First of all, there are good hacks and there are bad hacks. Hacking is the act of finding a better way to do something on the internet. The good hacks are the ones that help you do something without violating any laws or infringing on anyone else. The bad ones can break laws or infringe.
According to 3W.net
According to Web Applications Security Consortium;
Breach Labs which sponsors WHID has issued an analysis of the Web Hacking landscape in 2007 based on the incidents recorded at WHID. It took some time as we added the new attributes introduced lately to all 2007 incidents and mined the data to find the juicy stuff:Who investigates bad hacking?
To be able to answer those questions, WHID tracks the following key attributes for each incident:
- The drivers, business or other, behind Web hacking.
- The vulnerabilities hackers exploit.
- The types of organizations attacked most often.
Key findings were:
- Attack Method - The technical vulnerability exploited by the attacker to perform the hack.
- Outcome - the real-world result of the attack.
- Country - the country in which the attacked web site (or owning organization) resides.
- Origin - the country from which the attack was launched.
- Vertical - the field of operation of the organization that was attacked.
The full report can be found at Breach Security Network.
- 67% percent of the attacks in 2007 were "for profit" motivated. Ideological hacking came second.
- With 20%, good old SQL injections dominated as the most common techniques used in the attacks. XSS finished 4th with 12 percent and the young and promising CSRF is still only seldom exploited out there and was included in the "others" group.
- Over 44% percent of incidents were tied to non-commercial sites such as Government and Education. We assume that this is partially because incidents happen more in these organizations and partially because these organizations are more inclined to report attacks.
- On the commercial side, internet-related organizations top the list. This group includes retail shops, comprising mostly e-commerce sites, media companies and pure internet services such as search engines and service providers. It seems that these companies do not compensate for the higher exposure they incur, with proper security procedures.
- In incidents where records leaked or where stolen the average number of records affected was 6,000.
The FBI for one.
The collective impact of bad hacking is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services around the country.
Who is behind bad hacking attacks? It runs the gamut—from computer geeks looking for bragging rights…to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal your personal information and sell it on black markets…to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.
Today, these computer intrusion cases—counterterrorism, counterintelligence, and criminal—are the paramount priorities of our cyber program because of their potential relationship to national security.
Combating the threat.
- A Cyber Division at FBI Headquarters “to address cyber crime in a coordinated and cohesive manner”;
- Specially trained cyber squads at FBI headquarters and in each of our 56 field offices, staffed with “agents and analysts who protect against investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud”;
- New Cyber Action Teams that “travel around the world on a moment’s notice to assist in computer intrusion cases” and that “gather vital intelligence that helps us identify the cyber crimes that are most dangerous to our national security and to our economy;”
- Our 93 Computer Crimes Task Forces nationwide that “combine state-of-the-art technology and the resources of our federal, state, and local counterparts”;
- A growing partnership with other federal agencies, including the Department of Defense, the Department of Homeland Security, and others—which share similar concerns and resolve in combating cyber crime.
Help the FBI catch suspects wanted in computer intrusion cases: Visit our Featured Fugitives—Cyber Crimes webpage to use the power of the web against the very criminals who seek to exploit it.
Among our recent cases and accomplishments: