Hacking Competition Gets Hacked
By James Maguire
Date: July 08, 2003
Some experts claim that organized hack attacks may actually improve security by forcing firms to beef it up. But, says Aberdeen's Eric Hemmendinger: "Is it a good idea to throw rocks at windows to get people to spend more money on putting good windows in place?"
A competition among hackers to see who could deface the greatest number of Web sites was itself the victim of a hacking attack. As the competition got underway on Sunday, hackers created a denial of service attack on Zone-H.org, an independent site that monitored the event.
While the denial-of-service attack created uncertainty about the results of the contest, it appears that a raft of sites were affected by the coordinated hacker onslaught. However, security experts said that only small, unsecured sites were compromised. The Internet's leading Web sites, like Yahoo (Nasdaq: YHOO) and Amazon (Nasdaq: AMZN) , were unfazed.
"We didn't see much activity on our end," Chris Wraight, spokesperson for security firm Sophos, told NewsFactor. "It was definitely a non-event from what we heard."
Indeed, an organized hacking attack is unlikely to succeed, Aberdeen analyst Eric Hemmendinger told NewsFactor, because "it's somewhat akin to trying to herd cats."
Linux 2, Windows 1
The event began with a challenge to hackers to deface as many Web sites as possible in a six-hour time span on Sunday. They were to be awarded points for the number and type of servers they broke into.
For example, breaking into a Windows server was worth 1 point, while breaking into a Linux, Unix or BSD server was worth 2 points. The winner was to be awarded a Web-hosting package.
To monitor the contest, Defacers-Challenge -- the organization behind the scheme -- chose the neutral site Zone-H.org., an Estonian-based site known for tracking cybercrime. "We inform everybody that we choosed Zone-H due to its notorious independency," states the Defacers-Challenge site.
Zone-H said it had been designated as a contest monitor "against its will."
The contest, preceded by a flood of media coverage, began to break down almost as soon as it began. It started at 9:00 a.m. Estonian time, and by 9:48, the overload of traffic to Zone-H -- 3,500 simultaneous visitors -- forced the site to shut down and restart its servers every three minutes.
At 10:00 a.m., a denial-of-service attack forced the site to shut down completely. According to Zone-H, "half of the defacers decided to boycott the challenge -- some of them in a passive way (not participating) while some others in an active way, (generating a denial of service attack)."
For the next 12 hours, the main Zone-H site was down, though site administrators did set up a secondary site on a different IP address.
Due to the confusion, Defacers-Challenge announced that it was extending the contest several hours. Because of the lack of an accurate monitoring system, potentially hundreds of more Web sites were affected than the current list on Zone-H.
Yet, based on the current Zone-H list, only the smallest Web sites were successfully defaced. After looking at the list of sites reported hacked, "I didn't see any major institutions or industries and, for a change, I didn't see any government sites there," Internet Security Systems (Nasdaq: ISSX) manager Pete Allor told NewsFactor.
"That tells me that people heeded the warning," he said, referring to statements from the ISS and other organizations concerning the event.
Over the Edge
In addition to the site hacking contest launched by Defacers-Challenge, Wraight noted that large commercial sites also have created such competitions. "I think it's interesting, but I think it's a little over the edge in terms of opening yourself up to real potential damage," he said.
"You don't see banks putting a sign in their front door saying, 'Here, try and rob us.'"
Some analysts claim that such an organized attack may actually improve security by forcing firms to pay more attention to it. But Aberdeen's Hemmendinger disputes this notion: "Is it a good idea to throw rocks at windows to get people to spend more money on putting good windows in place?"
Original article: http://www.newsfactor.com/perl/story/21858.html#story-start
^macro[showdigestcomments;^uri;Hacking Competition Gets Hacked]