Feeds

Net survives mass-defacement contest

We're lucky to be alive

  • alert
  • submit to reddit

The essential guide to IT transformation

The Internet is still up and running thanks to the diligence of government agencies like FedCIRC and commercial fearmongers like mi2g (which will let you read the free FedCIRC advisory on their Web site for a mere £29.38), who warned us about a massive defacement contest scheduled for this weekend past.

Or thanks to the fact that the defacement hackathon was a hoax from the beginning, which it almost certainly was. But the interesting question is, whose hoax was it?

The first likely suspect is an outfit called Zone-H.org, which archives defaced pages since those RevCo lads at Attrition.org tired of the drudgery and moved on. Zone-H said they were pretty skeptical of the whole affair, and doubted anything would happen, but made reference to shutting down their site for safe keeping in a lengthy, irrational statement to the media.

"Shutting down Zone-H during the contest day (we were thinking by ourself about doing it) won't solve the problem as we forecast that all the possible targets have been already conquered and they will be attacked anyway. Putting a blindfold on Zone-H is also the way we would render a bad service to the ITsec community," the statement read in part.

Interestingly, a similar difficulty with the English language can be found in the original defacers-challenge Web site where the whole thing started. The similarity in linguistic style has led some to suspect a unified approach here.

Meanwhile, Zone-H was taken off the Net either by its nervous (or crafty) admins, or by malicious script kiddies for most of Sunday, so they were apparently unable to monitor the carnage that never materialized.

Of course the contest never made much sense in the first place, offering a top prize of 500MB of free Web hosting, an amount of storage I recall having been pleased with on a PC I bought in 1988. Also, claiming a prize like that is a a pretty good way of getting busted, and besides, any decent journeyman cracker should be able to 'arrange' a hundred times that much free hosting without breaking a sweat.

So there's that. And then there's more. A number of Web sites that reliably exhibit skepticism towards hacker stunts and the insatiable appetite for them among the mainstream press, the 'security community' and the national-security bureaucracy, mock-defaced their own home pages with a message of hope reading, "I panicked over the Defacement Challenge scare and all I got was this lousy defacement."

The idea was to ridicule the challenge as well as the journos and bureaucrats who bought into it. The altered homepages list examples of hacker FUD and alarmist sincerity among the press, security vendors and government bureaux.

The sites include Attrition.org, InfoWarrior.org. Kumite.com and Treachery.net, and the greeting was the same. In other words, it was well-coordinated, as if planned for some time.

And this leads one to wonder if the skeptic lobby didn't have a hand in the mass defacement hoax. Could it have been a tutorial in FUD propagation? Were the press and the bureaucrats being taught a lesson about their lack of skepticism? It would hardly tax the imagination to design some ridiculous kiddie project, wait for the media to inflate it, and then lower the boom with a smirk.

An interesting possibility, and well worth keeping in mind, but then Zone-H came back with another of its press releases, pretty much begging to be placed under suspicion.

"Nothing would have happened, if only the media didn't pay so much attention turning a non-case into something useful to fill the empty summer newspapers.

The hype turned so much high, that the same cracker panorama started to broke apart about participating to the challenge. Even worse, half of the defacers (crackers who deface web pages) decided to boycott the challenge, some of them in a passive way (not participating) while some other in an active way (generating a denial of service attack against Zone-H that is known to be a neutral cyber crime observatory, designated *against its will*, to be witness of this competition)."

Evidently there's a good deal more to this story, but we hope we've cleared things up for now. ®

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?