X

Web vandals' contest leaves faint trace

Unknown attackers take down the largest recorder of Web site defacements on the same day that vandals had been thought to be planning an online graffiti contest.

Robert Lemos Staff Writer, CNET News.com
Robert Lemos
covers viruses, worms and other security threats.
See full bio
Robert Lemos
2 min read
Unknown attackers downed the largest recorder of Web site defacements on Sunday, the same day that vandals had been thought to be planning an online graffiti contest.

The attack left the security site Zone-H.org mostly inaccessible until late Sunday and the effects of the contest largely in dispute. While some 500 Internet addresses corresponding to defaced Web sites were submitted to Zone-H.org, the intermittent accessibility of the site meant that hundreds, if not thousands, more may have not been recorded.

"We'll likely know over the next 36 hours," Roberto Preatoni, founder and editor of Zone-H, wrote Sunday during an Internet chat with CNET News.com.

Word of the contest spread quickly late last week after news reports and security company Internet Security Systems publicized the event. A Web site called the Defacers' Challenge urged online vandals to crack into as many Web sites as possible on Sunday and report the defacements to Zone-H, a neutral third party.

Though Preatoni expected between 20,000 and 30,000 registrations of hacked sites Sunday, far fewer came in. The lack of response, apparently due to the trouble that scofflaws had in contacting Zone-H, could also be an indication that the rash of Web site attacks was mainly a flop.

Zone-H.org is best-known for its database archiving the snapshots of Web sites that have been defaced. The Web site had to open an alternative page for taking submissions for the contest. Preatoni said he normally sees anywhere between 1,000 and 3,000 Web site defacements on any given Sunday.

Because of the problems encountered by Zone-H.org, the person running the challenge--a person using the handle "Eleonora(67)"--extended the contest another 24 hours.

Although chaos apparently stymied defacers' attempt at anarchy, many security researchers criticized the amount of attention the event received in the first place.

A group of security sites, including the former defacement archive Attrition.org, lampooned the security industry and several government organizations for taking the contest so seriously.

In fake defacements of six Web sites, titled "I panicked over the Defacement Challenge scare and all I got was this lousy defacement," the experts stressed that attacks happen all the time. Moreover, they added that the contest, which grants the winner a prize of lackluster 500MB of storage on the Web, would not be taken seriously by the majority of security researchers and hackers.

"We are basically saying that you should secure your systems like you always do," said Richard Forno, author, independent security consultant and a participant in the lampoon. "If you are any type of IT (information technology) or security professional, this shouldn't scare you."