mi2g: Macs Worth 5X Points More Than Windows In "Hacking Challenge" This Sunday

by , 10:00 AM EDT, July 3rd, 2003

The secondhanders and societal leeches will be out in force this Sunday, July 6th. The mi2g Intelligence Unit has issued a report saying that an international hacking challenge has been issued for that day, with a point system based on the OS of the target machine. Unfortunately for Mac system admins, Mac OS (and Unix) systems have been designated as being worth 5 points, 5 times as many as Windows (1 point), and 2.5 times more than Linux (2 points), according to mi2g.

The company also says that this may well make such systems the object of increased security threat, with the suggestion that security-through-obscurity may have shielded Mac OS systems in the past, making them more vulnerable now. mi2g issued a report in October of 2002 that called the Mac OS the least vulnerable to attack. That report included both Classic versions of the Mac OS and Mac OS X together simply because there were so few attacks (31 successful attacks for all Mac OS systems through the first 10 months of 2002, as opposed to 31,431 successful attacks on Windows machines during the same time) that a further distinction was unnecessary, according to a later report issued by the company.

The new report:

Online web site servers and eBusiness portals are likely to be targeted in large numbers on Sunday 6th July by cyber vandals as an international challenge to execute the maximum number of web defacements in six hours gets underway.

The mi2g Intelligence Unit has learnt that system breaches on Sunday will yield a varying number of points to cyber vandals depending on the flavour of the operating system (OS): Microsoft Windows = 1 point; Linux, Unix and BSD = 2 points; AIX = 3 points; HP-Unix and Mac OS = 5 points.  This suggests that some hackers may specifically target Unix and Mac OS systems to claim more points.  The 5 points allocation should be of particular concern to Mac OS and Unix system administrators.  Since Unix and Mac OS online servers have a lower market share they may have partially benefited from security through obscurity in the recent past.

The number of overt attacks recorded by the mi2g SIPS database has been falling consistently since 24th June and remains at below 20% of average daily levels achieved in the previous 60 days.  This suggests that most hackers are highly unlikely to execute actual breaches on 6th July.  They are more likely to show their cards on Sunday, having already broken into the systems and established back door entries over the past two weeks.

"This bizarre and unwelcome hacker challenge on Sunday is unlikely to disrupt the Internet as a whole," said DK Matai, Executive Chairman,mi2g.  "There may well be a range of ISPs and some prominent sites which come under heavy attack given that they would yield mass-defacement targets or big bragging rights.  Our advice would remain one of being vigilant and checking for latest patches, shutting down any extraneous applications and services running on all online systems as well as changing critical passwords before Sunday."

mi2g research from June 2003 reveals that the most hacked operating system from an overt digital attacks perspective remains Linux (76%) followed by Microsoft Windows (13%) and BSD (3%). 

You can find more information on ordering the full report at mi2G's Web site. mi2g is a security firm, providing consultation services. Today's report from the company is part of its service offerings.

The Mac Observer Spin:

We are not fond of those who find entertainment in breaking into other people's servers, and the idea of this challenge is a sickening one. However, it is important for system admins to be made aware of it, so we must perforce give these creeps some digital ink in order to get the word out.