Hype: Defacers Challenge

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 07/04/03

  • Next message: Brad Corob: "MS03-021 (819639) Patch Misinformation"
    Date:         Fri, 4 Jul 2003 10:33:22 -0400

    I've held off commenting on this stupid challenge hoping that others would realize it was non-existent. Unfortunately, the press and many security outlets continue to hype the story. Below is our (TruSecure Corporation) assessment of this issue, publicly posted at;


    As you can see, it went from an initial assessment of Fact to Hype after ISS and DHS both thought it worthy of an alert. It wasn't, and isn't. We didn't post our assessment until it went to Hype. Here's a few comments worth sharing;

    "All sorts of folks are sending me URLs to articles, and I even saw mention of the defacers challenge on one of my OS X mailing lists. I expect my grandmother to call any minute wondering if she needs to worry (even though she doesn't have a computer)."

    "who would deface 6000 websites for 500mb of webspace....when you could use the sh-t you defaced and have huge amounts of webspace?"

    "i fail to see how that can alarm anyone with half a brain"

    Its worth noting that our monitoring of the underground has shown us that not one IRC channel, in which hackers or script-kiddiez chat, has had anyone express anything but disgust over the challenge.

    Zone-H, who is supposedly officiating the scoring, has never been able to do more than 4,000 defacements in a single day. They have to lay eyes on every defaced site for it to count, and its unlikely they'll be able to do that should this contest actually attract anyone. Mass-defacements count as a single defacement (e.g. many virtual sites on a single IP).

    Defacers don't do their thing for contests, they've got their own motivations which go beyond mere trivial prizes like hosting space. More likely the people announcing the contest were simply trying to see how many sheep they could coral under this social engineering exercise.

    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    TruSecure Hype Alert - "The Defacers Challenge"
    Publish Date: July 2, 2003
    Publish Time: 1833 EDT 
    Initial Assessment Date: July 1, 2003
    Initial Assessment Time: 0930 EDT 
    Initial Assessment: Fact
    Current Assessment: Hype
    Threat: Medium-Low ( There is a near constant level of defacement activity on the Internet. A marginal contest is unlikely to influence this activity significantly. ) 
    Vulnerability Prevalence: Medium ( There are many vulnerable, poorly maintained web servers on the Net that represent "low hanging fruit" who become defacement victims. Sites with a comprehensive security program are at very low risk and a contest to deface web sites is unlikely to change their risk profile. ) 
    Cost: Medium ( The chief cost of a defacement is damage to image and reputation. ) 
    A single source in the hacker underground announced "The Defacement Challenge" to be held on July 6, 2003. Unfortunately, one security services provider and today, the Department of Homeland Security have seized upon this marginal, fringe effort and given it far more publicity than it deservers. Attackers who deface websites have their own motivation for committing computer crime. Security professionals promoting a contest among these criminals only provides additional impetus for their actions and is counterproductive to a goal of reducing risks on the Internet. 
    TruSecure's IS/Recon has been monitoring the hacker underground for nearly ten years. This contest was invisible in the underground. No one cared. "Chatter" in the underground for the contest picked up only in the last 36 hours, after "responsible" security officials began promoting this contest. Those who are responsible for promoting security have instead contributed to increased risk for some web sites by drawing media attention to what would otherwise have been an insignificant, fringe effort, probably by one person. 
    The defacers succeed chiefly against the small-medium enterprises and web hosts who lack the resources to retain full-time security either on-staff or on-retainer. It is these web sites that have been the victims of most defacements in recent months. These web sites were vulnerable before this contest existed, a frenzy of defacements inspired by the publicity generated by "responsible" security professionals only increases the risk those vulnerable hosts will be successfully attacked. 
    Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
    With a growth rate exceeding 110%, the TICSA security practitioner
    certification is one of the hottest IT credentials available.  And now, for
    a limited time, you can save 33% off of the TICSA certification exam! To
    learn more about the TICSA certification, and to register as a TICSA
    candidate online, just go to

  • Next message: Brad Corob: "MS03-021 (819639) Patch Misinformation"