Skip to main content

One hack every 39 seconds

A study by the University of Maryland has come up with the astonishing conclusion that hackers are staging a major attack on an Internet connected system somewhere in the world every 39 seconds.

According to the University's Clark School of Engineering, the rate of attack is a direct result of the proliferation of insecure IDs and passwords in use on t'Internet.

The study, conducted by Michael Cukier, Clark School's assistant professor of mechanical engineering along with two of his students, attempted to profile the behaviour of `brute force' hackers, who use sophisticated software to bombard online systems with zillions of IDs and passwords.

The researchers say that, during the study, they discovered which usernames and passwords are tried most often, and what hackers do when they gain access to a computer.

According to Cukier, the researcher found quantifiable evidence that attacks are happening all the time to computers with Internet connections.

"The computers in our study were attacked, on average, 2,244 times a day," he told reporters.

Cukier and his graduate students set up four Linux-based PCs with weak Internet security and logged what happened.

They discovered that the majority of attacks came from relatively unsophisticated hackers using `dictionary scripts,' that ran though 100s of thousands of IDs and password combinations..

The study found that 43 per cent of all password hacking attempts used the same ID and password.

According to Cukier, the study provides solid statistical evidence that supports widely held beliefs about user names/password vulnerabilities.

Users, he said, should choose longer, more difficult and less obvious passwords with combinations of upper and lowercase letters and numbers that are not open to brute-force dictionary attacks...