Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Israeli Internet Hacking Analysis for 2000 Hank Nussbacher Internet Society of Israel Conference Tel Aviv, Israel, March 4, 2001.

Published byAdelia Flowers Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Israeli Internet Hacking Analysis for 2000 Hank Nussbacher Internet Society of Israel Conference Tel Aviv, Israel, March 4, 2001."— Presentation transcript:

1 1 Israeli Internet Hacking Analysis for 2000 Hank Nussbacher hank@interall.co.il Internet Society of Israel Conference Tel Aviv, Israel, March 4, 2001

2 2 Israeli Internet Hacking Analysis for 2000 Preamble lThe word hacking is used to mean cracking systems lRaw data: incident reports and Excel spreadsheet won’t be made available so don’t ask for it! lNames listed in this presentation have not been changed so as to not protect the innocent

3 3 Israeli Internet Hacking Analysis for 2000 From where does the data come? lMy name registered on most Israeli IP blocks as contact - hank@isoc.org.il l 192.114.0.0/16, 192.115.0.0/16, 192.116.0.0/16, 192.117.0.0/16, 192.118.0.0/16 lUsers report incidents to cert@cert.ac.il l Firewall logs, Jammer, BlackICE lUsers report incidents to contact name for.il domain lMy estimate is that only 50% of incidents reach me (other than for IBM -> AT&T)

4 4 Israeli Internet Hacking Analysis for 2000 How many incidents reported? lHow many incidents reported? l 1999: 2592000: 385 lHow many incidents reported that involved Israelis hacking foreign sites? l 1999: 2382000: 272 lHow many incidents reported that involved foreigners hacking Israeli sites? l 1999: 102000: 99 lHow many incidents reported that involved Israelis hacking Israeli sites? l 1999: 112000: 14

5 5 Israeli Internet Hacking Analysis for 2000 Monthly Distribution

6 6 Israeli Internet Hacking Analysis for 2000 From which ISPs? lOnly those that had more than 10 incidents recorded lAT&T has all incidents recorded - since I am recorded as contact for their IPs l the other ISPs are underrecorded

7 7 Israeli Internet Hacking Analysis for 2000 Which domains are being hacked lMost attacked sites: l home.com (15) l llnl.gov (22) l ornl.gov (10) l cw.net (9) l renater.fr (8) l rr.com (7) l vt.edu (7)

8 8 Israeli Internet Hacking Analysis for 2000 Are the attacks successful? l13% of reported attacks in 1999 are successful l28% of reported attacks in 2000 are successful l most are site defacements lWhich ISP has the most successful hackers? l Internet Zahav

9 9 Israeli Internet Hacking Analysis for 2000 What were the most popular attacks in 1999? lPort scans - 32% lTelnet attempts - 11% lNetbus and Back Orifice - 10% lDoS - 8% l Smurf, Mail bombing, WinNuke, SYN flooding lRPC attacks - 5%

10 10 Israeli Internet Hacking Analysis for 2000 What were the most popular attacks in 2000? lSite defacements - 25% l only 2 out of 94 site defacements happened before Rosh HaShana lPort scans - 21% lNetbus, Sub-7, Hacka’Tack and Back Orifice - 17% lFTP scans - 6% lTelnet attempts - 5% lDoS - 4% l Smurf, Mail bombing, WinNuke, SYN flooding

11 11 Israeli Internet Hacking Analysis for 2000 Site defacements lFirst recorded site defacement - most.gov.il - April 23, 2000 lSecond recorded site defacement - webgate.co.il - June 27, 2000 lThird recorded site defacement - tel-aviv.gov.il - Aug 29, 2000 lOctober 3 - start of massive site defacements

12 12 Israeli Internet Hacking Analysis for 2000 Site defacements - part II lLast 3 months l 57 - co.il l 27 - ac.il l 4 - org.il l 1 - k12.il l 1 - gov.il l 1 - net.il l Total - 88 site defacements lOn December 29, 80+ sites defaced by Gforce Pakistan - #1 defacer group in the world

13 13 Israeli Internet Hacking Analysis for 2000 Site defacements - part III lMany other countries with many more site defacements l Brazil - 683 l UK - 234 l Mexico - 207 lTo see more details: l http://www.attrition.org/mirror/attrition/months.html

14 14 Israeli Internet Hacking Analysis for 2000 Site defacements - part IV

15 15 Israeli Internet Hacking Analysis for 2000 Site defacements - part V

16 16 Israeli Internet Hacking Analysis for 2000 Which IPs are the worst hackers? l192.115.216.131-159 l Jan 2 - Sept 30, 2000 l 33 reported incidents l Netbus, BO, Sub-7 scans to mainly.com &.net l belongs to AT&T l192.116.226.252 l Jan 10 - July 5, 2000 l 16 reported incidents l SNMP, ICMP, port scans to many.gov sites l belongs to Internet Zahav

17 17 Israeli Internet Hacking Analysis for 2000 Lessons learned lIsraeli ISPs don’t want to handle the problem l too much work and effort involved legal - lawyers don’t understand hacking, courts give lenient sentences police - overworked, lack of public interest l too few skills to handle the problem Good security sysadmins earn over 20K NIS/month l lose of revenue if customer leaves lSurvival of the fittest l Arab hackers doing us a favor in weeding out the sites with poor server security

Download ppt "1 Israeli Internet Hacking Analysis for 2000 Hank Nussbacher Internet Society of Israel Conference Tel Aviv, Israel, March 4, 2001."

Similar presentations

Computer Emergency Response Teams

Computer Emergency Response Teams
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.

Net security - budi rahardjo Overview of Network Security Budi Rahardjo CISCO seminar 13 March 2002.
Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.

Internet Threats Denial Of Service Attacks “The wonderful thing about the Internet is that you’re connected to everyone else. The terrible thing about.
Crowd Funding – Legal and other Issues Recent Legal Developments affecting the Technology Industry Conference July 25, 2013 Dr. Ayal Shenhav, Adv.

Crowd Funding – Legal and other Issues Recent Legal Developments affecting the Technology Industry Conference July 25, 2013 Dr. Ayal Shenhav, Adv.
Consortium Conference 13 July 2012 Operational Developments Ian Lehmann Chief Operations Officer London Grid for Learning.

Consortium Conference 13 July 2012 Operational Developments Ian Lehmann Chief Operations Officer London Grid for Learning.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.

Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
CS682- Network Management and Security Prof. Katz.

CS682- Network Management and Security Prof. Katz.
Information Security Overview in the Israeli E-Government April 2010 Ministry of Finance – Accountant General E-government Division.

Information Security Overview in the Israeli E-Government April 2010 Ministry of Finance – Accountant General E-government Division.
Web Defacement Anh Nguyen May 6 th, 2010. Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.

Web Defacement Anh Nguyen May 6 th, Organization Introduction How Hackers Deface Web Pages Solutions to Web Defacement Conclusions 2.
Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.
Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense
1 Telstra in Confidence Managing Security for our Mobile Technology.

1 Telstra in Confidence Managing Security for our Mobile Technology.
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=
Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.

Cyberspace and the Police Mamoru TAKAHASHI Head of Computer Forensic Center, Hi-tech Crime Technology Division National Police Agency, Japan.
I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=

I.1 ii.2 iii.3 iv.4 1+1=. i.1 ii.2 iii.3 iv.4 1+1=
100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.

100% Security “ The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete.
Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Attack Profiles CS-480b Dick Steflik Attack Categories Denial-of-Service Exploitation Attacks Information Gathering Attacks Disinformation Attacks.

Similar presentations

Ads by Google