New research has shown most websites found vulnerable to attack where hackers could potentially infiltrate over one third of internet sites with basic attacks. By combining these newly discovered opportunities for attacks with denial-of-service hacks, the potential number rises to 85 percent of the web being susceptible to hacker takeover.
Assistant Professor Emin Gun Sirer and Venugopalan Ramasubramanian of Cornell University’s Computer Science Department were the researchers analyzing the way the internet’s addressing system operates when they discovered this previously unrealized vulnerability. They recommended big changes should be made to the web’s addressing systems to prevent it from happening.
When a computer is told to visit a site online, it consults domain name servers (the internet’s address books), which tell it where to find the website. Sites are made susceptible to attack due to the large number of computers that must be contacted in this process.
An average of 46 computers which hold different information are used to locate the host of one website, according to Professor Sirer. Different computers hold knowledge of separate parts of internet addresses. A skilled hacker could take advantage of the holes in these chains relatively easily. Professor Sirer said, “The growth of the internet has caused these dependencies to emerge. Instead of having to compromise one you can compromise any one of the three dozen.”
Statistics about over half a million computers were compiled and analyzed for this research. Hundreds of thousands of websites are susceptible to the potential of being taken over by hackers. In addition to individual sites, it was discovered that 17 percent of internet host servers could be easily exploited.
In order to keep the internet’s addressing system afloat, the data of this research must be made available to the public. According to Professor Sirer, part of the FBI’s website was susceptible to takeover. A solution for a commonly known bug had not been installed. The researchers let the FBI know about this problem and it has since been fixed. Researchers also discovered that the The Roman Catholic Church of Ukraine’s website was the most open to attack, of the sites included in the research.
One potential way that hackers could use these vulnerabilities is to steal login details and other personal information from site users. They would do this by redirecting traffic from one site onto another look-alike website. They would be able to use this information to commit fraud and identity theft.
Tags: hackers, internet attacks, internet hackers
Share With Others
(1 votes, average: 5 out of 5)
Loading ...
May 5th, 2008 at 12:58 am
As a webmaster, I am used to staying current with the many security issues that can affect our site. It seems hackers are always finding new ways to hack into websites so I try to make a point to stay up on the latest security holes and how best to plug them. One thing I know for sure is that choosing a safe web hosting with good security policies and procedures can go a long way in protecting your site.
May 5th, 2008 at 4:22 am
This is the reason why spyware removal software was created in the first place. Such spyware gathers information like name, credit card numbers and those passwords that we are trying to keep hidden. The best way to prevent such theft is to upgrade your spyware removal software every time so see a new update.
May 5th, 2008 at 10:49 am
I’ve been a professional software developer for years and recently started working for a company certified with ISO 27001 (Computer and Data security) ,when I interview developers I’m scared when I talk to some of them.
They have no knowledge of code security, buffer overruns and SQL injections and they don’t seem to understand that their sloppiness can open up every system with their code to possible attack and compromise.
Those and legions of developers like them are responsible for most of the software developed today, so its hardly a surprise that there are many problems as their are.
May 5th, 2008 at 10:11 pm
You have to step back and take a look at those numbers though. How many sites on the internet are just little personal websites or sites made by kids etc… I doubt that hackers could take over 1/3 of sites that matter. As in business related sites, eCommerce sites and the like.
May 6th, 2008 at 1:31 am
Website owners must take all necessary precautions to fortfy themselves against hackers and spammers. To ignore the risk in order to save money will be penny wise and pound foolish. We must be always be viligant and one step ahead of these bad elements.
May 6th, 2008 at 3:25 am
If they are determined enough, the hackers will always find a way to hack a site. But are 1/3rd of these sites worth attacking? If you have really valuable website then you must spend good money on a reliable host and keeping up to date with the security issues. I know there are always some people who are foolish enough to not care but then its their fault. For example in the FBI issue either they don’t care about the site or dont have competent programmers or else they would have found the security hole themselves.
May 6th, 2008 at 5:13 pm
I also think that part of the problem might be that the people who could provide the security needed just charge way too much for their services. Personally I think that most designers charge too much but the average person can get around that by using a free building service. I’m not aware of any “security for dummies” type sites that the average Joe could use though.
May 7th, 2008 at 9:38 pm
Not only are websites are at risk.
Mobile networks and cellphones are becoming more of a target for criminals with a technical bent according to the BBC. This transition from online into the mobile space are usually in the form of trojans that exploit mobile payment systems such as premium rate SMS.
May 10th, 2008 at 12:39 am
With all these security problems that have been discovered lately, what will be the best solution for it? Do we need to convert our sites from HTTP to HTTPS just to ensure security? Adding extra security features slows down our site and I think hackers will always find a way in. I just hope someone will come up with a solution for this.
May 10th, 2008 at 5:39 am
I am aware that not everyone who gets online knows about phishing and similar ploys used by hackers to steal passwords and login information from people but it’s scary to think that the FBI website or websites containing sensitive information can be hacked that easily. My understanding was that there are highly qualified technical staff who monitor the security of such sites and fix the vulnerabilities even before people can detect them. Even so, I guess it’s not all that hard to imagine with so many computers accessing their sites, that information it could be intercepted with a minor error in one of them.
May 17th, 2008 at 9:42 am
I completely agree on this. Many websites are vulnerable to attacks from hackers. I have faced this problem recently and due to that I lost all posts from my blog. I tried to find out who did that but ended with nothing. Now I try to keep my blog well secured from such attacks.
May 19th, 2008 at 9:41 pm
As vtop said, its very difficult for the officials to have a look at the hackers. The site while developing itself, must be hacker free. Phishing can be dealt with easily these days. A recent example of this was the news that the Indian government servers were hacked by Chinese hackers. So the lesson here is everyone must be very safe.
May 21st, 2008 at 1:33 pm
This is very true. Especially if the word starts getting out that you are a rising star, then people assume you are still pretty new and do not know how to protect yourself. This causes numerous attempts to attack you. Think smart guys, a quick rise to success is not always a good thing.
May 24th, 2008 at 11:28 pm
The worst part is that the servers can be easily hacked. Most of the time they keep their ports available to take requests. Hackers take advantage of these ports to get the information they want. At least with using web 2.0 technology, I think this has been decreased.
June 22nd, 2008 at 11:52 pm
Unfortunately not all of the things are taught to developers that should be taught and further more most people trust others to ensure that their sites are safe. But the problem is they really do not know the level of experience the people in charge of managing the sites really have.