The second annual Imperva Hacker Intelligence Initiative report, this one entitled Monitoring Hacker Forums, is out and reveals that the threat surfaces being discussed by the hacker community are very different from those that businesses are spending money on defending against attack.

dweb-hackers The Imperva research analysed the content of a number of online hacker communities, including many lesser known forums in order to get a more accurate snapshot of what those doing the hacking are actually discussing. By looking at a total of more than 400,000 different conversational threads, Imperva was able to determine that SQL injection and DDoS, with a 19% share of the total conversational traffic each, were the most talked about threat topics. That's just over a third of all discussions in the hacker forums being focused on training and tutorials for data theft techniques which are not high on the enterprise security strategy agenda.

Yes, Imperva reckons, only 5% of the average enterprise security spend is actually dedicated to preventing the SQL injection threat. Most of the money, it seems, continues to be poured into 'traditional' defence measures such as antivirus and Intrusion Prevention Systems which are totally inept at identifying SQL injection threats.

“By examining what information hackers seek out or share in these forums, we can better understand where they are focusing their efforts,” said Amichai Shulman, CTO, Imperva. “If organizations neglect SQL injection security, we believe that hackers will place more focus on those attacks.”

Other highlights from the report include:

The market for social network endorsements are on the rise: In a keyword search relating to social networks, Imperva found that Facebook (39 percent) and Twitter (37 percent) were the most frequently discussed social networks. In reviewing social network related posts, Imperva observed a black market for buying and selling illegitimate social network likes, followers, and endorsements, with particular attention given to the origin of these likes and followers.

Hacker education comprises a third of all forum conversations: Of the total conversations analyzed, roughly 28 percent were related to beginner hacking and hacker training, while another 5 percent related to hacking tutorials. Both aspiring and veteran hackers frequent forums to exchange techniques, build credibility and publish their hacking successes.

464 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...

Well formed hacking man!!!

Can you please explain me the Blind SQL Injection in practical codes ?

Thanks in Advance