Hacks show patterns

Hacks show patterns

They don't all garner headlines, but successful hacks of government Web sites are startlingly common. A successful hack, said Alan Paller, director of the SANS Institute of Bethesda, Md., is one in which an intruder manages to change a page.

Alan Paller

Using reports at a site that tracks hacking incidents, www.attrition.org, Paller calculated that in a four-month period late last year, hackers altered as many as 75 .mil and .gov sites.

The number reflects a systemic problem, not individual errors by webmasters and systems administrators, Paller said at the recent FedWeb conference at the National Institutes of Health campus in Bethesda. He pointed to Web server hardware preloaded with operating systems as the source of the problem.

'Systems are delivered to you broken, accessible to hackers,' Paller said.

He said Microsoft NT and SunSoft Solaris and other Unix versions are equally vulnerable as shipped, and that a SANS test of Solaris out of the box gave the OS a security score of 62 out of 100.
Multiplying the threat is the fact that 'all hack routines are now scripted so they can rapidly scan thousands of sites,' looking for systems to exploit for denial-of-service attacks, Paller said.

'T. Temin


  • 2020 Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    21 Public Sector Innovation award winners

    These projects at the federal, state and local levels show just how transformative government IT can be.

  • Federal 100 Awards
    cheering federal workers

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

Stay Connected