The number of defacements of Web sites on Linux-based systems recorded by London security consultancy mi2g Ltd. rose significantly in the first half of 2002, a company spokesman said Tuesday.
In the first half of this year it recorded 7,630 defacements of Linux-based Web sites, a figure already greater than the total of 5,736 defacements of such sites recorded for the whole of 2001, mi2g said in a statement last week.
By comparison, defacements of systems running Microsoft Corp.'s IIS (Internet Information Services) Web server software fell to 9,404 in the first half of 2002, down 20 percent from the 11,828 defacements recorded in the first half of 2001.
The company gathers reports of defacements from attackers and their victims, and verifies the details manually, it said.
The security consultancy attributes the increase in defacements of Web sites running on Linux systems to the proliferation of such systems worldwide and delays in applying security update patches to software.
According to mi2g, the defaced sites use software that contain known vulnerabilities. These versions are not being patched fast enough and continue to be exploited by hackers to gain control of systems.
Web site defacements recorded for all types of operating systems rose to 20,371 in the first half of 2002, up 27 percent from the 16,007 recorded in the same period the year before, mi2g said.
The company recorded only 54 defacements of U.S. government Web sites in the first half of 2002, compared to 204 a year ago. A major factor in this drop, the consultancy said, has been the extensive media coverage of the U.S. Cyber Security Enhancement Act (CSEA), which was passed by the U.S. House of Representatives on Monday. The bill threatens life imprisonment for anyone putting lives at risk by electronic means.
As the CSEA proposals have moved through Congress, the threats are likely to have discouraged hackers from becoming involved with attacks on U.S. government systems, mi2g said.
Another reason, according to mi2g, is the increased vigilance of intelligence agencies monitoring intrusions on government networks.