Feeds

Net survives mass-defacement contest

We're lucky to be alive

  • alert
  • submit to reddit

Securing Web Applications Made Simple and Scalable

The Internet is still up and running thanks to the diligence of government agencies like FedCIRC and commercial fearmongers like mi2g (which will let you read the free FedCIRC advisory on their Web site for a mere £29.38), who warned us about a massive defacement contest scheduled for this weekend past.

Or thanks to the fact that the defacement hackathon was a hoax from the beginning, which it almost certainly was. But the interesting question is, whose hoax was it?

The first likely suspect is an outfit called Zone-H.org, which archives defaced pages since those RevCo lads at Attrition.org tired of the drudgery and moved on. Zone-H said they were pretty skeptical of the whole affair, and doubted anything would happen, but made reference to shutting down their site for safe keeping in a lengthy, irrational statement to the media.

"Shutting down Zone-H during the contest day (we were thinking by ourself about doing it) won't solve the problem as we forecast that all the possible targets have been already conquered and they will be attacked anyway. Putting a blindfold on Zone-H is also the way we would render a bad service to the ITsec community," the statement read in part.

Interestingly, a similar difficulty with the English language can be found in the original defacers-challenge Web site where the whole thing started. The similarity in linguistic style has led some to suspect a unified approach here.

Meanwhile, Zone-H was taken off the Net either by its nervous (or crafty) admins, or by malicious script kiddies for most of Sunday, so they were apparently unable to monitor the carnage that never materialized.

Of course the contest never made much sense in the first place, offering a top prize of 500MB of free Web hosting, an amount of storage I recall having been pleased with on a PC I bought in 1988. Also, claiming a prize like that is a a pretty good way of getting busted, and besides, any decent journeyman cracker should be able to 'arrange' a hundred times that much free hosting without breaking a sweat.

So there's that. And then there's more. A number of Web sites that reliably exhibit skepticism towards hacker stunts and the insatiable appetite for them among the mainstream press, the 'security community' and the national-security bureaucracy, mock-defaced their own home pages with a message of hope reading, "I panicked over the Defacement Challenge scare and all I got was this lousy defacement."

The idea was to ridicule the challenge as well as the journos and bureaucrats who bought into it. The altered homepages list examples of hacker FUD and alarmist sincerity among the press, security vendors and government bureaux.

The sites include Attrition.org, InfoWarrior.org. Kumite.com and Treachery.net, and the greeting was the same. In other words, it was well-coordinated, as if planned for some time.

And this leads one to wonder if the skeptic lobby didn't have a hand in the mass defacement hoax. Could it have been a tutorial in FUD propagation? Were the press and the bureaucrats being taught a lesson about their lack of skepticism? It would hardly tax the imagination to design some ridiculous kiddie project, wait for the media to inflate it, and then lower the boom with a smirk.

An interesting possibility, and well worth keeping in mind, but then Zone-H came back with another of its press releases, pretty much begging to be placed under suspicion.

"Nothing would have happened, if only the media didn't pay so much attention turning a non-case into something useful to fill the empty summer newspapers.

The hype turned so much high, that the same cracker panorama started to broke apart about participating to the challenge. Even worse, half of the defacers (crackers who deface web pages) decided to boycott the challenge, some of them in a passive way (not participating) while some other in an active way (generating a denial of service attack against Zone-H that is known to be a neutral cyber crime observatory, designated *against its will*, to be witness of this competition)."

Evidently there's a good deal more to this story, but we hope we've cleared things up for now. ®

Mobile application security vulnerability report

More from The Register

next story
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you on YouPorn lately, perhaps? White House website?
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
NUDE SNAPS AGENCY: NSA bods love 'showing off your saucy selfies'
Swapping other people's sexts is a fringe benefit, says Snowden
Own a Cisco modem or wireless gateway? It might be owned by someone else, too
Remote code exec in HTTP server hands kit to bad guys
British data cops: We need greater powers and more money
You want data butt kicking, we need bigger boots - ICO
prev story

Whitepapers

Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Application security programs and practises
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.