Hacking Forums & Breaches Analyzed

Imperva has released a study of hacker forums highlighting how they work and communicate.  They look at what hackers are discussing, collaborating on, and recruiting for, from an attack and attacker’s standpoint.

  • Apparently, DDoS comprised nearly 22% of forum discussions.
  • SQL injections took 2nd place with 19%.
  • Spam was third, with 16%.
  • Shell code & brute forcing both were 12% of discussions.
  • Zero day threats followed with 10%.

There has been a 150% growth rate in discussions regarding hacking in general for the past several years, highlighting why hacking appears to be on the rise.  A lot of time (about 25%) on these forums is spent instructing and demonstrating new techniques as well as the fundamentals, indicating that hackers are teaching and mentoring new hatchlings.

Researchers at UCSD have also published a report looking at the structure and social dynamics of hacker forums. It’s a well written and interesting read, and highlights the fact that hacker forums are vibrant social networks, with a dark purpose.  Hacker forums have been around since the days of online Bulletin Board Systems, and provide essential insight into hacker behavior.

A recent Verizon Data Breach Report shows a significant increase in the number of breaches, even as the volume of compromised records fell.  The growth in hacker forum activity along with automated hacking, indicates to me that there are more hackers out there than ever, causing more breaches, but targetting smaller database sets.

  • 92% of breaches were caused by external agents.
  • 17% implicated insider involvement.
  • Less than 1% resulted from business partners.
  • 9% involved multiple parties.
  • 50% involved some form of “hacking”.
  • 49% involved malware.
  • 29% involved physical attacks.
  • 17% resulted from privelege misuse.
  • 11% employed social engineering.

These are MAJOR changes from previous reports.  I would attribute much of this change to the fact that some major players have been impacted recently, the impact has been severe, the fallout continues to make the mainstream press, and there has been a bit of a wake-up going through the larger targets of late.  Many are re-investing in their security architecture and/or incident response plans.  I would also say that more and more out of work, disgruntled people are taking up the keyboard as a way to get back at the machine that spit them out, and to recoup some of their losses.  As misplaced as this line of thinking may be, logic and reason tend to fall through the cracks as hungry children and mortgage payments come due.

It’s always interesting to analyze statistics and draw conclusions, and as any good auditor knows, the numbers can be made to show whatever is needed.  Review the reports and come to your own conclusions.  I would love to hear your opinions and insights.