R o o t s e c u r e . n e t
The Security News Site For Systems Administrators & Hackers Sunday, 26th October 2014 @ 02:53:08 GMT 
Reports | Sunday Defacement Contest - Full analysis of what happened
{8th Jul 2003}
After much anticipation 7am GMT on Sunday the 6th of July finally arrived, and the Defacement Competition officially began.

From the outset Zone-H, a independent defacement mirror site who the Defacement Challenge organisers chose to obtain their statistics from started experiencing technical difficulties.  Their server was unable to cope with the masses of people who wanted to find out what was happening.  This resulted in it being intermittently available until 8am, at which time a ‘Distributed Denial of Service', DDoS attack (where many machines are instructed to continuously flood a site with packets) was directed at Zone-H which then knocked the site offline for the remainder of the day.

Before it went down, only an average numbers of defacement had been logged.  A statement in Portuguese was issued by one group of DDoS's (several are believe to have participated), an English translation of which can be see at: content/temp/ddos_on_zone-h_statement.htm, the main message was "Be warned, if you try to carry out another website defacement championship we will carry out another DDoS".

Eight hours later an alternate defacements submission site was coded up and brought online.  A rough count shows 500 defacements to have occurred and been confirmed on the 6th of July (several hundred others were not confirmed).  The Sunday average is 581 defacements for the past 4 weeks (June 8th 496, 15th 625, 22nd 913, 29th 291).  Judging by this along with the fact it was so widely reported, most of those with the motive to compromise websites must have simply chose not to participate it could be assumed that ‘Defacers Challenge' had only a negligible, if any effect on the number of defacements that would have occurred anyway on a normal Sunday.  However that assumption would be incorrect, because it will likely never be know how many defacements would have otherwise been recorded if those carrying them out were able to report them the way they usually did rather than on a page known only to those frequenting IRC (Internet Relay Chat).

Toward the end of the day Delta5 Security, another website tracking defacements went offline, however this appears to have been unrelated to the contest.  Its ironic that through ordeal the ‘Defacers Challenge' website seem to have has the most uptime despite having to move hosts a couple of times.

Zone-H were less than pleased about getting caught in the middle of a row between the contest organisers and the DDoS's, challenging the ethics of those that chose to attack a "neutral party" only interested in mirroring defacements, who certainly played no active role in the competition.  They returned to some degree of stable operation the following day.

In an email Eleonora[67], Defacers Challenge provided an incite into events from their perspective:  The downtime caused to Zone-H was regretted, and put down to the DDoS's seeking media attention "what would attract more media attention than a hackers contest?... stopping the hacker contest".  Eleonora[67] went on to say that they knew that any damage done would likely be small if any at all, and admitted participants would likely all be teenage kids looking to prove their skills.  The main reason for organising the competition was stated as being "just a way to get word out", the word they are referring to is broadly understood to be how powerful defacers can be if they work together in a coordinated attack.  This however is certainly not indicated by figured currently known.

Interestingly throughout the email several quotes were given, from those such as Noam Chomsky, and Edward S. Herman.  The email was finished up with the following ominous statement and quote "this is only the beginning" "They who have put out the people's eyes, reproach them of their blindness -- John Milton".

Defacers challenge organisers have still not released details of the results as to who won first, second or third place.

The extensive hype by the media on this story led some to suspect foul play in regards to who actually organised the contest.  Darci Wood, girlfriend of famous hacker Kevin Mitnick speculated in her blog "you don't think this whole thing may have been dreamed up by someone in the security industry, do you?", but ‘The Register' spectacularly topped this by practically accusing Zone-H of masterminding it "The first likely suspect is an outfit called Zone-H.org" along with criticizing their "irrational statement to the media", and pointing out similarities between their press release, and the Defacers Challenge website.

The Register however was not stopping its wild conspiracy theories with just one website, but decided to implicate Attrition.org (who themselves used to mirror defaced websites) among others as well, accusing them at the very lease of having prior knowledge off events "it was well-coordinated, as if planned for some time".  This was after they defaced their own sites with a message [mirror] which in part read "I panicked over the Defacement Challenge scare and all I got was this lousy defacement".

In the end, its amazing how a single website, can cause such dramatic media hype, fear, and wild speculation in a little less than 5 days.  There certainly seems more to this story than has yet been revealed.

Related Links:

defacers-challenge.com [mirrors]