3 July 2003 Security organisations are warning of a weekend of online disruption after uncovering details of an underground hacking competition, challenging hacking groups to see who can break into the most web sites.
The competition has been scheduled for the US independence day holiday this weekend — when IT staffing would normally be at a minimum in both US companies and Internet service providers (ISPs).
“Due to the large scope of the contest, normal Internet activity could be disrupted,” Internet Security Services (ISS) wrote in an advisory.
In the run-up to the contest, the volume of submissions to Zone-H, a web site defacement archive site, have declined markedly, but the level of background scanning detected has increased as hackers stake out and prepare their targets, according to Zone-H.
Major web hosting companies are thought to be the number one targets because they offer the opportunity to hit hundreds, even thousands, of web sites in one go using mass defacement tools.
However, ISS has been criticised for sending out its advisory by a number of rivals, while Symantec, the world’s biggest security software vendor, said that it had seen no upsurge in scanning activity. Symantec said that it had decided not to issue a warning as it does not regard the contest as a threat.
The US Department of Homeland Security also said that it was aware of the contest, but played down its significance. “Frankly, hacker challenges occur frequently and we don’t think they all rise to the level of a warning,” spokesman David Wray told the Wall Street Journal.
Nevertheless, web site operators have been warned to update software, install patches, analyse their firewalls and system log files and, finally, to change passwords — particularly if they are still using default passwords.
The contest will award participants points for the systems they crack. Breaking into a Microsoft Windows-based web site will carry with it just one point; Unix, Linux of BSD Unix will carry two points; IBM AIX Unix three points; and HP-UX and Apple OS-X five points.