Article

Major sites survive defacement challenge

Michael S. Mimoso, Editorial Director

Major Internet sites survived an onslaught of Web site defacements predicted for this weekend, as hacker groups participated in a defacement contest that began Sunday at 2 a.m.

Perhaps the biggest victim of the contest was defacement mirroring site Zone-H.org, which was taken offline by a denial-of-service attack shortly after the contest kicked off.

Internet Security Systems Inc. issued the first alerts on the contest last Thursday, and the company was aware of 600 defacements as of this morning, said Pete Allor, manager of ISS' X-Force threat intelligence service.

Allor said that some hacker groups decided not to participate in "the hype" once media attention grew late last week. Others participated but did not report their activities online. "Those groups are into [making] subtle changes and like to see how long it takes people to notice," Allor said.

The contest, believed to be the first such event, reportedly awarded points to hackers for accessing an organization's Web servers and defacing pages. A greater number of points was awarded for hacks on sites running obscure operating systems, such as Apple's OS X and Unix flavors HP-UX and IBM AIX. A successful defacer would get fewer points for breaking into more popular Microsoft or Linux systems.

Zone-H.org, meanwhile, was the anointed scorekeeper in this contest by the hacker underground. Zone-H.org has also been accused on some fronts of precipitating the contest,

    Requires Free Membership to View

but founder and editor Roberto Preatoni said that neither scenario is true.

Preatoni said it would have been impossible for his 50-person staff to tabulate any potential results from this contest. On average, Preatoni said, his site receives 2,000 to 3,000 defacement notifications on a given weekend, all of which are reported online to the site. A robot then takes a snapshot of the compromised Web page, which is verified by someone on staff before it is posted to the site. Preatoni expected 20,000 notifications this weekend and said it would have been "an impossible mission" for his staffers to verify and post each defacement.

Preatoni said the House of Crackers World is responsible for the denial-of-service attack on Zone-H.org. "We wanted to be left alone," he said. "We were taken in the fight."

Allor, meanwhile, said that the challenge's lack of success in dragging down a major government, banking or commercial site demonstrates that administrators heeded warnings and took action.

"This was an everyday problem, with an everyday solution set," Allor said. "In reality, a lot of people were telling us that they had heard about [the contest] and were asking us 'What do we need to do?' "

Allor would not go so far as to call the challenge a bust.

"It's like a tornado. You know there is going to be bad weather. People were warned and they battened down," Allor said. "A lot of people did that. You didn't see any federal government sites or large financial sites go down."

Jim Melnick, director of threat intelligence at iDefense Inc., a security intelligence company in Reston, Va., said that media attention attracted more hacker groups to the contest.

"There are lessons to be learned here. The Internet, for example, is still psychologically vulnerable," Melnick said. "One individual organized this contest and the potential impact was something enterprises could not ignore."

FOR MORE INFORMATION:

SearchSecurity.com news exclusive: "Defacement challenge puts Web sites on alert"

SearchSecurity.com technical tip: "What your Apache Web server is telling the bad guys"

SearchSecurity.com news exclusive: "New critical IIS buffer flaw exploited"

SearchSecurity.com technical tip: "Vulnerability assessments: Leave the scanning to somebody else"

FEEDBACK: Did you take this weekend's hacker challenge seriously?
Send your feedback to the SearchSecurity.com news team.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: