Feeds

Attrition performs defacement mirror autopsy

And excoriates Wired 'cyberwar' journo

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

We owe the wittiest and most enjoyable presentation at Blackhat to attrition.org members Jericho and McIntyre, who offered a retrospective on the benefits, aggravations and pitfalls of maintaining a defacement mirror, now that they've ceased updating theirs.

In a nutshell, running a mirror is a major pain in the balls, and not everyone need apply. Those clearly unfit for the job include active defacers ('hackers' in mainstream-press parlance), security-service companies who profit from selling solutions to the holes being exploited, and anyone without an immense reserve of patience and indulgence.

And if that's insufficient discouragement, anyone inclined to maintain one should be prepared to suffer defacement attempts and DoS attacks from kiddiots who aren't getting enough attention; find reams of mail referring to the same item; weed through laughably insignificant defacements ("d00d, i like totally hacked this Geocities 'meet-the-Smiths' page"); receive individual notifications of complete subnets defaced at a stroke; receive legally-inconvenient advance notice of attacks ("check out www.r00tarded_lusers.mil in like twenty minutes d00d"); be perceived as a criminal by the FBI; disappoint twit Feds eager to know what you know in spite of legal due process whilst receiving subpoenas from slicker ones; and get investigated for the hell of it.

Nevertheless, data thus obtained can be useful enough to make it all worth the hassle. Questions remain, for example, on the relationship between the publication of a particular exploit and the number of defacements accomplished with it. For that one needs a long-term running total, of course, but data representing other trends as well.

Both attrition members cautioned that the spikes in defacements which appear to correspond to exploit releases and hole discoveries on their stats page may not be as directly representative as they appear. Since they will continue to maintain defacement stats, they plan to apply a more sophisticated interpretation, now that they've freed themselves from the drudgery of maintaining the mirror, as we reported here.

The group's commentary will also increase now that the mirror is static, and indeed it already has. During the presentation we were treated to a scathing commentary about Michelle Delio, which we found a very pleasant surprise.

Wagging the Delio

Who is Michelle Delio, and why is she a clueless dunderhead? The answer to part two is anyone's guess. The answer to part one is, she's a journo feeding words to Wired News, who invented a cyberwar between the USA and China and later denied its existence when it became painfully clear to everyone and his dog that she'd been talking bollocks from day one.

In a nutshell, Delio got word from some IRC kiddie claiming that the Chinese hacking underground was mobilizing for a massive attack against US sites in celebration of May Day and in protest of the spy-plane incident. Further evidence, such as random racist and anti-American comments on a couple of Chinese BBS persuaded the reporter that her source was solid.

She then rushed to break this 'exclusive story', no doubt flushed with pride and excitement, and in so doing persuaded a lot of American IRC kiddies that Chinese hackers were in fact bombarding the US, though in reality there had been only a few, minor incidents. The US side decided to 'retaliate' against the outrage and really did kick into gear against Chinese sites. The Chinese naturally retaliated against that, and the rest, as they say, is history.

Until, that is, Delio decided to announce that the 'cyberwar' which she inadvertently started had never occurred.

The written attrition commentary which details Delio's hacker hype has been published for some time; the new and delightful thing here was the live Jericho's dry, sacrastic delivery of the account, sweet enough to make a Reg hack well up with pride. Of course you had to be there; and of course we wish you had been. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.