Hacker's challenge Web site goes dark

Hacker's challenge Web site goes dark

One day after news broke about an online contest for malicious hackers, the Web site set up for the contest is offline and security experts are casting doubt on the severity of the threat posed by the contest.

The contest, known as the Defacers Challenge, awards points to malicious hackers who successfully compromise an organisation's Web server and deface its Web pages, according to a warning from Internet Security Systems (ISS).

The international hacking contest is scheduled to begin on Sunday and could cause headaches for organisations worldwide and disrupt the Internet, ISS said.

On Thursday, however, the contest Web site,, was offline.

The company that hosted the Web site, Affinity Internet, took the site down on Wednesday.

An Affinity spokesperson cited violations of the terms of its customer usage agreement as the reason for shutting the site down.

Security experts and those close to the defacers community said that large scale disruptions caused by the contest were unlikely.

"This is something that we're not taking that seriously,"chief technical officer for security company SPI Dynamics, said Caleb Sima, said. "Most real hackers don't pay much attention to things like this, and the kids who do participate in these [contests] are script kiddies who are already out trying to scan and deface things anyway, without needing a special day for it."

In addition, Symantec has not seen an increase in the volume of attack-related traffic on its DeepSight Alert global network of sensors, according to Oliver Friedrichs, senior manager of Symantec Security Response.

"Compared to last week, it's not that different," he said. "Companies are always under attack."

Should the challenge take place, however, the sites that are most likely to be affected will be those with little or no security, Sima said.

"You're going to see defacements of Web sites that have not been maintained for four years. I don't see any real names defaced - Macy's or Bank of America," he said.

And while the rules of the contest put a higher value on compromising systems running less common operating systems such as Apple Computer's Macintosh and IBM's AIX, winning was still based on hacking 6000 unique Web domains in the shortest period of time.

That put a higher value on compromising Web hosting servers that contain hundreds or even thousands of separate domains, according to Roberto Preatoni, also known as "SyS64738", founder of, a Web site that tracks Web site defacements.

"The rules make no difference in attributing points to mass-defacements [on Web servers] and single IP [Internet Protocol addresses]," he said. "So why bother hitting multiple targets when you can win just hitting one Web hosting company."

All the same, Preatoni said that Zone-h has noted an 80 per cent decline in notifications of new Web site defacements over the last four or five days, suggesting that hackers may be saving up defacements for Sunday, when the contest begins.

Hackers, including the contest organisers, may already be in possession of exploits to all the servers needed to win the challenge, Preatoni said, predicting that the contest could be won within a matter of seconds.

Security companies of all stripes issued alerts to their customers and the press on Wednesday, offering everything from advice to free vulnerability scans.

To protect themselves, companies should make sure their existing security measures, including firewall, antivirus and intrusion detection systems, are up to date and properly functioning.

Administrators should also check to make sure that public facing Web servers and application servers were properly patched, Friedrichs said.

"Right now, we tell (our customers) to take standard precautions," SPI Dynamics' Sima said. "This is not something you need to do something extra for. You should have been doing this all along ...There's always somebody scanning you."

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.


Show Comments