Feeds

Attrition performs defacement mirror autopsy

And excoriates Wired 'cyberwar' journo

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

We owe the wittiest and most enjoyable presentation at Blackhat to attrition.org members Jericho and McIntyre, who offered a retrospective on the benefits, aggravations and pitfalls of maintaining a defacement mirror, now that they've ceased updating theirs.

In a nutshell, running a mirror is a major pain in the balls, and not everyone need apply. Those clearly unfit for the job include active defacers ('hackers' in mainstream-press parlance), security-service companies who profit from selling solutions to the holes being exploited, and anyone without an immense reserve of patience and indulgence.

And if that's insufficient discouragement, anyone inclined to maintain one should be prepared to suffer defacement attempts and DoS attacks from kiddiots who aren't getting enough attention; find reams of mail referring to the same item; weed through laughably insignificant defacements ("d00d, i like totally hacked this Geocities 'meet-the-Smiths' page"); receive individual notifications of complete subnets defaced at a stroke; receive legally-inconvenient advance notice of attacks ("check out www.r00tarded_lusers.mil in like twenty minutes d00d"); be perceived as a criminal by the FBI; disappoint twit Feds eager to know what you know in spite of legal due process whilst receiving subpoenas from slicker ones; and get investigated for the hell of it.

Nevertheless, data thus obtained can be useful enough to make it all worth the hassle. Questions remain, for example, on the relationship between the publication of a particular exploit and the number of defacements accomplished with it. For that one needs a long-term running total, of course, but data representing other trends as well.

Both attrition members cautioned that the spikes in defacements which appear to correspond to exploit releases and hole discoveries on their stats page may not be as directly representative as they appear. Since they will continue to maintain defacement stats, they plan to apply a more sophisticated interpretation, now that they've freed themselves from the drudgery of maintaining the mirror, as we reported here.

The group's commentary will also increase now that the mirror is static, and indeed it already has. During the presentation we were treated to a scathing commentary about Michelle Delio, which we found a very pleasant surprise.

Wagging the Delio

Who is Michelle Delio, and why is she a clueless dunderhead? The answer to part two is anyone's guess. The answer to part one is, she's a journo feeding words to Wired News, who invented a cyberwar between the USA and China and later denied its existence when it became painfully clear to everyone and his dog that she'd been talking bollocks from day one.

In a nutshell, Delio got word from some IRC kiddie claiming that the Chinese hacking underground was mobilizing for a massive attack against US sites in celebration of May Day and in protest of the spy-plane incident. Further evidence, such as random racist and anti-American comments on a couple of Chinese BBS persuaded the reporter that her source was solid.

She then rushed to break this 'exclusive story', no doubt flushed with pride and excitement, and in so doing persuaded a lot of American IRC kiddies that Chinese hackers were in fact bombarding the US, though in reality there had been only a few, minor incidents. The US side decided to 'retaliate' against the outrage and really did kick into gear against Chinese sites. The Chinese naturally retaliated against that, and the rest, as they say, is history.

Until, that is, Delio decided to announce that the 'cyberwar' which she inadvertently started had never occurred.

The written attrition commentary which details Delio's hacker hype has been published for some time; the new and delightful thing here was the live Jericho's dry, sacrastic delivery of the account, sweet enough to make a Reg hack well up with pride. Of course you had to be there; and of course we wish you had been. ®

Boost IT visibility and business value

More from The Register

next story
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.