- The number of defacements of websites on Linux-based systems recorded by London security consultancy mi2g rose significantly in the first half of 2002, a company spokesman says.
In the first half of this year it recorded 7630 defacements of Linux-based websites, a figure already greater than the total of 5736 defacements of such sites recorded for the whole of 2001, mi2g says.
By comparison, defacements of systems running Microsoft's IIS (Internet Information Services) web server software fell to 9404 in the first half of 2002, down 20% from the 11,828 defacements recorded in the first half of 2001.
The company gathers reports of defacements from attackers and their victims, and verifies the details manually, it says.
The security consultancy attributes the increase in defacements of websites running on Linux systems to the proliferation of such systems worldwide and delays in applying security update patches to software.
According to mi2g, the defaced sites use software that contain known vulnerabilities. These versions are not being patched fast enough and continue to be exploited by hackers to gain control of systems.
Website defacements recorded for all types of operating systems rose to 20,371 in the first half of 2002, up 27% from the 16,007 recorded in the same period the year before, mi2g says.
The company recorded only 54 defacements of US government websites in the first half of 2002, compared to 204 a year ago. A major factor in this drop, the consultancy says, has been the extensive media coverage of the US Cyber Security Enhancement Act (CSEA), which was passed by the US House of Representatives on Monday. The bill threatens life imprisonment for anyone putting lives at risk by electronic means.
As the CSEA proposals have moved through Congress, the threats are likely to have discouraged hackers from becoming involved with attacks on US government systems, mi2g says.
Another reason, according to mi2g, is the increased vigilance of intelligence agencies monitoring intrusions on government networks.