A hack too far: Charity site defaced - experts fear epidemic

NEWS Late last night, the Brazilian group hacked into the computer system of the Parkinson's Disease Foundation, which offers information and support for people suffering from the incurable neurological condition, and defaced it with obscene messages and offensive images. The site wasn't the only victim of the South American outfit. The Associated Press was also forced to shut down its web operations during a two-hour clean up operation, after the 10 strong hacker team unleashed what they called "hacker fury" on the site. And it seems the latest bout of attacks may only be the tip of the iceberg. Dr Neil Barrett from Information Risk Management warned that we should expect more online defacements. He said: "The number of attacks fluctuates right now, these things usually come in cycles. It's possibly on the increase due to the sheer number of websites out there. "It's such a simple thing to do, there are so many remote vulnerabilities, a hacker can just waltz up and go straight into a system." Gunter Ollman, principal consultant with Internet Security Solutions, agreed that attacks like the Parkinson's Disease Foundation defacement could be part of a more widespread issue as the hacker tool sets and knowledge to exploit security holes increases. Ollman said: "Mass attacks are easily possible. It is possible for a hacker to conduct a survey of specific IP web servers, logging them in a database. "When a hole or vulnerability appears in a system it's possible to use this database to mass attack many websites in a single day." Web defacement statistician Attrition.org concluded from a survey of affected sites that almost 60 per cent of defaced web servers ran Microsoft's Windows NT platform. However, both experts agreed that the vast numbers using Microsoft products were probably the main reason for the especially high numbers of security breaches, particularly in e-business applications. Barrett placed the emphasis on systems administrators to uphold company security. "Admin systems employees should be aware and keep on top of the security holes, they should know about the holes before they are hit. The best way is to monitor bulletin boards and fix a problem before it happens."