Web defacement contest set for July 6

Lock down your Web servers. The first Defacers Challenge, complete with prizes for the hacker or hackers who can first deface 6,000 Web sites, is scheduled for July 6.

According to an announcement posted on the Web site at www.defacers-challenge.com, the contest will be conducted over a six-hour period. The time has not been set, but probably will be in the morning.

"My hope is this being first of many defacers challenge!" the site says.

The announcement is written in comically broken English, but security experts are taking the threat seriously. Internet Security Systems Inc. of Atlanta raised its threat level Wednesday to AlertCon 2, on a four level scale, recommending increased vigilance.

"We've checked with a couple of sources, and we believe it is a valid concern," said Peter Allor, manager of ISS' X-Force Threat Analysis Services.

Since the announcement appeared late last week, ISS and other security firms have seen increased reconnaissance traffic, Allor said.

According to its posted rules, the challenge will be a freestyle contest with a goal of defacing 6,000 sites. The individual or team hitting this number first will win. If no contestant reaches that number, the highest number of defacements will win.

Duplicate defacements within subdomains will not be counted, nor will defacements in free hosting domains, such as geocities or angelfire.

Points also will be awarded based on the operating of the server. Windows operating systems will receive one point, Linux and BSD OSs will be worth two points each, AIX will be worth three points, and HP-UX and Macintosh operating systems will be worth five points each.

The higher points reflect the fact that these operating systems are less numerous in Web servers and are less frequently targeted.

The winner apparently gets 500M of Webmail hosting. Judging will be based on defacements reported to and verified on the www.Zone-H.org Web site, which is not connected with the contest.

"Zone-H is the Internet thermometer and when the Internet has a fever, we just want to be there to measure it, nothing more," the web site's administrator said. "Personally I consider this challenge a silly thing."

There are indications that the hacking community is preparing for the contest, Allor said.

"Defacements are down," he said. "We believe they are down because [hackers are] holding back. There also is an increase in people checking banners and fingerprinting machines."

Publicly available domain registration information for the defacers challenge site is not accurate, but there are indications of the source of the site.

"We believe that the text of the Web page was translated through a Web translation service," explaining the bizarre wording and grammar, Allor said. "The translation, we believe, is out of Portuguese."

Allor recommended hardening servers by updating patches and turning off unneeded services, and keeping an eye on intrusion detection logs and traffic flows.

About the Author

William Jackson is a Maryland-based freelance writer.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

What is your e-mail address?

My e-mail address is:

Do you have a password?

Forgot your password? Click here
close

Trending

  • Dive into our Contract Award database

    In an exclusive for WT Insider members, we are collecting all of the contract awards we cover into a database that you can sort by contractor, agency, value and other parameters. You can also download it into a spreadsheet. Our databases track awards back to 2013. Read More

  • Navigating the trends and issues of 2016 Nick Wakeman

    In our latest WT Insider Report, we pull together our best advice, insights and reporting on the trends and issues that will shape the market in 2016 and beyond. Read More

contracts DB

Washington Technology Daily

Sign up for our newsletter.

I agree to this site's Privacy Policy.