!!! WARNING TO THE WISE - BACKUP OR DIE !!! "Web defacement contest scheduled..."

[Vin DSL]

Web defacement contest scheduled for Sunday

By William Jackson
GCN Staff

Lock down your Web servers—the first Defacers Challenge, complete with prizes for the hacker or hackers who can first deface 6,000 Web sites, is scheduled for this Sunday, July 6.

According to an announcement posted at www.defacers-challenge.com, the contest will be conducted over a six-hour period. The start time has not been set, but it probably will be in the morning.

“My hope is this being first of many defacers-challenge!” the site says.

The announcement is written in comically broken English, but security experts are taking the threat seriously. Internet Security Systems Inc. of Atlanta raised its threat level Wednesday to AlertCon 2—on a four-level scale—recommending increased vigilance.

“We’ve checked with a couple of sources, and we believe it is a valid concern,” said Peter Allor, manager of ISS’ X-Force Threat Analysis Services.

Since late last week when the announcement appeared, ISS and other security firms have seen increased reconnaissance traffic, Allor said.

According to its posted rules, the challenge will be a freestyle contest with a goal of defacing 6,000 sites. The individual or team hitting this number first will win. If no contestant reaches that number, the one who reaches the highest number of defacements will win. Duplicate defacements within subdomains will not be counted, nor will defacements in free hosting domains such as geocities or angelfire.

Points also will be awarded based on the server’s operating system. Windows OSes will receive one point, Linux and BSD OSes will be worth two points each, AIX will be worth three points, and HP-UX and Macintosh operating systems will be worth five points each. The higher points reflect the fact that there are fewer of these operating systems in Web servers and are less frequently targeted.

The winner apparently gets 500M of Webmail hosting. Judging will be based on defacements reported to and verified on the www.Zone-H.org Web site, which is not connected with the contest.

"Zone-H is the Internet thermometer and when the Internet has a fever, we just want to be there to measure it, nothing more," the web site's administrator said. "Personally I consider this challenge a silly thing."

There are indications that the hacking community is preparing for the contest, Allor said.

“Defacements are down,” he said. “We believe they are down because they’re holding back. There also is an increase in people checking banners and fingerprinting machines.”

SOURCE: Government Computer News

[Vin DSL]

Web Site Warning: Defacement Contest Sunday

By Dennis Fisher
eWeek Staff

Crackers and low-level online vandals are planning some post-Independence Day fireworks this weekend with a so-called Web site defacement challenge. The goal is for participants to deface as many sites as possible within the six-hour time limit.
Some government organizations have issued warnings to their constituent agencies, cautioning them about the contest and urging them to ensure that their Web servers are secured. The New York State Office of Cyber Security and Critical Infrastructure Coordination implored state agencies to take simple steps such as changing default passwords, removing unused sample applications from production servers and backing up their Web servers.

Internet Security Systems Inc. on Wednesday sent out a bulletin about the contest that said the company's X-Force research team has seen increased levels of reconnaissance-type scans on Web servers, presumably from participants scouting vulnerable servers for the contest. The competition is set to begin Sunday, and the winner will be the first person or team to deface 6,000 sites, or whoever has defaced the most sites within the time limit if no one reaches 6,000.


A further list of rules is laid out on a rudimentary Web site that advertises the contest in miserable, sometimes indecipherable English. There is also a version of the site in Portuguese, which might indicate the organizers of the event are members of the extremely active Brazilian hacking scene.

Participants will be awarded points based on the operating system running on the Web servers they deface. Windows machines get just one point, while the less common HP-UX and Macintosh systems are awarded the maximum of five points.

These kinds of contests among crackers are not uncommon, but the potentially huge scope and public advertisement of the defacement challenge make it somewhat unusual.

SOURCE: eWeek

[Vin DSL]

Hacker Contest Could Strike This Weekend; Thousands Of Sites Threatened

By Gregg Keizer
TechWeb Staff

A hacking contest scheduled for this Sunday could result in thousands of defaced Web sites, warned security firm Internet Security Systems (ISS) on Wednesday as it raised the level of its threat assessment meter and advised all enterprises to be extra vigilant.

The organized Web defacement event -- called Defacers Challenge by its unknown organizers -- is to take place Sunday, July 6. During a six-hour time span -- the exact start and end times have not been set, according to the Challenge's Web site -- hackers will be awarded points for compromising Web servers and defacing its pages. Ironically, the prize for the winning hacker is free Web hosting.

“This isn't a hoax,” said Chris Rouland, vice president of ISS's X-Force security research and development. “We're seeing increasing scanning for vulnerabilities across our networks and decreased incidences of defacement,” he said. “These are measurable events, and led us to conclude that [hackers] are sandbagging in anticipation of the contest, compromising systems but not defacing them [yet].”

Rouland hasn't seen something like this before. “We've seen organized defacing efforts in the past, but the last was when Chinese hackers attacked systems in the U.S. in retaliation after the spy plane incident.” In April 2001, Chinese and American hackers skirmished for several days, each defacing sites in the others' country.

Tempers flared, both in the hacking community and the world in general, after a U.S. intelligence aircraft collided with a Chinese fighter jet, and was forced to land at a Chinese airfield.

The contest is unusual in other ways. A minimum of 6,000 defacements is required to win, according to the Defacers Challenge Web site. And its sliding-scale awards points for successful defacements according to the operating system used on the Web server. HP-UX, Apple, and IBM-AIX are worth more points because of their limited exposure as Web hosting platforms, said ISS, and because they're targeted less often than Microsoft- and Linux-based systems. That's one reason why ISS urged enterprises running HP, Apple, and IBM operating systems on outward-facing servers to be especially on guard.

“It's almost as if they're saying that Microsoft is too easy to break into,” said Rouland. While hacks into HP-UX and Apple servers garner five points in the contest, those successful on systems running Windows receive just one point.

The potential damage is substantial, said Rouland, noting that the week-long Chinese defacement campaign of 2001 resulted in approximately 10,000 defacements. “And that was big,” he said. “If a dozen hacker groups each deface 6,000 sites, that's getting into some serious numbers. Defacing 20,000 to 30,000 sites in six hours is pretty apocalyptic.”

Defacements themselves aren't the problem -- it's analogous to a paint can-wielding teenager tagging a wall with graffiti -- but the clean-up afterwards can ring up huge amounts of IT time.

ISS, said Rouland, believes that the contest involves hacker gangs from both Brazil and Hong Kong.

“We've also traced communication between Brazil and Hong Kong [about the contest],” claimed Rouland.

The selected day couldn't be better for hackers, said Rouland. “It's a three-day holiday weekend here in the U.S.,” he said. Most companies will be shuttered on Friday, July 4, as the United States celebrates its Independence Day. Firms typically run with a reduced IT staff on weekends.

ISS has raised its threat assessment to AlertCon 2 -- the company used a four-level system to note the current security situation -- on the basis of its investigation into the defacing contest.

It also recommended that enterprises remain vigilant from now through the weekend, and review their current security policies, especially those applying to outward-facing Web servers.

“Companies should monitor their intrusion detection systems and firewalls,” said Rouland. “And scan and patch vulnerable systems. Although outward-facing servers are most at risk, any system that is in the DMZ [the middle ground between a trusted internal network and an untrusted, external network, like the Internet] can be defaced. It wouldn't be hard for these guys to install their own Web software on a compromised mail server, for instance.”

While the prize for the winner seems ridiculous -- a Web hosting package -- that's not the reason hackers will join in, said Rouland. “Notoriety, that's the prize they're after.”

“We're aware of it and we're monitoring the situation,” said Brian King a member of the technical team at CERT, the federally-funded clearinghouse for security and virus threats. “But it's important to remember that this is not a discrete event. We see this [defacing] activity going on all the time.”

Symantec's Oliver Friedrichs, the senior manager for the company's Security Response team, also noted that his firm is aware of the contest. But unlike ISS, which sees signs that hackers are preparing for the Sunday contest, Symantec hasn't found any direct evidence.

“We haven't seen any evidence of precursor activity,” Friedrichs said. That could take the form of an increase in server vulnerability scans, which would indicate that hackers are harvesting a list of compromised servers they can immediately deface when the contest begins Sunday.

Both King and Friedrichs made security recommendations that generally mirrored those from ISS'. King, however, also advised companies to make sure that their custom Web applications -- such as chat software or e-commerce shopping cart systems -- are secured and configured correctly, and to disable unnecessary Web services.

SOURCE: TechWeb

[Vin DSL]

Hacking Contest Threatens Web Sites

By George V. Hulme
InformationWeek

A hacking contest slated for this weekend could produce a rash of Web-site defacements worldwide, according to a warning issued Wednesday by security companies and government Internet security groups.
The hacker defacement contest is expected to kick off on Sunday. The contest supposedly will award free hosting services, Web mail, unlimited E-mail forwarding, and a domain name of choice for the triumphant hackers, according to a Web site promoting the contest.

Web-site defacement points will be awarded based on the type of operating system running the Web site. Defacement of Web sites running Windows will only win a single point, while sites running Linux, Unix, and BSD are each worth three points. Sites running AIX, IBM's version of Unix, are worth three points, while sites running HP-UX, Hewlett-Packard's version of Unix, and Macintosh, Apple's operating system, are worth up to five points, according to the contest Web site.

Internet Security Systems Inc., which operates a cyberthreat early-warning network called the Information Technology Information Sharing and Analysis Center, is urging Web-site administrators to review their Web-site security before they head home for the holiday weekend. ISS's X-Force research group says they've received credible information that hacker groups are scanning Web sites to discover vulnerable systems. But X-Force doesn't expect any major activity until Sunday.

While there's been a recent increase in Web-site scanning activity, there's also been a noticeable decrease in Web-site defacements, says Chris Rouland, director of ISS X-Force. "The hackers are sandbagging," he says. "We've seen this before. Hackers will break in before the event and conduct the actual defacement during the contest."

The exact time the contest will start is not yet known, but the contest rules say it will be limited to six hours. X-Force is trying to determine whether the contest is being run by hacking groups from Brazil or Hong Kong, both known for active Web-defacing activity.

The contest also may be a recruiting effort, Rouland says. "This is one way to learn who are the best defacers out there" and to find out which hackers have figured out new ways to break in and deface sites, he says.

The New York Office of Cyber Security and Critical Infrastructure Coordination also issued an advisory about the contest and is asking Web-site administrators to take steps to improve security. Among the recommendations:

• Make sure that default passwords are changed. This should include Web servers and any other servers that the Web server has a trusted relationship with.

• Remove sample applications that aren't being used, such as CGI scripts and Active Server Pages, from Web servers.

• Lock down Microsoft Front Page Extensions. By default, those extensions are installed in a manner that gives every user the ability to author Web pages, even through proxy servers. This recommendation also applies to Front Page Extensions installed on Unix platforms.

• Turn Web server logging on. Logs are essential to determining how a defacement was accomplished so a recurrence can be prevented. Use of the extended log format is recommended.

• Have a current backup of your Web server. In the event of a defacement, a good backup is essential to quickly restore the server to its original look.

• Apply the latest security patches to your Web server and underlying operating system after appropriate testing.

SOURCE: InformationWeek

[Connie]

I saw this on CBS news tonight. The indication was that Government and
Corporate sites would be the main targets. Who knows. This could be a
real problem for all of us.

[Vin DSL]

Originally posted by clssam
...This could be a real problem for all of us...

Indeed, especially considering what happened less than 3 months ago on JagPC servers. I got my house in order. Give me some space and I can be back online in an hour.

Anyway, everyone has been warned. If you don't have backups, que sera, sera...

[Connie]

Originally posted by Vin DSL
Indeed, especially considering what happened less than 3 months ago on JagPC servers. I got my house in order. Give me some space and I can be back online in an hour.

Anyway, everyone has been warned. If you don't have backups, que sera, sera...

It would take me a little longer than an hour, but my main site is backed up on my PC and another web server.

Hope this weekend does not result in any need for restoring for any of us.

[noam]

>Indeed, especially considering what happened less than 3
>months ago on JagPC servers.


What happened three months ago?

[Vin DSL]

Originally posted by noam
What happened three months ago?

http://forums.jaguarpc.com/showthrea...&threadid=8925

[CeleronXL]

Some sites already defaced. One of which is one I go to, http://www.currentpolitics.com/

[Vin DSL]

Defacement contest likely to target Web hosting firms

By John Leyden


A defacement challenge scheduled for Sunday is likely to target Web hosting companies rather than individual Web sites.

Defacement archive site Zone-H reasons that crackers will target Web sites they have already rooted because of the limited time set aside for the challenge.

The 'rules' of the challenge state that there will not be any difference when counting a single defacement (single IP) or a mass-defacement (many domain names on the same IP), so Zone-H reasons, hosting firms will be the main target.

"Given time frame will be only six hours, what is mostly going to happen is that a lot of Web hosting companies will be hit, instead than single servers belonging to different companies," Zone-H reports.

Due to the sharp decrease of the defacement over the last few days, Zone-H reasons crackers rooting possible targets without defacing them, so to be ready with a lot of ready-to-be-defaced targets to be used on the contest day. The defacement competition challenges crackers to deface as many as 6,000 sites in the shortest time possible to win the contest.

Point values are based on the operating systems hacked and defaced. HP-UX, Apple, and IBM-AIX are worth more points due to their limited use as Web-hosting platforms, and because they are targeted less often than Microsoft and Linux-based systems.

Zone-H is forecasting anywhere from 20,000 attacks might arise from the challenge. However it is downplaying fears that mass disruption of Internet services due to the attacks.

"A mass-defacement (even of several thousands domain names) is usually conducted opening a single connection to the attacked server," it reasons.

Defacement attacks occur all the time, not only during a mass hacking contest. But in the run up to the latest hacking spree there's all the more reason to shore up security defences.

Zone-H recommends the following general security precautions to sysadmins:
Download and apply all security patches

Shut down all the unnecessary modules on a Web server

Close all the unnecessary ports
It's also a wise precaution to check for the presence of any backdoor/rootkit on systems. Tell tale signs include: freshly added unknown users, suspicious connections on open port and suspicious shell program. Spotting these kinds of problems is where vulnerability scanners come in useful.

Finally, in the know thy enemy category, Zone-H, reminds sysadmins of the most common vulnerabilities targeted by defacers. These include flaws in the following packages/services: OpenSSL, Samba, Webdav, Frontpage extension misconfiguration, AIX ftpd, Solaris telnetd, Sendmail, Wuftpd, Proftpd, PHPnuke (not for mass defacement but still an ever present risk), OmniBack II and Cpanel.

Let's be careful out there. ®