Cyber-terrorism is the leveraging of a target's computers and information technology, particularly via the Internet, to cause physical, real-world harm or severe disruption.

As the Internet becomes more pervasive in all areas of human endeavor, individuals or groups can use the anonymity afforded by cyberspace to threaten citizens, specific groups (i.e. with membership based on ethnicity or belief), communities and entire countries, without the inherent threat of capture, injury, or death to the attacker that being physically present would bring.

As the Internet continues to expand, and computer systems continue to be assigned more responsibility while becoming more and more complex and interdependent, sabotage or terrorism via cyberspace may become a more serious threat.

India Website Defacement is on the high, here is a complete report. Website defacement is when a Defacer breaks into a web server and alters the hosted website or creates one of his own. A message is often left on the webpage stating his or her pseudonym and the output from "uname -a" and the "id" command along with "shout outs" to his or her friends. Sometimes the Defacer makes fun of the system administrator for failing to maintain server security. Most times the defacement is harmless, however, it can sometimes be used as a distraction to cover up more sinister actions such as uploading malware.

Most of the Exploit is due to Vulnerability in Cross site scripting, Windows Operating System, Linux, Apache, PHP.

Here are few statistics.








On-the-spot prevention

The attack should be identified at the service
request level, probably at the system call or API call invocation.
At this stage, the request hasn't executed yet. This is
the perfect time since changes to the page have not yet been
made. An effective technique is to use system call and API call
interception. The interception routine is transparently activated
prior to the execution of the request. It checks if the initiator
is allowed to perform the request and whether the
request is legitimate, i.e., not part of an attack. If the request
is found to be legitimate, execution resumes with no further
delay. If, however, the request is malicious, the call is failed
and the attack is thwarted.

Administrator (root) resistant

Most hackers first gain privileged
rights and then try to deface the site. Therefore, it's good practice
to restrict the privileges of the Administrator account on a
Web server machine. Instead of the 'Administrator' account,
only a specific predefined user (the Web master) should be
allowed to modify the Web site content and configuration. The
system should enforce this rule and fail malicious use of the
Administrator privileges.

Application access control

It makes no sense for an arbitrary application
such as a text editor to modify a Web page (even if the
user has the adequate privileges). A single predefined program
should be used to edit and/or create Web pages. An
effective solution should enforce this rule by making sure that
access to Web pages can be done only by using this predefined
program.

OS level protection

Many hackers exploit vulnerabilities in the
operating system in an attempt to break into the Web server
machine. The solution should be able to identify and prevent
such attempts. In particular, buffer overflow attacks, which
are very popular, should be prevented.
HTTP attack protection—There are many attacks that use the HTTP
protocol to break into Web servers and the OS. A protection
module, which scans incoming HTTP requests for malicious
requests should be used. The module should be effective also
when the communication is encrypted.

Web server resources protection

Hackers typically need access to
Web server resources for them to succeed in their attempts.
They may want to kill the Web server process, modify configuration
settings, and manipulate the Web server user properties
(see the Sechole case). The resources that must be
protected include:
• Executables
• Configuration files (including the Registry in NT)
• Data files
• Web server process
The access to these resources should be restricted to a predefined set
of users and to a predefined set of applications.
Other Internet server attack protection—Internet servers such as
Bind (a DNS server), Sendmail (an SMTP server), and others
are known to have many vulnerabilities that let a hacker gain
administrative privileges. The solution should be able to preprevent
such attacks by parsing the incoming communication
stream and identifying malicious requests.


Let`s Hope the numbers come down in 2008 !

Regards,
VINOD M