Expert slams outlandish hacker claims

Security expert Neil Barrett has poured scorn on research released this week claiming that hackers are in control of at least three million servers around the world.

Intrusion prevention system vendor Trustcorps said that it had "scientific and anecdotal" research indicating that the average hacker 'owns' between 600 and 800 systems at any time.

The company estimated that there are at least 1,000 hacker groups, with an average of five hackers per group each owning at least 600 systems. Each hacker will own a compromised system for six months on average.

An extrapolation of these statistics by the security firm suggests that there are a minimum of three million systems owned by hackers at any one time.

"Much hacking is focused simply on 'ownership': knowing that you have complete and unfettered access to, and control over, a system," said Trustcorps.

"It is extremely desirable for someone to 'own' millions of dollars worth of computing power, and for the people they have 'stolen' it from to be completely unaware."

But Barrett, technical director at Information Risk Management, questioned how any hacker could own 600 computers at any one time.

From his experience working with the police, he said that hackers typically control no more than 12 systems at any time.

"The sheer mechanics of 600 computers - no. How can you control 600 computers?" he said.

Barrett added that a system is often not 'owned' by a single hacker, because others will have discovered the vulnerabilities as well.

But Trustcorps insisted that, while some hackers will launch targeted attacks on specific systems, taking weeks or months to penetrate them, this is unusual because much hacking is automated and indiscriminate.

Hackers use automated scanning tools to search for systems they can attack successfully. This way they can penetrate and own hundreds or even thousands of machines in a few hours, the company claimed.