Study Determines Hacking Frequency and Behavior

Four Linux computers with vulnerable passwords were left online for 24 hours to determine the trend of attacks on them. This was the preparation a researcher made to conduct a study at the University of Maryland. According to his observation, the computers received 270,000 hacking attempts. That comes to one attempt per 39 seconds.

Assistant professor Michel Cukier's study tried to assess the activities of 'brute force' hackers to find out which usernames and passwords draw hackers' interest and what they do with a computer they access illegally.

TV and films project these kinds of hackers as people who are disgruntled by some organizations and therefore target them to invade their computers. However, according to Cukier, in reality the attackers use automated scripts that randomly search several computers simultaneously, having vulnerabilities.

In a press release, Cukier noted that their study gathered figurative evidence that hacking attacks occur throughout the time to computers connected to the Internet. The study found that there were on average 2,244 attacks on their computers each day.

To encourage hackers to perform their activities Cukier and two of his students set traps on four online Linux computers. They recorded the behavior of the individual PCs after experiencing attacks. Cukier and the others found that most of them arrived from relatively unskilled hackers who used 'dictionary scripts', a program that works on common usernames and passwords in trying to compromise computers.

The most common username is 'root', which is the default for the majority of users. These amateurs who have not learnt how to change their account information are most vulnerable. Other usernames in the 'dictionary scripts' are 'info', 'test', 'guest', 'mysql', 'administrator', 'oracle', 'adm' and 'user'. Cukier therefore advises to avoid employing these terms as usernames.

The researchers also found, hackers were most of the time successful in guessing passwords by re-entering or trying variations of the username. This proved correct with 43% of the attempts of password guessing. The username with 123 joined to it was the second most preferred choice.

Cukier said hackers' most popular motive to access remote computers is to establish botnets for identity theft.

Related article: Stock Spamming On the Rise

» SPAMfighter News - 2/13/2007