Rootsecure Homepage
About RootSecure
Lite Edition
User Area
Audio News
Daily Newsletter
Site News Archives
Sources News Archive
SecNews RSS Feeds
SecNews Console
Links:
Videos
Security
Hacking
Wireless
Downloads:
Other
Perl Scripts
Audio Clips
Win32 Tools
Media Archive
PDF Documents
Reports
Hacker Gear
Win' Error Pic's
ASCII Generator
Your IP Address
RootSecure:
Contact
Search
Publicity
Affiliates
Attack Statistics
Syndication
(RSS/XML Feed)
Privacy Policy
Hits: 115,853,491
(Since 06/09/02)
Admin Telnet
HoneyPot Project
|
|
|
|
Reports | Sunday Defacement Contest - Full analysis of what happened
{8th Jul 2003} |
|
|
After much anticipation 7am GMT on Sunday the 6th of July finally
arrived, and the
Defacement Competition officially began.
From the outset Zone-H, a independent defacement mirror site who the
Defacement Challenge organisers chose to obtain their statistics
from started experiencing technical difficulties. Their server was
unable to cope with the masses of people who wanted to find out what was
happening. This resulted in it being intermittently available until
8am, at which time a ‘Distributed Denial of Service', DDoS attack (where
many machines are instructed to continuously flood a site with packets)
was directed at Zone-H which then knocked the site
offline for the remainder of the day.
Before it went down, only an
average numbers of defacement had been logged. A statement in Portuguese
was issued by one group of DDoS's (several are believe to have
participated), an English translation of which can be see at:
content/temp/ddos_on_zone-h_statement.htm, the main message was "Be
warned, if you try to carry out another website defacement championship
we will carry out another DDoS".
Eight hours later an alternate defacements submission site was coded up
and brought online. A rough count shows
500 defacements
to have occurred and been confirmed on the 6th of July (several hundred
others were not confirmed). The Sunday average is 581 defacements
for the past 4 weeks (June 8th 496, 15th 625, 22nd 913, 29th 291). Judging by this along
with the fact it was so widely reported, most of those with the motive to
compromise websites must have simply chose not to participate it could be
assumed that ‘Defacers Challenge' had only a negligible, if any effect
on the number of defacements that would have occurred anyway on a normal
Sunday. However that assumption would be incorrect, because it
will likely never be know how many defacements would have otherwise been
recorded if those carrying them out were able to report them the way
they usually did rather than on a page known only to those frequenting
IRC (Internet Relay Chat).
Toward the end of the day
Delta5 Security, another website tracking defacements
went offline, however this appears to have been unrelated to the
contest. Its ironic that through ordeal the ‘Defacers Challenge' website
seem to have has the most uptime despite having to move hosts a
couple of times.
Zone-H were less than pleased about getting caught in the middle of a
row between the contest organisers and the DDoS's, challenging the ethics of those that chose to attack a "neutral party"
only interested in mirroring defacements, who certainly played no active
role in the competition. They returned to some degree of stable
operation the following day.
In an email Eleonora[67], Defacers Challenge provided an incite into
events from their perspective: The downtime caused to Zone-H was
regretted, and put down to the DDoS's seeking media attention "what
would attract more media attention than a hackers contest?... stopping
the hacker contest". Eleonora[67] went on to say that they knew that any
damage done would likely be small if any at all, and admitted
participants would likely all be teenage kids looking to prove their
skills. The main reason for organising the competition was stated as
being "just a way to get word out", the word they are referring to is
broadly understood to be how powerful defacers can be if they work
together in a coordinated attack. This however is certainly not
indicated by figured currently known.
Interestingly throughout the email several quotes were given, from those
such as Noam Chomsky, and Edward S. Herman. The email was finished up
with the following ominous statement and quote "this is only the beginning"
"They who have put out the people's eyes, reproach them of their
blindness -- John Milton".
Defacers challenge organisers have still not released details of the
results as to who won first, second or third place.
The extensive hype by the media on this story led some to suspect foul play in regards
to who actually organised the contest. Darci Wood, girlfriend of famous
hacker Kevin Mitnick speculated in her blog "you don't think this whole
thing may have been dreamed up by someone in the security industry, do
you?", but ‘The Register'
spectacularly topped this by practically accusing Zone-H of
masterminding it "The first likely suspect is an outfit called Zone-H.org"
along with criticizing their "irrational statement to the media", and
pointing out similarities between their press release, and the Defacers
Challenge website.
The Register however was not stopping its wild conspiracy theories with
just one website, but decided to implicate Attrition.org (who themselves
used to mirror defaced websites) among others as well, accusing them at the very
lease of having prior knowledge off events "it was well-coordinated, as
if planned for some time". This was after they defaced their own sites
with a message [mirror] which in
part read "I panicked over the Defacement Challenge scare and all I got
was this lousy defacement".
In the end, its amazing how a single website, can cause such dramatic media hype,
fear, and
wild speculation in a little less than 5 days. There certainly seems
more to this story than has yet been revealed.
Related Links:
defacers-challenge.com
[mirrors]
defacers-challenge.info
|
|