Defacement Contest Ends With a Twist

Crackers disrupt Sunday's Web site defacement contest by knocking offline, the site where competitors were supposed to record their crimes.

Rather than spending Sunday defacing Web pages—which, lets admit it, has become a bit passé—some crackers decided instead to disrupt a planned defacement contest by knocking offline the Web site where competitors were supposed to record their crimes.

The group directed a denial-of-service (DoS) attack against the site about an hour after the defacement contest supposedly began. The attack, combined with a massive spike in the sites normal traffic flow, made the site almost completely unreachable for about 7 hours Sunday. The sites owners were able to set up a secondary Web page late in the day to accommodate some traffic, and the attack eventually subsided around 10 p.m. Estonian time (3 p.m. ET).


Sunday, July 6:

9 a.m.: The contest starts, Zone-H receives the first crime notifications. Amount of visitors (3,500 at the same time at 09:48) forces them to shut down and restart the service every 3 minutes to free up CPU processes. Zone-H founder Roberto Preatoni (a.k.a. SyS64738) takes his kids to the zoo, as promised.
10 a.m.: Crackers attack Zone-H with a denial of service. Zone-H goes down
11 a.m. to 5 p.m.: Zone-H downtime doesnt allow it to monitor the situation. SyS64738 comes back from the zoo/luna-park, where he, his wife, his two kids and their ferret enjoyed a nice summer Sunday afternoon.
6 p.m. Zone-H team mounts a secondary Web page on a different IP class to monitoring the situation.
10 p.m.: The denial-of-service attacks against Zone-H are suspended by the attackers, but the visitors flow keeps reaching unsustainable levels. Zone-H secondary server starts to collect information about cyber crimes.
Present time: Main Zone-H server still knocked off. Zone-H asks visitors to refrain from checking the site.

Source: Zone-H
All times are in Estonian time (ET +7 hours)

Zone-H is an independent security site that acts as a kind of historical archive of Web site defacements. The organizer of the so-called Defacers Challenge scheduled for Sunday designated Zone-H as the keeper of the statistics for the contest, without seeking or obtaining the blessing of the sites operators.

In a message on the site, Zone-Hs operators condemned the DoS attack and skewered the media for hyping the contest. "Our comment is: When either the parties hit a neutral observer, it means that the ethic code has basically disappeared. Gangsters and killers they have their own ethical code, that in their own environment is more important than the written law. Some defacers in this case demonstrated to have little or none," the message reads.

"Due to the denial of service attack (which was useless, because the media frenzy has generated so much interest in the public opinion that Zone-H was (and still is) knocked off the Internet due to the flow of visitors) we werent able to properly account the crimes."

As for the contest itself, in the small amount of time it was online Sunday, Zone-H recorded several hundred defacements. Virtually all of the defacements hit small sites, not the big game of high-profile media or security vendor sites. This is hardly surprising, considering that most small independent sites have little or no budget for security and the larger sites tend to be tightly secured.

Its difficult to attribute any or all of this activity to the contest, however. Defacements are a constant nuisance on the Internet, and Zone-H and other sites record hundreds every day.

The organizer of the contest, who goes by the handle Eleonora[67], said on the contests site that the results will be posted Tuesday.