Attrition Defacement Statistics


Please read the NOTES.


NEWS

The OS graphs are up-to-date through April, 2001.
NOTE: I have collapsed all BSD and Solaris into the "All Other" category.
Trends in Defacements by Operating System, August, 1999 through April, 2001 Operating System Graphs

Defacement table categorized by Country and TLD (Top Level Domain), including Banks, Churches, Police Stations (Over 70 Linked pages by Domain):
Country and TLD breakdown

As previously announced on the defaced-commentary list, Top Level Domain summary data for the years 1999-2000 is now updated. This is data that relates to TLDs only; find it here as well as the tar-ball of the logs for the entire archive.

The OS Tables page is now up-to-date, and should be on a daily basis. It had been busted since at least late summer. Funny, I used to get email about those sorts of things. I'm guessing that the usually up-to-date os-graphs have diverted traffic from it, which is too bad, since the tables have a finer-grained OS definition (NT-Windows 2000, BSD, Linux distros, and the "Other" category broken down, for instance), and not only that, you can use them for making your own graphs as well...

W00. A nice new total tables page is now up. I think you will like it:
Annual, Monthly, Defacements per Day Tables and Spiff-Chart

Updated: Total Defacement Trends, January 1999 - December, 2000:
Total Defacement Graphs

Trends in Defacements by Webserver, August, 1999 - November, 2000:
Webserver Graphs (And please read the updated NOTES for these graphs!)

Defacements counts by year, month, and since August 1999, Operating System:
Operating System Tables

Other Resources

Subpoena Derby.


Statistic of the Month

Suggestions?



    

If you have an idea for a statistic you'd like to see from the mirror, feel free to email me your suggestions: munge@attrition.org

Subpoena Stats
Two 2703d Subpoenas has been delivered under seal. The first requested information on two individuals. Apparently the FBI thought it easier than delivering two seperate subpoenas. The second was to obtain information on a single individual ('pimpshiz'). A third subpoena was delivered after the mirror was discontinued by the US Postal Service.


NOTES:

It SHOULD go without saying that not all defacements are reported to Attrition, Attrition does not get every defacement that is reported to us, and that these statistics refer only to our archive.

All of the tallies, graphs, tables, and etc., count each "Mass Hack" as one defacement unless otherwise stated.

These statistics are prepared with a combination of Perl and a commercial statistics package, Stata. All graphics are from Stata.

Discrepancies: Yes. The easiest discrepancy to find is between total defacements and adding up the totals for each month. On one hand, a total and accurate count of the entire archive is desired, on the other, when we do date-based calculations or tallies, we kick out incomplete dates. Since we have a number of mirrors that don't have a complete date, the date-based calculations and the total count differ. Most of the incomplete dates are from or before early 1999.

Other Resources:

The Bugtraq Vulnerability Database Statistics
http://www.securityfocus.com/vulns/stats.shtml

The Netcraft Web Server Survey
http://www.netcraft.com/survey/

The E-Soft Web Server Survey
http://www.securityspace.com/s_survey/data/


Something look wrong? Suggestions? Inquiries?
munge@attrition.org

© 1999-2001 Copyright Matt Dickerson and Brian Martin
Excerpts from this page may be reproduced if Attrition and the URL
http://www.attrition.org/mirror/attrition/stats.html are attributed.

Last modified: Thu Dec 6 08:18:50 EST 2001