Feeds

Net survives mass-defacement contest

We're lucky to be alive

  • alert
  • submit to reddit

SANS - Survey on application security programs

The Internet is still up and running thanks to the diligence of government agencies like FedCIRC and commercial fearmongers like mi2g (which will let you read the free FedCIRC advisory on their Web site for a mere £29.38), who warned us about a massive defacement contest scheduled for this weekend past.

Or thanks to the fact that the defacement hackathon was a hoax from the beginning, which it almost certainly was. But the interesting question is, whose hoax was it?

The first likely suspect is an outfit called Zone-H.org, which archives defaced pages since those RevCo lads at Attrition.org tired of the drudgery and moved on. Zone-H said they were pretty skeptical of the whole affair, and doubted anything would happen, but made reference to shutting down their site for safe keeping in a lengthy, irrational statement to the media.

"Shutting down Zone-H during the contest day (we were thinking by ourself about doing it) won't solve the problem as we forecast that all the possible targets have been already conquered and they will be attacked anyway. Putting a blindfold on Zone-H is also the way we would render a bad service to the ITsec community," the statement read in part.

Interestingly, a similar difficulty with the English language can be found in the original defacers-challenge Web site where the whole thing started. The similarity in linguistic style has led some to suspect a unified approach here.

Meanwhile, Zone-H was taken off the Net either by its nervous (or crafty) admins, or by malicious script kiddies for most of Sunday, so they were apparently unable to monitor the carnage that never materialized.

Of course the contest never made much sense in the first place, offering a top prize of 500MB of free Web hosting, an amount of storage I recall having been pleased with on a PC I bought in 1988. Also, claiming a prize like that is a a pretty good way of getting busted, and besides, any decent journeyman cracker should be able to 'arrange' a hundred times that much free hosting without breaking a sweat.

So there's that. And then there's more. A number of Web sites that reliably exhibit skepticism towards hacker stunts and the insatiable appetite for them among the mainstream press, the 'security community' and the national-security bureaucracy, mock-defaced their own home pages with a message of hope reading, "I panicked over the Defacement Challenge scare and all I got was this lousy defacement."

The idea was to ridicule the challenge as well as the journos and bureaucrats who bought into it. The altered homepages list examples of hacker FUD and alarmist sincerity among the press, security vendors and government bureaux.

The sites include Attrition.org, InfoWarrior.org. Kumite.com and Treachery.net, and the greeting was the same. In other words, it was well-coordinated, as if planned for some time.

And this leads one to wonder if the skeptic lobby didn't have a hand in the mass defacement hoax. Could it have been a tutorial in FUD propagation? Were the press and the bureaucrats being taught a lesson about their lack of skepticism? It would hardly tax the imagination to design some ridiculous kiddie project, wait for the media to inflate it, and then lower the boom with a smirk.

An interesting possibility, and well worth keeping in mind, but then Zone-H came back with another of its press releases, pretty much begging to be placed under suspicion.

"Nothing would have happened, if only the media didn't pay so much attention turning a non-case into something useful to fill the empty summer newspapers.

The hype turned so much high, that the same cracker panorama started to broke apart about participating to the challenge. Even worse, half of the defacers (crackers who deface web pages) decided to boycott the challenge, some of them in a passive way (not participating) while some other in an active way (generating a denial of service attack against Zone-H that is known to be a neutral cyber crime observatory, designated *against its will*, to be witness of this competition)."

Evidently there's a good deal more to this story, but we hope we've cleared things up for now. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.