[GTER] Hype: Defacers Challenge

Roberto Cury Jr. roberto.cury at atento.com.br
Fri Jul 4 13:58:03 -03 2003 


Cross posting da NT-BUGTRAQ.

---


I've held off commenting on this stupid challenge hoping that others would
realize it was non-existent. Unfortunately, the press and many security
outlets continue to hype the story. Below is our (TruSecure Corporation)
assessment of this issue, publicly posted at;

http://www.trusecure.com/knowledge/hypeorhot/2003/defacerschallenge.shtml

As you can see, it went from an initial assessment of Fact to Hype after
ISS and DHS both thought it worthy of an alert. It wasn't, and isn't. We
didn't post our assessment until it went to Hype. Here's a few comments
worth sharing;

"All sorts of folks are sending me URLs to articles, and I even saw mention
of the defacers challenge on one of my OS X mailing lists. I expect my
grandmother to call any minute wondering if she needs to worry (even though
she doesn't have a computer)."

"who would deface 6000 websites for 500mb of webspace....when you could use
the sh-t you defaced and have huge amounts of webspace?"

"i fail to see how that can alarm anyone with half a brain"

Its worth noting that our monitoring of the underground has shown us that
not one IRC channel, in which hackers or script-kiddiez chat, has had
anyone express anything but disgust over the challenge.

Zone-H, who is supposedly officiating the scoring, has never been able to
do more than 4,000 defacements in a single day. They have to lay eyes on
every defaced site for it to count, and its unlikely they'll be able to do
that should this contest actually attract anyone. Mass-defacements count as
a single defacement (e.g. many virtual sites on a single IP).

Defacers don't do their thing for contests, they've got their own
motivations which go beyond mere trivial prizes like hosting space. More
likely the people announcing the contest were simply trying to see how many
sheep they could coral under this social engineering exercise.

Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

----
TruSecure Hype Alert - "The Defacers Challenge"
Publish Date: July 2, 2003
Publish Time: 1833 EDT
Initial Assessment Date: July 1, 2003
Initial Assessment Time: 0930 EDT

RISK INDICES:
Initial Assessment: Fact
Current Assessment: Hype
Threat: Medium-Low ( There is a near constant level of defacement activity
on the Internet. A marginal contest is unlikely to influence this activity
significantly. )
Vulnerability Prevalence: Medium ( There are many vulnerable, poorly
maintained web servers on the Net that represent "low hanging fruit" who
become defacement victims. Sites with a comprehensive security program are
at very low risk and a contest to deface web sites is unlikely to change
their risk profile. )
Cost: Medium ( The chief cost of a defacement is damage to image and
reputation. )

Summary:
A single source in the hacker underground announced "The Defacement
Challenge" to be held on July 6, 2003. Unfortunately, one security services
provider and today, the Department of Homeland Security have seized upon
this marginal, fringe effort and given it far more publicity than it
deservers. Attackers who deface websites have their own motivation for
committing computer crime. Security professionals promoting a contest among
these criminals only provides additional impetus for their actions and is
counterproductive to a goal of reducing risks on the Internet.

TruSecure's IS/Recon has been monitoring the hacker underground for nearly
ten years. This contest was invisible in the underground. No one cared.
"Chatter" in the underground for the contest picked up only in the last 36
hours, after "responsible" security officials began promoting this contest.
Those who are responsible for promoting security have instead contributed
to increased risk for some web sites by drawing media attention to what
would otherwise have been an insignificant, fringe effort, probably by one
person.

Impact:
The defacers succeed chiefly against the small-medium enterprises and web
hosts who lack the resources to retain full-time security either on-staff
or on-retainer. It is these web sites that have been the victims of most
defacements in recent months. These web sites were vulnerable before this
contest existed, a frenzy of defacements inspired by the publicity
generated by "responsible" security professionals only increases the risk
those vulnerable hosts will be successfully attacked.

More information about the gter mailing list