Feeds

Attrition performs defacement mirror autopsy

And excoriates Wired 'cyberwar' journo

  • alert
  • submit to reddit

Providing a secure and efficient Helpdesk

We owe the wittiest and most enjoyable presentation at Blackhat to attrition.org members Jericho and McIntyre, who offered a retrospective on the benefits, aggravations and pitfalls of maintaining a defacement mirror, now that they've ceased updating theirs.

In a nutshell, running a mirror is a major pain in the balls, and not everyone need apply. Those clearly unfit for the job include active defacers ('hackers' in mainstream-press parlance), security-service companies who profit from selling solutions to the holes being exploited, and anyone without an immense reserve of patience and indulgence.

And if that's insufficient discouragement, anyone inclined to maintain one should be prepared to suffer defacement attempts and DoS attacks from kiddiots who aren't getting enough attention; find reams of mail referring to the same item; weed through laughably insignificant defacements ("d00d, i like totally hacked this Geocities 'meet-the-Smiths' page"); receive individual notifications of complete subnets defaced at a stroke; receive legally-inconvenient advance notice of attacks ("check out www.r00tarded_lusers.mil in like twenty minutes d00d"); be perceived as a criminal by the FBI; disappoint twit Feds eager to know what you know in spite of legal due process whilst receiving subpoenas from slicker ones; and get investigated for the hell of it.

Nevertheless, data thus obtained can be useful enough to make it all worth the hassle. Questions remain, for example, on the relationship between the publication of a particular exploit and the number of defacements accomplished with it. For that one needs a long-term running total, of course, but data representing other trends as well.

Both attrition members cautioned that the spikes in defacements which appear to correspond to exploit releases and hole discoveries on their stats page may not be as directly representative as they appear. Since they will continue to maintain defacement stats, they plan to apply a more sophisticated interpretation, now that they've freed themselves from the drudgery of maintaining the mirror, as we reported here.

The group's commentary will also increase now that the mirror is static, and indeed it already has. During the presentation we were treated to a scathing commentary about Michelle Delio, which we found a very pleasant surprise.

Wagging the Delio

Who is Michelle Delio, and why is she a clueless dunderhead? The answer to part two is anyone's guess. The answer to part one is, she's a journo feeding words to Wired News, who invented a cyberwar between the USA and China and later denied its existence when it became painfully clear to everyone and his dog that she'd been talking bollocks from day one.

In a nutshell, Delio got word from some IRC kiddie claiming that the Chinese hacking underground was mobilizing for a massive attack against US sites in celebration of May Day and in protest of the spy-plane incident. Further evidence, such as random racist and anti-American comments on a couple of Chinese BBS persuaded the reporter that her source was solid.

She then rushed to break this 'exclusive story', no doubt flushed with pride and excitement, and in so doing persuaded a lot of American IRC kiddies that Chinese hackers were in fact bombarding the US, though in reality there had been only a few, minor incidents. The US side decided to 'retaliate' against the outrage and really did kick into gear against Chinese sites. The Chinese naturally retaliated against that, and the rest, as they say, is history.

Until, that is, Delio decided to announce that the 'cyberwar' which she inadvertently started had never occurred.

The written attrition commentary which details Delio's hacker hype has been published for some time; the new and delightful thing here was the live Jericho's dry, sacrastic delivery of the account, sweet enough to make a Reg hack well up with pride. Of course you had to be there; and of course we wish you had been. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.