Forgot your password?
typodupeerror
News

Attrition.org Defacement Mirror Frozen In Time 52

Posted by timothy
from the cnn-drops-coverage-of-mooning- dept.
webword writes: "Attrition.org has decided to stop updating their defacement mirror. Their decision is based on problems associated with the rapid increase in web defacement activity. They don't have the time, energy, or money to keep it updated. Fortunately, the image gallery, music reviews, movie reviews, poetry, and contests, will receive more attention." Those things are certainly more interesting to me than who's scribbling where, and it was becoming no fun for the attrition.org folks to keep up with them.
This discussion has been archived. No new comments can be posted.

Attrition.org Defacement Mirror Frozen In Time

Comments Filter:
  • by Anonymous Coward
    Oh well, it's not like defacements are even interesting anymore. Defacements from 2+ years ago were somewhat interesting, but now its clearly a bunch of morons who can't even put a sentence together. "j00r 0wn3d bY th3 d34th hax0r cr3w." Lame. These people just want to see themselves on attrition and hope to get a name in the 'scene' because they lack the skill to publish security papers, code etc. I've actually talked to a decent amount of defacers and most of them are ridicliously unskilled. They taunt admins about being "stupid" but 90% of them couldn't admin a network let alone a unix machine. Defacing was interesting a few years ago, now its just a bunch of ./i-know-this-will-get-me-in. Notice how most of the defacements are *cough* NT and done with the same 2 exploits. One that has been around for quite awhile now. It used to be about quality (high profile sites) and a fun prank, now its quanity (w0w i hax0r3d moms-bakery-and-bath-towels.com!) and taunting and being a general ass. They're not hackers at all, just the equilivent of a lowlife street thug.
  • the fact that NT and Windows 2000 defacements have jumped nearly 500 percent in the past month hasn't helped things... :)

    NT and 2K now make up nearly 90% of all defacements!

    --
    Forget Napster. Why not really break the law?

  • by ragnar (3268) on Tuesday May 22, 2001 @04:40AM (#206444) Homepage
    It seems to me that a better solution would be to call upon volunteers to maintain and edit this section of the site. Heck, I didn't even know attrition.org did other stuff. They have a significant namesake in archiving the underbelly of the web and I'm sure there are plenty of people who would contribute to the archive if they develop a decent interface for it. We have very little history on the Internet.
  • I would like to see a interview with the Attrition staff.

    Who they are, how Attrition was formed, what they do for work. How they came up with the idea of mirroring defacements, and what they think the future of security is.

    Personaly I loved the site and read about defacements daily, it was like watching a car wreck somtimes, other times I found amazing humor in the defacements.

  • Let me be more specific; a slashdot interview.
  • Thanks for all your work all this time. Although the mirror has never been my first stop at Attrition (prefer "current news"), I've certainly appreciated the defacement stats. Still, especially with all the .cn related stuff lately, it was obvious to all the regular readers that many of our favorite bits weren't getting updated too frequently. I'm looking forward to more postal updates and movie reviews. Thanks again...

  • Geesh, what are you blaming me for?



    (yes it's a joke. Ha ha.)

  • by bleh-of-the-huns (17740) on Tuesday May 22, 2001 @04:34AM (#206449)
    For those who are really interested in who is defacing what, and which companies where defaced and teh defacement of said site, http://defaced.alldas.de is also mirroring defacements.
  • by Levine (22596) <levineNO@SPAMgoatse.cx> on Tuesday May 22, 2001 @04:47AM (#206450) Homepage
    You could look at this another way; now, all of the bored teenagers on IRC have no way to prove that they cracked momandpop.net, nor is their most revered accomplishment set in the annuls of history, so page-defacings decline.

    I mean, it is nothing more than a big "Lookie what I did" ego-trip. I know - I've seen the people that do it.

    Cheers,
    levine
  • And just what bullshit proof do you have of this? Do you have any real knowledge of the type of people that do this? Just consider for one minute the other factors in web page defacements.

    1) The _world wide_ increase in the number of PCs available to the kids that deface web pages.
    2) The _world wide_ increase in the number of stupid websites put up for businesses, etc. by "administrators" who only know how to click the "next" button during an installation.
    3) The fact that even just a couple of years ago, many of these scripts and tools that make it so easy didn't exist.

    There are other factors as well. The truth is, we don't really know what will happen. Defacements might go up since people won't think their message is being seen as much otherwise. Maybe now these people will get more daring to get this supposed attention and actually start doing real damage.

  • Attrition was/is a new form of art to me.
    Does it mearly reflect the world around it or does it influence the world into a new direction?

  • The fact there are both more targets and more kids at home playing around with trying to hack. Therefore the number of defacements rises regarless of attention from attrition.

    Also, the typical script kiddies do it more for the attention of their percieved peer group in IRC than what they get from attrition. This much I know from speaking directly with attrition staff.

  • Let me get this straight; we have a site that shows defaced (cracked) sites and it shuts down because there are simply too many of them these days. And this is a bad thing because..?? Why?

    Listing security bugs so people can protect themselves is a good thing. But what possible good does showing defaced sites do anyone? If anything, it encourages more cracking. Please tell me that we all agree that cracking sites is a bad thing! I can't imagine why anyone would be interested in looking at the work of 14 year old script kiddies anyway (who read about the latest IIS exploit)!
  • I want to agree with you, but I can't. The most graffitti-ridden walls I've ever seen are in places where no one will see them. True, this is in part due to the convenience factor; it's pretty hard to spraypaint the Statue of Liberty.

    But take a look at your average subway tunnel. Walls and walls of graffitti that pretty much no one ever sees. The graffittists (word?) must walk through hundreds of yards of rat-infested, garbage-strewn tunnels to get there at substantial risk and low payoff. Their only audience is each other.

    I'd be more willing to predict a rise in IRC channels dedicated to posting defacements.

    Boss of nothin. Big deal.
    Son, go get daddy's hard plastic eyes.

  • Maybe it was that for the kiddies, but for me it was something that I could point to and say "look at all the NT systems that get hacked"
  • Imagine if YOU had to update their defacement site every time an AC or "spork" posted to /.

    Uhhh... that counts as "defacement", doesn't it?
  • How about the hackers(if that's politically correct) submit their site, they want to proudly display their work, and all attrition.org has to do is verify that there was a break-in. Simple, huh?

    Come on, the defacers live for their work to be posted.

  • Hackers should simply submit their "work" to attrition.org...

    "Please click here to register your hax0red URL"

  • Although I'm sure that the rise in defacements has a great deal to do with the decision to discontinue archiving all of them, I believe this move also reflects the current trend with many content sites when it comes to resource allocation.

    The novelty has somewhat worn off when it comes to working for free on content sites. As your pageviews grow, sites cost more money to run and advertising, which once at least evened out the bills, pays nothing. Web developers also aren't going to work for free to learn, since most are pretty much past the learning stages.

    I did see some great ideas in other posts on this topic in regards to alternatives to shutting down - like how about only mirroring the truly significant defacements?
  • Because it gives Security Specialists like me an idea of what is being targeted. When you know the target you can take stronger steps to defend against it. We can only squeeze so much work out of the OS Admins at any given time. Means we have to pick and choose what level of patch speed we force since it's competeing against business decisions. If we know this week is IIS's week for new exploits, it gets the push. If its Apache it gets the push and the NT admins get the time to work on business stuff etc. Knowing what the trends are is very important. To do that you have to find a way to keep up with who got broken into. How better than to offer in return for the up to minute reporting from the people breaking the systems than to store their work for their egos. They'll bust the systems anyways so why hell not get some good out of it?
  • 2001-05-22 04:59:24 Attrition.org Defacement Mirror Frozen in Time (articles,news) (accepted)

    I give you a tip of my hat. However, I did actually submit this 2001-05-21 in the early evening, before 22:30:37 So, I did beat you to it, probably within a few minutes, although the system does not capture it.
  • by supabeast! (84658) on Tuesday May 22, 2001 @06:37AM (#206463)
    Th3Y c4nn0tz do th1z! Wh3r3 w1ll my m1rC budd13z g0 t0 s33 @ll 0f my 31337 h4x0rz!

    L1nUx 43v4h! FUX0R US G0V3Rm3NTZ!!!

    /sarcasm off

    good.
  • Actually, money was not the driving factor in this at all. Had we the time and energy to keep up, we would have. But it simply became impossible. Reread our note- we don't mention money at all.
  • I agree, and the drop in defacements will be good for everyone involved. Not only will less pages get defaced, but maybe a few s'kiddies will grow up and spend more time concentrating on being a real sysadmin/programmer. As annoying as you may think s'kiddies are, there is a lot of really good talent out there being wasted by just defacing websites. Maybe now that they've lost some of the attention that used to be rewarded, they will focus their talents in a more constructive pursuit.


  • It's a historical archive. Who knows what will be interesting for historians in a hundred years?

  • Not that, for example, yahoo.co.jp is a higher volume site than 99% or all .gov and .edu sites, not sirree...
  • I can just imagine all the script kiddies ruining websites and checking how long it took them to be on the attrition.org list.

    Getting rid of this is a shame in some ways, but might take away one of the many silly motivations that drove the web-site defacers.

  • I have to wonder what effect this will have on defacements? I know attrition is just "reporting", and not "encouraging", but is it really as much fun for a script kiddie if no one pays any attention? Maybe now we can get back to the serious business of the errata... updated last in which century? Come on, let's try and make fun of JP and CPM (are they even around, still?) some more! Yay!
  • too bad i dont speak whatever language that is...

    -fohat
  • I always enjoyed going to the attrition defacement mirror... back a few years ago I would go to it once a week and see a few new defacements... very nice.. now we had 100's of defacements added each day.

    Anyways, I am sorry that they have left but I am thankful that the attrition staff kept around the mirror for as long as they have.

    *RANT*2001-05-21 22:30:37 Attrition.org gives up its defacement mirror (articles,news) (rejected) *ENDRANT*
  • by Alien54 (180860) on Tuesday May 22, 2001 @05:07AM (#206472) Journal
    Well part of this is the sheer growth of the web, even if one percent of one percent of all sites were whacked, this would certainly increase to an alarming degree with the expansion of the web.

    The other aspect to this is that the scripty kiddies out there take it as a badge of honor to get a defaced site listed in a mirror. To a certain degree, while we want to document the carnage, maintaining a mirror becomes a reward system for the script kiddies. It acts like fertilizer, which is not exactly what we want in the first place. So it might be a good thing to stop rewarding the skript kiddies with the public acknowledgement of their vandalism.

    Check out the Vinny the Vampire [eplugz.com] comic strip

  • Why does it take the attrition guys long at all to set up the mirror? What is wrong with setting up a form to a cgi script - have a perl/phython/awk/whatever script do a GNU/wget [freshmeat.net] and build a link somewhere.... they could also setup an email gateway for the kiddies if a form is too much trouble for them...BR>
    I fully understand that the Attrition people feel it is too much work - its completely there own choice - but does working a mirror of defacments have to be that labour intensive? Why didnt they set something up to work automagically for them...?

  • B/J/M:

    You might also have mentioned that you guys wound up on the Chinese h4x0r's site list a couple of weeks ago which, of course, creates some sort or virtual defacement loop.Not that that in any way refutes or augments what you've posted here, but I personally found it amusing.

    =;^)
  • Your solution would have to either be magical (minus the auto) or a breakthrough in AI. Otherwise it would go from Attritions Defacement list to getting spammed by all the idiots mirroring anything

    Without an actual human being to verify the fact that a page has been hacked what would they do, use an honor system? 'Defaced' is an intangible, relative term. A person would have to check the defacement even if there was an automatic way of setting up the mirror.
    Personally I'm glad their postal section will have more "hack my g/f's hotmail account plz" then "stfu and mirror my hack of Chucks Hardware site". The 'teach me to hacks msgs' are mad funny!
  • Well looks like we'll have to go along with their decision. Too bad.

    This only reminds us that money is a neccessary evil and no matter how much effort we put in and how much we cooperate it still needs some monetary push. Yep it's surely the hard way to learn.

  • http://defaced.alldas.de/
  • by Calle Ballz (238584) on Tuesday May 22, 2001 @05:32AM (#206478) Homepage
    If alldas [alldas.de] doesn't become as popular as attrition, please watch for a sudden drop in defacements. The driving force for 99.9% of all defacements is for people to get attention. Most of the websites hit actually get the more traffic than they've ever got once they get posted on attrition. Who honestly cares about www.randomschoolinsomebackyardstate.k12.xx.us?? It's just a forum for underachievers to get attention. I think that with attrition leaving the scene, this entire web defacement trend just might calm down a bit.
  • That sort of system would be wide open to abuse.
    People would be quite stupid with it... and you know that. With all the DoS attacks and other generally not-good things attrition gets thrown at them by stupid little script kiddies, that sort of system would take much longer to maintain, going through the sites, verifying that they are defaced and so on.

    If you think you can come up with a less labor intensive way to mirror them, why don't you go make one yourself. I would much rather read attrition's errata and going postal, personally.
  • I wonder if the volume of site-defacements will go down, because there won't be a site mirroring the defacements? Alot of the 0day skr1pt-kiddiez deface just to make their mark on attrition, but if they dont have anybody to "impress", do you think they will still waste their time? It will be interesting to see if the amount of defacements decreases.

    ---------------
  • hahaha... good call!

    by the way, dont forget OpenBSD 2.9 [openbsd.org] is being released in a week! Help support the cause and buy a CD for you and a friend!

    ---------------
  • by Shoten (260439) on Tuesday May 22, 2001 @04:37AM (#206482)
    I certainly don't blame them in the least...I wondered how much longer they'd keep the mirror up. One entertaining perousal through Attrition's "Going Postal" section shows you a combination of impatient hackers showering profanity at Munge, Jericho, and the rest of the crew for not being fast enough at mirroring sites (as if that was their purpose in life), right alongside threats of legal action by clueless victims of defacements. And the whole while, to keep the moral high ground, Attrition would turn down security work by anyone mirrored, no matter how much money was offered or how strong the plea for help.

    I've seen a lot of discussion in the past year on the point of the Attrition mirror, including a session by Attrition themselves at DefCon last year, and this was clearly a long time coming. I'm sorry to see it end, but also in a sense happy for the fact that the guys who had to maintain the mirror will see some peace return to their lives.

  • Because then people would be submitting sites like goatse.cx...

  • Perhaps moderators could check the links before modding as informative, as allas.de [allas.de] has very little to do with http://defaced.alldas.de [alldas.de]

    ---
  • Yes - automate it. Even if they didn't want to use volunteers, it seems they'are spending a lot of time at odd hours doing this which is what they're trying to avoid.

    Why not use something like E-Quill which I think is just an excellent web tool anyway: http://www.e-quill.com/

    Example:
    http://view.equill.com/id/5d6fa819e76ac0af [equill.com]

    Works in IE/Netscape/Mozilla. They could just point this tool at the site and snapshot it. Then come back at their leisure to move it to their own systems.

    Internet Explorer Windows only with MAC version on the way but still, it solves the problem.
  • like this is something that should have been more or less automated from teh beginning

    i'm not sure how hard this would be or how difficult it woudl be to forge posts etc w/o anyone to verify them but i used to enjoy going through attrition myself

    at the very least they could be offering to let volunteers handle it
  • by jahjeremy (323931) on Tuesday May 22, 2001 @05:26AM (#206487)
    ...because they are sick of dealing with the type of people who deface webpages and write to them saying 'Oh, please teach me how to be elite haxor' or 'Dude, ya gotta help me break into my girlfriend's hotmail account' or (personal favorite) 'Help me hack my on-line homework because my teacher (?) is too lazy to grade papers.'

    I think after several years of fun and sarcastic replies, they've finally grown tired of the attention and want to stop attracting the riff-raff. Dropping the full mirror seems like it should help. Their site has tons of content and a huge text file archive that has been neglected lately. Probably they want to get back to adding meat to their already excellent site. Besides, with only 3 guys handling the mirroring, the rash of recent (and not-so-inspired) defacements forced them to spend hours mirroring all the crap.

    Also, they confirm each hack individually. How could one "automate" this without risking said kiddies trying to break or exploit the automated system. You're not exactly dealing with the most honest or moral segment of the computing community.

    Can you imagine receiving 10 or more e-mails a day similar to: 'Hey, where's my defacement? I put it up 10 minutes ago! God, you guys are slow. What are you doing, humping your sister?'

    Basically, they were performing a service for which they got nothing back except abuse from kiddies and sys admins. So they just said, "Fuck it." Frankly, I don't blame them at all and look forward to more great stuff popping up on their site.
  • They're only stopping the minor defacements "We will also continue to provide commentary and articles on high profile defacements, significant trends or other activity that warrants attention." Also, the Attrition Defacement Statistics [attrition.org] are still being published.

    Personally, I will miss the mirrors, but I'd like to see what becomes of the site now that the attrition staff have the extra free time on their hands
  • "Come on, the defacers live for their work to be posted." That's exactly why they are stopping. It used to be a site for interesting cracks and exploits, designed to HELP companies become more aware of security issues, not a "hey check out my stupid web hack" show and tell site for stupid script kiddies. It's a shame to see it go, but if you have ever actually looked at the page and seen the abuse they take on a regular basis, can you blame them? It's sad to see a bunch of morons take away the very thing that made attrition a cool place to check out every once in a while...
  • All- First off I would like to thank all of you for the kind comments within this thread. The reason we started this website was for everybody in the security/technology community. This all started as a hobby site and the staff at Attrition.org had a lot of fun with it and tried to create a place where one might go to learn something. Anyhow, I could go on and on about the whole history and how everything formed but I'll cut to a few points and hopefully make things much clearer. 1. Money had no hand in the decision here. We all have jobs during the day and this mirror was totally absorbing our personal time. Many of us would go hours and hours reviewing sites and making sure they were valid on top of our workload. This is a hobby site and a hobby site implies one would have fun doing it regardless of being paid or not... Many of us wanted to do other things with our time but we couldn't cause we had to sit in front of the computer for 10 hours to validate mass hacks all day. It gets exhausting after a while. 2. The hack verifications were automated using a script (that both Jericho and Munge tinkered up)but for historical purposes and for statistical purposes we had to verify each and EVERY hack that came through. Another words, we needed to see with our own eyes that the site was hacked or the statistics and mirror would not be valid. So, we could either make our lives easier by not validating the hacks and basically taint our stats and work or we could put forth the effort and make something useful. Again, if your going to do something you might as well do it right rather than fall short. 3. Other sections of the site that were put on the back burner will finally get the attention that they deserve (this I am personally happy about). 4. THE SITE IS NOT CLOSING DOWN... I think i've read a few instances where journalists had said that Attrition.org was shutting down. We are only doing away with the mirror. The decision to keep the mirror on site is still to be determined. Anyhow, I will end it here... I just thought that everybody HERE deserved some insight due to the fact that the site is for this community. -Modify Attrition Staff staff@attrition.org
  • What are factors? If you're going to make a statement like that, you ought to put your reasons up. While I agree with you that we have no idea what will happen, I suspect that web defacements will drop for at least the mom and pop type sites. There will be one less place for these juvenille deliquents to make a name for themselves in that no one will care that they defaced a website (except maybe the defacee). You will still see high profile web defacements reported on, but I suspect most of these guys will go find more constructive things to do, such as play with themselves.
  • This is too laughable to be taken seriously. The idiot that posted this has absolutely no balls. Go back and play with yourself, moron
  • It's true!! I have the proof! -Carolyn Meinel

I'm all for computer dating, but I wouldn't want one to marry my sister.

Working...