How scary is RankMyHack.com?

Over the past few days, there has been much fuss about the emergence of a new website which ranks hackers.

It’s nothing new, of course. There are a numerous other places on the web where hackers compete with one another, although the man or woman behind RankMyHack.com believes their site brings a little more to the table than the average offering.

“Welcome to RankMyHack.Com. The worlds [sic] first elite hacker ranking system,” a blurb on the site read.

“Submit proof of your website hacks in exchange for Ranking Points that earn you a place on the leaderboard of legends. The bigger the site, the bigger the points. Then use your points to duel with other hackers and protect your legacy in one on one digital combat.”

We had a poke around the site to find out whether businesses should worry about the site and the activities it seeks to inspire.

A test drive… kind of

From the outset it looks the part – a Matrix inspired theme running throughout the site, green text on black background.

It’s also easy to get around the site, with a perfectly usable nav bar. Options include Leader Board, Hacks, Bounties, Resources, Duels, Submit Hack and War Room.

The Resources section would be pretty useful to any hacker, whether a novice or an experienced pro. There are links to a number of typical hacking tools like Metasploit, as well as tutorials, such as how to carry out an SQL injection attack.

However, the site is far from flawless. Having tried to gain a login (for non-malicious purposes, of course), nothing had entered my inbox after half a day of waiting. So it’s not that quick to join up and get your name in the league tables.

This lack of a login also prevented me from entering the titillating Duels and War Room sections of the site, which left me feeling a tad blue. The Duels section, where hackers can try and besmirch one another whilst adding to their own reputation, has proven a big hit, according to the website’s owner. Not with us.

It also left us locked out of the Bounties section, designed to inspire hacks of a political nature, according to the 'about' section of the site.

Furthermore, what seemed like a handy little addition – a search tool to find out how much a site would be worth in terms of hack points – failed to work. Type in a site, say itpro.co.uk, and it redirects the user to a different landing page that fails to show the information requested.

These snags may be down to the fact only one person is running the site – a hacker known as s0lar, who also claims to be a British computer science student.

s0lar does seem dedicated to the cause, however. “Up until now, when you met another hacker on an IRC or forum, there was no way to indicate if that hacker had any skills what so ever [sic], RankMyHack.com was built to give a clear indication of a hackers [sic] general abilities,” s0lar writes on the site.

“It also serves the purpose of tracking a hackers [sic] hacking acheivements [sic] under their current alias allowing for other hackers to quickly establish the calibre of hacker they are talking to.”

The English/poor spelling of 'calibre,' rather than the American 'caliber,' may indicate a British citizen is behind the site.

Hacker success?

Despite being locked out of participation, we were able to access the leaderboard. This showed, of over 700 members, a hacker going by the name Mudkip was top. That particular hacker was purportedly behind a hit on the Huffington Post at the start of August, earning them a whopping 1,666,666 points.

In second was Rafael, whose most significant hit was apparently on a site called stackoverflow.com – a forum for programmers.

Zepvn is currently ranked third, claiming hacks on significant companies including Mozilla and Amazon Web Services.

The list of top hacks also claimed Yahoo and Google were hit, so clearly the site has inspired hackers going for the jugulars of huge corporations all in the name of competition. Scary stuff.

And that was pretty much all we could find. It’s a small site right now, although given it’s in its incipient stages, don’t be surprised if RankMyHack.com grows to become something better organised and more popular.

What does our little trip to RankMyHack.com show us? That hacking company websites is worryingly still considered a sport by many. Put simply, IT managers should still be worried about hobby hackers, not just money-hungry cyber criminals.

You also have to wonder whether such sites provide law enforcement with a wealth of information too. Of course, this only bodes well for businesses as they look to defend themselves from hackers with a competitive edge.

This article originally appeared at itpro.co.uk