Belgium Tops List Of Nations Most Vulnerable To Hacking

Alex Hern, reporting for The Guardian:A new "heat map of the internet" has revealed the countries most vulnerable to hacking attacks, by scanning the entire internet for servers with their front doors wide open. Produced by information security firm Rapid7, the National Exposure Index finds that the most exposed country in the world is Belgium, followed by Tajikistan, Samoa and Australia. The U.S. comes 14th and the UK 23rd. [...] Tom Beardsley, one of the report's three authors, was surprised by his own findings. "We expected to find that the most exposed countries were also the richest," he explained. The richest countries (by aggregate GDP, which place large countries like China near the top of the list) were likely to have the most net-connected devices, which should mean they proportionally have the most potential for damage. "If you're a rich country, you have a lot of internet. But we didn't find any correlation between the number of nodes and the exposure."

Re:

[Opportunist]

More likely they'll blame the EU. It's closer and more tangible, and it's far from impossible that it's actually really what is to blame.

Re:

[Incadenza]

As with everything else, the Europeans will blame the US for this.

The Belgiums can blame the UK, it was the GCHQ that hacked Belgacom [theintercept.com], their biggest telco.

Re:

[Guybrush_T]

This does not make any point nor sense. Was it supposed to be funny ? a troll ?

Re:

[myowntrueself]

As with everything else, the Europeans will blame the US for this. Somehow. When they don't like something, it's always the fault of the US and how the US supposedly forces their laws on Europe. I can't imagine this will be any different.

Well there is that DNS system that the US wants to maintain control over, so we can blame the US for that!

Bad headline

[campuscodi]

The Guardian flubbed its headline. I read the Rapid7 report and the most worrying detail was the fact that there are still over 15 million Internet-available Telnet ports, 7.8 million MySQL ports, 8.8 million RDP, and 5.2 million VNC ports. https://information.rapid7.com... [rapid7.com]

Re:Bad headline

[dfsmith]

Agreed. "Exposed ports" != "vulnerable ports".

I have no problem with telnet as long as you can't access anything too interactive (e.g., a shell) through it. After all, http, SMTP, POP, daytime, chargen and echo are all telnet-like protocols. (Ok, not really [ietf.org], but close enough,) It used to be quite fun to run a honeypot (fake) telnet server to see what was happening in the wild woolly internet.

Even open, unencrypted RDP and VNC have a [narrow] use case (broadcasting games and videos, anyone?)

Can't think of a good use case for open SQL ports though; except for very specialized applications.

Re:

[fuzzyfuzzyfungus]

It would be useful to know what the relationship between "number of ports open" and "number of ports actually being used" is.

A port with something listening on it is always going to be more vulnerable than one without, since there might be some defect in the listening application that could be exploited by bouncing the right input off it; but that is likely a lower risk than the fairly egregious "If you remotely connect via telnet or VNC anyone can just sniff your password off the wire" problem.

If the

Re:

[Rob Kaper]

Agreed. "Exposed ports" != "vulnerable ports".

True, but unnecessary exposure is still an extra risk incase of a vulnerability.

I wish I could stricten access to services such as IMAP, can't wait for my LTE provider to roll out IPv6 so I can open it up to just me and not the whole world (or everyone with the same provider).

Re:

[Tablizer]

...is vulnerable to everything.

Yah, those Belgians are wafflers

Re:

[hcs_$reboot]

Especially good chocolates

Be right back

[JustAnotherOldGuy]

BRB, going to hack Belgium.

Sanders

[Tablizer]

<fox-news-mode>
See, Bernie's Democratic Socialism is already failing!
</fox-news-mode>

Re:

[blind biker]

I don't see any of the Nordic countries on the list, and Germany is in a solid position. While Belgium is certainly more socially progressive than the US, it's the European Nordic countries and Germany that are the real standard of socialist democracy.

Re:

[Tablizer]

I disagree with Sander's definition of "socialism". I'd say a country's GDP would have to be roughly 2/3 government to call it "socialist". His example countries are generally hybrids.

Re:

[Shinobi]

Denmark is on the list, so a nordic country is represented in there. And I'm not entirely surprised by them being on the list either.

Re:

[Anonymous Cow Ward]

No, the Nordic countries and Germany are *social* democracies, not *socialist* democracies. Their private sectors are far too large to really be socialists. What they have is a mixed market economy that also happens to have a strong social welfare safety net.

Vietnam, Pakistan, Israel and Singapore at bottom.

[blind biker]

As the great Nate Diaz would say: I'm not surprised, motherfuckers! All four countries are being targeted by relatively large populations of hostile nations (Pakistan ---- India, Israel ---- Islamic world, Vietnam ---- China, Singapore ---- Islamic world AND China).
In my mind it seems clear that nations who have been targeted for some time, have built up better "defenses" i.e. practices and protocols.

Goodies or Badies?

[dohzer]

You're going to be vulnerable to hacking from badies if you want the goodies to be able to do their job.

Try the veal

[PopeRatzo]

Belgium Tops List Of Nations Most Vulnerable To Hacking

It's because their leaders keep waffling.

Unrelated, but Monty Python: Belgians

[turp182]

I recall this from 30 years ago (when in middle school):
https://www.youtube.com/watch?... [youtube.com]

ipv6 and open ports

[cobbaut]

More than half of Belgium is on ipv6, the test only includes ipv4 hosts.

And since when does 'open port' equal 'vulnerability' ?