Hacking Contest Threatens Web SitesHacking Contest Threatens Web Sites

A hacking contest slated for this weekend could produce a rash of Web-site defacements worldwide, according to a warning issued Wednesday by security companies and government Internet security groups.

The hacker defacement contest is expected to kick off on Sunday. The contest supposedly will award free hosting services, Web mail, unlimited E-mail forwarding, and a domain name of choice for the triumphant hackers, according to a Web site promoting the contest.

Web-site defacement points will be awarded based on the type of operating system running the Web site. Defacement of Web sites running Windows will only win a single point, while sites running Linux, Unix, and BSD are each worth three points. Sites running AIX, IBM's version of Unix, are worth three points, while sites running HP-UX, Hewlett-Packard's version of Unix, and Apple's Macintosh computers are worth up to five points, according to the contest Web site.

Internet Security Systems Inc., which operates a cyberthreat early-warning network called the Information Technology Information Sharing and Analysis Center, is urging Web-site administrators to review their Web-site security before they head home for the holiday weekend. ISS's X-Force research group says they've received credible information that hacker groups are scanning Web sites to discover vulnerable systems. But X-Force doesn't expect any major activity until Sunday.

While there's been a recent increase in Web-site scanning activity, there's also been a noticeable decrease in Web-site defacements, says Chris Rouland, director of ISS X-Force. "The hackers are sandbagging," he says. "We've seen this before. Hackers will break in before the event and conduct the actual defacement during the contest."

The exact time the contest will start is not yet known, but the contest rules say it will be limited to six hours. X-Force is trying to determine whether the contest is being run by hacking groups from Brazil or Hong Kong, both known for active Web-defacing activity.

The contest also may be a recruiting effort, Rouland says. "This is one way to learn who are the best defacers out there" and to find out which hackers have figured out new ways to break in and deface sites, he says.

The New York Office of Cyber Security and Critical Infrastructure Coordination also issued an advisory about the contest and is asking Web-site administrators to take steps to improve security. Among the recommendations:

• Make sure that default passwords are changed. This should include Web servers and any other servers that the Web server has a trusted relationship with.

• Remove sample applications that aren't being used, such as CGI scripts and Active Server Pages, from Web servers.

• Lock down Microsoft Front Page Extensions. By default, those extensions are installed in a manner that gives every user the ability to author Web pages, even through proxy servers. This recommendation also applies to Front Page Extensions installed on Unix platforms.

• Turn Web server logging on. Logs are essential to determining how a defacement was accomplished so a recurrence can be prevented. Use of the extended log format is recommended.

• Have a current backup of your Web server. In the event of a defacement, a good backup is essential to quickly restore the server to its original look.

• Apply the latest security patches to your Web server and underlying operating system after appropriate testing.

The New York Office of Cyber Security is also guiding Web-site owners to the following resources:

Guidelines on Securing Public Web Servers

Microsoft Lockdown Tool

Center for Internet Security, Security Benchmarks

Free vulnerability scan