------------------------------ Publication: The Age Publication date: 5-8-1997 Edition: Late Page no: 3 Section: COMPUTERS Length: 704 ------------------------------ Hacker attacks up nearly 400 per cent Byline: SUELETTE DREYFUS THE number of computer hacker attacks reported in Australia has more than doubled in the past year compared to the same period in 1996, according to AUSCERT, the Australian Computer Emergency Response Team. THE number of computer hacker attacks reported in Australia has more than doubled in the past year compared to the same period in 1996, according to AUSCERT, the Australian Computer Emergency Response Team. Much of the increase seems to be due to "script weenies" - unskilled or inexperienced hackers who use automated hacking programs. AUSCERT operational manager, Danny Smith, said these unskilled hackers relied on toolkits, which included a wide range of programs to help their hacking, because they often did not have a sophisticated understanding of how a computer system actually worked. "Some of these people have no idea what these toolkits do. All they know is that if they run this program, it will give them root access," Smith said. In one case, logs revealed a hacker who broke into a Unix system using an automated program, acquired root access and began typing DOS commands at the Unix shell prompt. While some sophisticated toolkits are carefully guarded prizes, held by only a few hackers, others are widely available. "I have personally seen more than 20 different versions of password sniffers - and that is just one type of toolkit," Smith said. Automated toolkits made it easy for a single hacker to attack a large number of sites in a short period and probably accounted for the record number of reported security incidents, Smith said. The dramatic increase in attacks by these inexperienced hackers appeared to contribute significantly to the record number of reported security incidents. The automated nature of some of the toolkits made it easy for one hacker to attack a large number of sites in a short period. The total number of incidents in July 1997 rose by 373 per cent, compared with the corresponding month in 1996, according to AUSCERT. It was the largest monthly increase since 1993, when AUSCERT was formed. AUSCERT tracked increases of 168 per cent in reported incidents in 1994, 191 per cent in 1995 and 171 per cent in 1996. The first seven months of 1997 showed a 230 per cent increase over the corresponding period of 1996. Seasonal trends in computer security incidents indicated a link with the academic calendar, Smith said, with rises in May and a seasonal peak in October and November. The overall increase in the number of incidents was roughly equivalent to the growth of the Internet. This year, however, there has been no seasonal drop-off in July. Instead, the figure was an all-time high. AUSCERT, an independent centre located at the University of Queensland and funded by subscriptions, runs a 24-hour hotline for organisations reporting attacks. The centre did not report the total number of computer security incidents because it was difficult to define exactly what constituted a security incident. "One intruder, 10 sites. Is that one incident or 10? What about many intruders breaking into one site? How many incidents is that?" Smith said. AUSCERT identifies the current trend in hacker incidents based on the total number of tracking numbers in its database. Each reported incident is assigned a tracking number, although sometimes two or more incidents are subsequently merged under one tracking number if the centre believes they are related. Alternatively, the centre might split one incident into two or more tracking numbers. The centre will not release total figures on tracking numbers either. Despite the growth in computer hacking incidents, only a small proportion is detected or reported. In the US, the Department of Defence had said only about one in 150 security incidents was discovered. Federal agent Byron Collie of the Australian Federal Police's computer crime team in Melbourne confirmed there had been an increase in the number of computer intrusions reported to the AFP. Speaking at a recent conference held by the Systems Administrators Guild of Australia, Collie also said the number of reported "insider threat" intrusions, often from disgruntled employees, was also rising. Most hacker attacks could have been prevented, Smith said. Toolkits usually relied on known security weaknesses. "More than 99 per cent of the intrusions reported to AUSCERT relied on vulnerabilities for which fixes were readily available," he said. Maintaining security was better than cleaning up after an intrusion. Prevention is always better than cure," he said. * Suelette Dreyfus wrote Underground: Tales of Hacking, Madness and Obsession on the Electronic Frontier, published this year by Random House. Caption: Graph: Increase in hacker attacks in Austrlaia during the last 5 years. Supplied by Auscert.