News Stay informed about the latest enterprise technology news and product updates.

Major sites survive defacement challenge

Experts aren't ready to declare this weekend's defacement challenge a bust, but said administrators heeded last week's warnings and locked down their systems.

Major Internet sites survived an onslaught of Web site defacements predicted for this weekend, as hacker groups participated in a defacement contest that began Sunday at 2 a.m.

Perhaps the biggest victim of the contest was defacement mirroring site, which was taken offline by a denial-of-service attack shortly after the contest kicked off.

Internet Security Systems Inc. issued the first alerts on the contest last Thursday, and the company was aware of 600 defacements as of this morning, said Pete Allor, manager of ISS' X-Force threat intelligence service.

Allor said that some hacker groups decided not to participate in "the hype" once media attention grew late last week. Others participated but did not report their activities online. "Those groups are into [making] subtle changes and like to see how long it takes people to notice," Allor said.

The contest, believed to be the first such event, reportedly awarded points to hackers for accessing an organization's Web servers and defacing pages. A greater number of points was awarded for hacks on sites running obscure operating systems, such as Apple's OS X and Unix flavors HP-UX and IBM AIX. A successful defacer would get fewer points for breaking into more popular Microsoft or Linux systems., meanwhile, was the anointed scorekeeper in this contest by the hacker underground. has also been accused on some fronts of precipitating the contest, but founder and editor Roberto Preatoni said that neither scenario is true.

Preatoni said it would have been impossible for his 50-person staff to tabulate any potential results from this contest. On average, Preatoni said, his site receives 2,000 to 3,000 defacement notifications on a given weekend, all of which are reported online to the site. A robot then takes a snapshot of the compromised Web page, which is verified by someone on staff before it is posted to the site. Preatoni expected 20,000 notifications this weekend and said it would have been "an impossible mission" for his staffers to verify and post each defacement.

Preatoni said the House of Crackers World is responsible for the denial-of-service attack on "We wanted to be left alone," he said. "We were taken in the fight."

Allor, meanwhile, said that the challenge's lack of success in dragging down a major government, banking or commercial site demonstrates that administrators heeded warnings and took action.

"This was an everyday problem, with an everyday solution set," Allor said. "In reality, a lot of people were telling us that they had heard about [the contest] and were asking us 'What do we need to do?' "

Allor would not go so far as to call the challenge a bust.

"It's like a tornado. You know there is going to be bad weather. People were warned and they battened down," Allor said. "A lot of people did that. You didn't see any federal government sites or large financial sites go down."

Jim Melnick, director of threat intelligence at iDefense Inc., a security intelligence company in Reston, Va., said that media attention attracted more hacker groups to the contest.

"There are lessons to be learned here. The Internet, for example, is still psychologically vulnerable," Melnick said. "One individual organized this contest and the potential impact was something enterprises could not ignore."

FOR MORE INFORMATION: news exclusive: "Defacement challenge puts Web sites on alert" technical tip: "What your Apache Web server is telling the bad guys" news exclusive: "New critical IIS buffer flaw exploited" technical tip: "Vulnerability assessments: Leave the scanning to somebody else"

FEEDBACK: Did you take this weekend's hacker challenge seriously?
Send your feedback to the news team.

Dig Deeper on Web application and API security best practices

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.