploit specific software vulnerabilities, will lead to a projected
doubling in the annual cost of cyber-attacks in the coming year to £25bn.
The predictions, from security consultancy mi2g which maintains a
database of overt hacking attempts around the world, have raised questions
about the state of readiness of governments and the private sector for dealing
with the onslaught.
Much of the damage has been caused by small groups of politically-motivated
hackers equipped with a new generation of hacking tools that can scour the
Internet for computers with vulnerabilities and launch automated attacks.
One of the most prolific teams is a group known as the Unix Security Guards,
which opposes the US and the UK governments for their stance on the war against
terrorism. This group of only five hackers has been responsible for more than
1,500 attacks this month alone.
The tendency for software suppliers to add new features to their products
- and with them new security vulnerabilities - is one of the underlying causes
for the dramatic increase in malicious hacking.
"The emphasis has been on adding more features
and more bells and whistles," said DK Matai, mi2g's
chairman and CEO. "Nobody has focused on
robustness and resilience. Unfortunately
security is not an add-on feature. You have to architect the product right
from the beginning with a perspective on security," he
Despite its high-profile security initiatives, Microsoft's Windows has leapt
into first place as the favourite operating system for hackers, attracting
nearly 60% of the attacks compared to 25% for Linux.
But IT users must also bare their share of responsibility, Matai said. "We
still feel that board executives are not sufficiently interested in the whole
area of digital security," he said. "Often the patching of vulnerabilities
found in software can be delayed by two or three months. And even in some
less lethargic organisations, patching is left as an activity which is done
at the weekend."
SIPS Intelligence Briefing for October 2002, mi2g