Hacking Contest Threatens Web Sites - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
News

Hacking Contest Threatens Web Sites

Government and private-sector security experts say hackers will try to earn points and prizes by defacing Web sites this weekend.

A hacking contest slated for this weekend could produce a rash of Web-site defacements worldwide, according to a warning issued Wednesday by security companies and government Internet security groups.

The hacker defacement contest is expected to kick off on Sunday. The contest supposedly will award free hosting services, Web mail, unlimited E-mail forwarding, and a domain name of choice for the triumphant hackers, according to a Web site promoting the contest.

Web-site defacement points will be awarded based on the type of operating system running the Web site. Defacement of Web sites running Windows will only win a single point, while sites running Linux, Unix, and BSD are each worth three points. Sites running AIX, IBM's version of Unix, are worth three points, while sites running HP-UX, Hewlett-Packard's version of Unix, and Apple's Macintosh computers are worth up to five points, according to the contest Web site.

Internet Security Systems Inc., which operates a cyberthreat early-warning network called the Information Technology Information Sharing and Analysis Center, is urging Web-site administrators to review their Web-site security before they head home for the holiday weekend. ISS's X-Force research group says they've received credible information that hacker groups are scanning Web sites to discover vulnerable systems. But X-Force doesn't expect any major activity until Sunday.

While there's been a recent increase in Web-site scanning activity, there's also been a noticeable decrease in Web-site defacements, says Chris Rouland, director of ISS X-Force. "The hackers are sandbagging," he says. "We've seen this before. Hackers will break in before the event and conduct the actual defacement during the contest."

The exact time the contest will start is not yet known, but the contest rules say it will be limited to six hours. X-Force is trying to determine whether the contest is being run by hacking groups from Brazil or Hong Kong, both known for active Web-defacing activity.

The contest also may be a recruiting effort, Rouland says. "This is one way to learn who are the best defacers out there" and to find out which hackers have figured out new ways to break in and deface sites, he says.

The New York Office of Cyber Security and Critical Infrastructure Coordination also issued an advisory about the contest and is asking Web-site administrators to take steps to improve security. Among the recommendations:

• Make sure that default passwords are changed. This should include Web servers and any other servers that the Web server has a trusted relationship with.

• Remove sample applications that aren't being used, such as CGI scripts and Active Server Pages, from Web servers.

• Lock down Microsoft Front Page Extensions. By default, those extensions are installed in a manner that gives every user the ability to author Web pages, even through proxy servers. This recommendation also applies to Front Page Extensions installed on Unix platforms.

• Turn Web server logging on. Logs are essential to determining how a defacement was accomplished so a recurrence can be prevented. Use of the extended log format is recommended.

• Have a current backup of your Web server. In the event of a defacement, a good backup is essential to quickly restore the server to its original look.

• Apply the latest security patches to your Web server and underlying operating system after appropriate testing.

The New York Office of Cyber Security is also guiding Web-site owners to the following resources:

Guidelines on Securing Public Web Servers

Microsoft Lockdown Tool

Center for Internet Security, Security Benchmarks

Free vulnerability scan

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Slideshows
IT Careers: 12 Job Skills in Demand for 2020
Cynthia Harvey, Freelance Journalist, InformationWeek,  10/1/2019
Commentary
Enterprise Guide to Multi-Cloud Adoption
Cathleen Gagne, Managing Editor, InformationWeek,  9/27/2019
Commentary
5 Ways CIOs Can Better Compete to Recruit Top Tech Talent
Guest Commentary, Guest Commentary,  10/2/2019
Register for InformationWeek Newsletters
Video
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll