July 2, 2003
|
A hacking contest scheduled for this Sunday could result in thousands of defaced Web sites, warned security firm Internet Security Systems (ISS) on Wednesday as it raised the level of its threat assessment meter and advised all enterprises to be extra vigilant.
By Gregg Keizer
The organized Web defacement event -- called Defacers Challenge by its unknown organizers -- is to take place Sunday, July 6. During a six-hour time span -- the exact start and end times have not been set, according to the Challenge's Web site -- hackers will be awarded points for compromising Web servers and defacing its pages. Ironically, the prize for the winning hacker is free Web hosting.
"This isn't a hoax," said Chris Rouland, vice president of ISS's X-Force security research and development. "We're seeing increasing scanning for vulnerabilities across our networks and decreased incidences of defacement," he said. "These are measurable events, and led us to conclude that [hackers] are sandbagging in anticipation of the contest, compromising systems but not defacing them [yet]."
Rouland hasn't seen something like this before. "We've seen organized defacing efforts in the past, but the last was when Chinese hackers attacked systems in the U.S. in retaliation after the spy plane incident." In April 2001, Chinese and American hackers skirmished for several days, each defacing sites in the others' country.
Tempers flared, both in the hacking community and the world in general, after a U.S. intelligence aircraft collided with a Chinese fighter jet, and was forced to land at a Chinese airfield.
The contest is unusual in other ways. A minimum of 6,000 defacements is required to win, according to the Defacers Challenge Web site. And its sliding-scale awards points for successful defacements according to the operating system used on the Web server. HP-UX, Apple, and IBM-AIX are worth more points because of their limited exposure as Web hosting platforms, said ISS, and because they're targeted less often than Microsoft- and Linux-based systems. That's one reason why ISS urged enterprises running HP, Apple, and IBM operating systems on outward-facing servers to be especially on guard.
"It's almost as if they're saying that Microsoft is too easy to break into," said Rouland. While hacks into HP-UX and Apple servers garner five points in the contest, those successful on systems running Windows receive just one point.
The potential damage is substantial, said Rouland, noting that the week-long Chinese defacement campaign of 2001 resulted in approximately 10,000 defacements. "And that was big," he said. "If a dozen hacker groups each deface 6,000 sites, that's getting into some serious numbers. Defacing 20,000 to 30,000 sites in six hours is pretty apocalyptic."
Defacements themselves aren't the problem -- it's analogous to a paint can-wielding teenager tagging a wall with graffiti -- but the clean-up afterwards can ring up huge amounts of IT time.
ISS, said Rouland, believes that the contest involves hacker gangs from both Brazil and Hong Kong.
"We've also traced communication between Brazil and Hong Kong [about the contest]," claimed Rouland.
The selected day couldn't be better for hackers, said Rouland. "It's a three-day holiday weekend here in the U.S.," he said. Most companies will be shuttered on Friday, July 4, as the United States celebrates its Independence Day. Firms typically run with a reduced IT staff on weekends.
ISS has raised its threat assessment to AlertCon 2 -- the company used a four-level system to note the current security situation -- on the basis of its investigation into the defacing contest.
It also recommended that enterprises remain vigilant from now through the weekend, and review their current security policies, especially those applying to outward-facing Web servers.
"Companies should monitor their intrusion detection systems and firewalls," said Rouland. "And scan and patch vulnerable systems. Although outward-facing servers are most at risk, any system that is in the DMZ [the middle ground between a trusted internal network and an untrusted, external network, like the Internet] can be defaced. It wouldn't be hard for these guys to install their own Web software on a compromised mail server, for instance."
While the prize for the winner seems ridiculous -- a Web hosting package -- that's not the reason hackers will join in, said Rouland. "Notoriety, that's the prize they're after."
Other security organizations are also tracking the contest, but downplayed the conclusions from ISS.
"We're aware of it and we're monitoring the situation," said Brian King a member of the technical team at CERT, the federally-funded clearinghouse for security and virus threats. "But it's important to remember that this is not a discrete event. We see this [defacing] activity going on all the time."
Symantec's Oliver Friedrichs, the senior manager for the company's Security Response team, also noted that his firm is aware of the contest. But unlike ISS, which sees signs that hackers are preparing for the Sunday contest, Symantec hasn't found any direct evidence.
"We haven't seen any evidence of precursor activity," Friedrichs said. That could take the form of an increase in server vulnerability scans, which would indicate that hackers are harvesting a list of compromised servers they can immediately deface when the contest begins Sunday.
Both King and Friedrichs made security recommendations that generally mirrored those from ISS'. King, however, also advised companies to make sure that their custom Web applications -- such as chat software or e-commerce shopping cart systems -- are secured and configured correctly, and to disable unnecessary Web services.
"This really doesn't change the threat landscape," concluded Symantec's Friedrichs. "Administrators should be diligent, as they always should be, and doing what they do every day."
Back to the Top
|
NetSol's DNS Glitch