Feeds

Net survives mass-defacement contest

We're lucky to be alive

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

The Internet is still up and running thanks to the diligence of government agencies like FedCIRC and commercial fearmongers like mi2g (which will let you read the free FedCIRC advisory on their Web site for a mere £29.38), who warned us about a massive defacement contest scheduled for this weekend past.

Or thanks to the fact that the defacement hackathon was a hoax from the beginning, which it almost certainly was. But the interesting question is, whose hoax was it?

The first likely suspect is an outfit called Zone-H.org, which archives defaced pages since those RevCo lads at Attrition.org tired of the drudgery and moved on. Zone-H said they were pretty skeptical of the whole affair, and doubted anything would happen, but made reference to shutting down their site for safe keeping in a lengthy, irrational statement to the media.

"Shutting down Zone-H during the contest day (we were thinking by ourself about doing it) won't solve the problem as we forecast that all the possible targets have been already conquered and they will be attacked anyway. Putting a blindfold on Zone-H is also the way we would render a bad service to the ITsec community," the statement read in part.

Interestingly, a similar difficulty with the English language can be found in the original defacers-challenge Web site where the whole thing started. The similarity in linguistic style has led some to suspect a unified approach here.

Meanwhile, Zone-H was taken off the Net either by its nervous (or crafty) admins, or by malicious script kiddies for most of Sunday, so they were apparently unable to monitor the carnage that never materialized.

Of course the contest never made much sense in the first place, offering a top prize of 500MB of free Web hosting, an amount of storage I recall having been pleased with on a PC I bought in 1988. Also, claiming a prize like that is a a pretty good way of getting busted, and besides, any decent journeyman cracker should be able to 'arrange' a hundred times that much free hosting without breaking a sweat.

So there's that. And then there's more. A number of Web sites that reliably exhibit skepticism towards hacker stunts and the insatiable appetite for them among the mainstream press, the 'security community' and the national-security bureaucracy, mock-defaced their own home pages with a message of hope reading, "I panicked over the Defacement Challenge scare and all I got was this lousy defacement."

The idea was to ridicule the challenge as well as the journos and bureaucrats who bought into it. The altered homepages list examples of hacker FUD and alarmist sincerity among the press, security vendors and government bureaux.

The sites include Attrition.org, InfoWarrior.org. Kumite.com and Treachery.net, and the greeting was the same. In other words, it was well-coordinated, as if planned for some time.

And this leads one to wonder if the skeptic lobby didn't have a hand in the mass defacement hoax. Could it have been a tutorial in FUD propagation? Were the press and the bureaucrats being taught a lesson about their lack of skepticism? It would hardly tax the imagination to design some ridiculous kiddie project, wait for the media to inflate it, and then lower the boom with a smirk.

An interesting possibility, and well worth keeping in mind, but then Zone-H came back with another of its press releases, pretty much begging to be placed under suspicion.

"Nothing would have happened, if only the media didn't pay so much attention turning a non-case into something useful to fill the empty summer newspapers.

The hype turned so much high, that the same cracker panorama started to broke apart about participating to the challenge. Even worse, half of the defacers (crackers who deface web pages) decided to boycott the challenge, some of them in a passive way (not participating) while some other in an active way (generating a denial of service attack against Zone-H that is known to be a neutral cyber crime observatory, designated *against its will*, to be witness of this competition)."

Evidently there's a good deal more to this story, but we hope we've cleared things up for now. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.