Study provides insight into hacks

A new study by the University of Maryland's A. James Clark School of Engineering shows the Internet wilds are still teeming with hordes of good old-fashioned brute-force attacks and quantifies how frequently machines are attacked and the methods used.

Michel Cukier, Clark School assistant professor of mechanical engineering and an affiliate of the Clark School's Center for Risk and Reliability and Institute for Systems Research, deployed four Linux systems with "weak security" on the Internet and sat back to watch.

Not surprisingly, the attacks came fast and furiously - averaging one every 39 seconds, or 2,244 attacks per day.

"The majority of attacks came from relatively unsophisticated hackers using dictionary scripts" ... running through "lists of common usernames and passwords," the school reported. Analyzing the attacks showed which usernames and passwords were tried most often and provided insight into what hackers tried once they gained entry.

"'Root' was the top user name guess by dictionary scripts - attempted 12 times as often than the second-place 'admin,'" the school reported. "Successful 'root' access would open the entire computer to the hacker, while 'admin' would grant access to somewhat lesser administrative privileges. Other top usernames in the hackers' scripts were test, guest, info, adm, mysql, user, administrator and oracle."

The research showed the most common password-guessing ploy involved playing off usernames. "Some 43% of all password-guessing attempts simply reentered the username," the school reported. "The username followed by 123 was the second most-tried choice. Other common passwords attempted were 123456, password, 1234, 12345, passwd, 123, test, and 1."

Once inside, the hackers did what hackers do, in this sequence: try to access the systems' software configuration, change passwords, check the software and hardware configuration again, download a file, install the downloaded program, and then run it.

The scripts returned a list of other systems the hackers might be able to access, and the hackers then busied themselves with that task, often installing backdoors so the compromised machines could be used in botnets.

The study concluded with the obvious, but it is always worth repeating: "Computer users should avoid all of the usernames and passwords identified in the research and choose longer, more difficult and less obvious passwords with combinations of upper and lowercase letters and numbers that are not open to brute-force dictionary attacks."

Security is a people, process and technology problem and the weakest link in the chain are the people. Putting in place stronger password requirements could save some agony.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

John Dix

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?