Hackers turn on open source

The hacker underground appears to be moving away from targeting Microsoft, as May turns out to be a hot month for attacks on open source security.

Security watchers warned this week that May has seen a dramatic increase in defacements on Linux boxes, most noticeably on those from German speaking domains.

Websites associated with Germany (.de) and German speaking countries such as Austria (.at) and Switzerland (.ch) have been the hardest hit of the open source community.

Figures from analyst mi2g reveal that a total of 556 .de sites were defaced in 2001, but the figures for this year so far is already pushing the 1,000 barrier. Almost 300 of these have taken place this month.

There has been no distinction drawn between hosts, with hotels, retail business, universities and internet service providers all being targeted.

The reason for hitting German speaking domains is unclear, but a majority of hacks appear to have been carried out by the same group, hax0rs lab.

The group has been responsible for around 64 per cent of .de defacements this year. But one of the more interesting aspects is that hax0rs lab seems to be almost exclusively targeting servers running on Linux, and hitting just a few Solaris and FreeBSD boxes along the way.

"So far, the security balance appeared to be tilting against proprietary applications, but the recent wave of German attacks has shown that vulnerabilities within open source applications can be just as easily exploited," said DK Matai, chairman and chief executive of mi2g.

Even with something like Linux, believed by some to be more secure, Matai said: "There is no substitute for configuration management, which includes downloading the latest patches in a world of 24/7 connectivity."

There do not appear to be any specific nationalistic issues at stake with the German defacements, and messages left by the hackers are of the general "you have been owned" variety.

But one feature of the defacements is that some sites are virtually hosted and therefore associated with a single IP address so, if one site gets defaced, a number of others will too.

"Growth in the deployment of virtual hosting systems, where a single machine hosts many websites, is fast becoming a substantial source of digital risk," warned Matai.

Mi2g said this was indicative of the fact that the overall figure for website defacements in 2001 was 31,291 while in 2002 the number so far is 12,116.