SECURITY
Hacking contest may be fake, firms worry
04-07-2003
by
A 'Defacers Challenge' that could see thousands of Web sites attacked is scheduled for Sunday, 6 July, but many e-security firms say it may be a hoax.
Details of a message regarding the contest, supposedly from the Defacer Challenge organisers, are posted on the Web site of the cybercrime observatory Zone-H, although the people behind Zone-H say the whole affair could be a ruse. Nonetheless, the side adds that now may be a good time to check cybersecurity systems.
Similarly, several US-based security firms, including Counterpane and Internet Security Systems, have made warning announcements to customers.
According to reports, the competition goal is to deface 6,000 sites in an hour and there is a point scale for cracking various systems. Apple-based and HP systems gain an attacker five points, an IBM system is weighted three points, Linux is worth two and a Windows system is worth one.
"It is a shot gun approach to get as many sites as possible so they're going to target areas that are vulnerable," said Conor Flynn, technical director at Irish e-security company Rits, "These guys are script kiddies not rocket scientists."
He said those who don't have the relevant patches and a well-configured firewall will be most at risk. He referred to the many services on networks not used by customers that are not patched, and as such, provide an 'in' for attackers.
Some security companies have noticed a fall in the number of defacements over the last few days, which could be because the attackers have "rooted" the sites, taken control but are waiting for the contest to do the damage, said Flynn. "We are aware of the increased threat over the weekend but people should not only respond to these threats, they should be pre-emptive."
Creating successful email surveys: Denise Cox of email specialist Newsweaver argues that you can tap into your readers' likes or dislikes by surveying them.
