Thursday 3 July 2003

Beware weekend hacker 'competition', ISS warns

An international hacking contest scheduled to begin this weekend could cause headaches for organisations worldwide and disrupt the internet, Internet Security Systems has warned.

The contest, known as the Defacers Challenge, awards points to malicious hackers who successfully compromise an organisation's web server and deface its web pages.

ISS first became aware of the contest last week by monitoring websites and Internet Relay Chat (IRC) channels frequented by malicious hackers who specialise in defacements, according to Peter Allor, manager of X-Force Threat Intelligence Services at ISS.

Rather than focusing on the volume of defacements, the Defacers Challenge is set up to reward the skill of malicious hackers who can compromise systems running obscure operating systems such as Apple Computer's Macintosh and Unix variants such as IBM's AIX and Hewlett-Packard's HP-UX.

Contest organisers even set up a web page (which now appears to have been taken down) outlining the rules of the game, including a point system for compromised machines (Windows: one point, HP-UX and Macintosh: five points) and guidelines for what counts as a valid defacement.

The aim is to deface 6,000 websites. A prize of free website hosting is offered to the malicious hacker who reaches that goal first or accumulates the most websites in trying to do so.

The challenge is scheduled to begin on 6 July and last for six hours, although information on the exact time of the Challenge has not yet been released.

ISS does not know which hacker or group of malicious hackers is responsible for organising the challenge.

While the contest and web page may be a joke, ISS noticed an increase in reconnaissance and probing scans of websites , possibly by hackers scouting out high-value systems, or even compromising them in advance so that they can deface them quickly once the contest begins,.

ISS has recommended that organisations deactivate unneeded public-facing web servers and turn off unnecessary services on web servers that are needed, in addition to applying any necessary software patches to potentially vulnerable machines.

Recently disclosed software vulnerabilities that have not yet been patched are attractive targets for hackers, he said.

Paul Roberts writes for IDG News Service