Seattle Post-Intelligencer on Thursday, July 03, 2003
Web-site defacement contest may be Sunday.
Computer hackers plan to deface thousands of Web sites worldwide Sunday as part of a nefarious game being coordinated over the Internet.
The anonymous organizers of the “Defacers Challenge” claim on a Web site that the goal will be to deface 6,000 Web sites in six hours. Winners purportedly will get prizes such as Web-hosting space and Internet domain names.
Organizers set up a Web site, defacers- challenge.com, which was shut down yesterday afternoon. Before it was removed, the site listed in broken English the rules for hackers who might participate. It cautioned that “deface its crime” # an apparent acknowledgment that vandalizing Internet pages is illegal.
“The FBI is taking this very seriously,” FBI spokesman Bill Murray said. “Hacking is a crime, and those who participate in this activity will be investigated and brought to justice.”
But Web-site defacement usually is more of a nuisance than a financial or operational problem for organizations that are attacked, security experts said yesterday. And home Internet users shouldn’t be affected.
Most big companies and organizations that already use Internet firewall software and take other standard precautions with their Web servers shouldn’t have much to worry about, experts said.
Because the supposed contest is limited to Web-site defacement, there shouldn’t be widespread Web slowdowns and other Internet problems that come with more egregious hacking attacks involving viruses and worms, most of which show up on work days, not weekends, anyway.
Dave Roeser, 50, a veteran computer programmer in Tacoma, said hacking these days is being done by mostly teenage code crackers, “script-kiddies” who don’t really know the codes but use programs to sneak into private computer servers.
He is “from the old school who consider (being called a hacker) a badge of honor.” It meant someone who knew the complexities of assembler language and the internals of a computer system inside and out, he said.
“In the early days, it was a challenge,” Roeser said. “A lot of early hackers would break in, poke around and leave little notes that said, ‘Kilroy was here. You need to upgrade your security.’
“But what has happened in the last few years is criminals that are doing it; they are trying to steal credit card information. Now they are trying to do damage,” Roeser said.
Microsoft Corp. is monitoring the situation but not planning to take any special measures, spokesman Sean Sundwall said. “Clearly, protection of consumer data and company information is Microsoft’s top priority,” he said. “We’ll be vigilant in those efforts this weekend as, frankly, we would be any weekend.”
Some private security companies, however, urged clients to take precautions such as adding firewalls and security software, backing up files and limiting access to their Web servers to prevent hacking.
“The problem is now, and you shouldn’t wait until Sunday to address it,” said Pete Allor of Atlanta-based Internet Security Systems Inc., which runs a cyberthreat detection database and service that’s well known among computer professionals and government agencies.
Allor said his company has seen a substantial increase in Web scanning across the Internet in recent days, which would indicate that hackers are looking for new holes into organizations’ Web servers.
Also, he said, there has been a general decrease in Web-site defacements recently, which could indicate hackers are waiting for the contest to begin.
He said his company also has had contact with hackers who are interested in the contest.
“We looked at this with a little jaundiced eye at first, but what we’ve found since then is that there’s enough information to make this appear credible,” Allor said.
E-mails to the supposed organizers of the contest were not returned yesterday.
“This does seem a little more ambitious, but these sorts of things happen all the time,” said David Wray, spokesman for the Department of Homeland Security’s cybersecurity division.
The department warned an organization of government computer managers to be vigilant with Web security, but issued no formal warnings to the public.
Roeser says he does not like the latest trend in hacking # and swears he is never illegally accessed someone else’s computer, though he could if he wanted # agrees the weekend contest hardly rises to the level of terrorism.
“It is more vandalism, than anything else,” he said.
Install and maintain “firewall” attack-blocking software on computers with always-on Internet connections. (Examples: ZoneAlarm Pro 4.0, Norton Personal Firewall 2003, Steganos Security Suite 5.0.)
Install and update anti-virus software. (Examples: F-Secure Anti-Virus, 2003 Symantec AntiVirus Enterprise Edition.)
Make sure your wireless network is protected. Change the name of your network from its default, turn off SSID (Service Set Identifier) broadcasting to exclude drive-by scanners, and enable WEP (Wired Equivalent Privacy).
Users of Microsoft software, which is attacked more often because it’s so popular should see the recently issued Microsoft Guide to Security Patch Management (go.microsoft.com/fwlink/?LinkId=16284) and Patch Management Whitepaper (www.microsoft.com/security/whitepapers/patch_management.asp )
On the Net:
Hacked sites: http://www.2600.com/hacked_pages/old_archives.html