Hacker contest impact uncertain

Security companies and some US governmental security groups issued warnings about a hacking contest that could see a rash of Web site defacements. Advisories from some of these organisations urged companies to tighten IT security practices.

According to a Web site listing information about the contest, the challenge was created by someone going by the nickname Eleonora[67] with the help of other underground groups.

Since Friday, the original time period the challenge was to run for was extended by the organiser, which he alleged was due to the Web site that was going to be used to notify of the defacements coming under a DDoS (dedicated denial of service) attack. There has been debate about whether the site was in fact taken down, possibly by a rival group of hackers, according to sources.

Yet, despite the hype over the potential threat of the contest to businesses, so far very little impact has come to light.

Locally, organisations iTnews spoke with hadn't seen much activity, although some warned that the holiday weekend in the US might mean that reports of Web sites defaced wouldn't come to light until later in the week.

When iTnews spoke to Jamie Gillespie, a security analyst at security organisation AusCERT, he hadn't received any reports from its membership base of their sites being attacked or defaced.

Likewise, David Bane—regional manager for Asia Pacific at vendor Symantec's security response--said that it hadn't seen anything. Bane said that it could be difficult to tell the impact of this sort of thing, because there was no central register for reporting these types of incidents. “We've been keeping our ear to the ground…continuing to monitor port 80 traffic,” he said.

“It's not turned out to be a big thing, which is a good thing,” Banes said. “It really just indicates that if there was a concerted attempt by a group of people they haven't succeeded.”

Chy Chuawiwat, managing director for Asia Pacific at email and Web filtering vendor ClearSwift, also commented on the amount of publicity this particular hacker contest received.

It hadn't seen any unusual activity, such as discussions or downloads from its user forum, which Chuawiwat said was made up of 14,000 users worldwide.

Yet whether or not there's been an impact from the contest may not come to light until later in the week. Kim Duffy, managing director at intrusion protection vendor Internet Security Systems (ISS) said that it had issued a warning last week to let people know that they should be careful.

“It's worldwide—we won't really see the wash-up of this for a couple of days,” Duffy said.

Industry pundits are also arguing that companies should have systems secured regardless. Respondents to one posting on security mailing list Bugtraq commented on the hype that had surrounded the contest, arguing that servers should always be up to date, secure and monitored.