dispenses advice on defacements

When nonprofit security site decided in late May to stop mirroring Web site defacements, the group blamed the volume of defacements and said their hobby had become a "thankless chore." On Thursday, members of Attrition gave a talk at the Black Hat Briefings conference in Las Vegas and dispensed hard-earned wisdom -- and some bitterness -- to those who might follow in their footsteps.

During the two years the group ran the mirror -- a Web site which offers copies of defaced sites -- they encountered numerous obstacles. Despite never having a day in which more than 100 sites matching the group's exacting criteria for a defacement were hit, they frequently received as many as 250 e-mails a day about defacements, according to Brian Martin, who goes by the nickname "Jericho." Of the 250 e-mails they would receive, as many as 66 percent of them would be repeated messages from defacers seeking glory, said. B.K. DeLong, a.k.a. McIntyre, another Attrition member. ("Cancer Omega," a third member, also participated in the discussion.)The group also faced more serious problems, some involving federal law enforcement agencies, the panelists said. On one hand, many would-be defacers would notify Attrition prior to their actions, or those who had already defaced sites would include personally-identifying information when attempting to claim the defacement for themselves. Both situations left the group, which tried to remain neutral, in the difficult position of having to report these activities to the U.S. Federal Bureau of Investigation so as to avoid prosecution themselves.

To make matters worse, many law enforcement agencies were initially distrustful of the group, thinking them to be involved in the defacements, the group said. A number of defacement victims even reported the group to federal agencies for perpetrating defacements, something the Attrition staff members maintain they never did.

Even after the site had gained grudging acceptance in the security industry, other problems arose, Martin said. Some security companies took the information on Attrition's mirror, which they claim is covered by copyrighted, did not credit its source and even resold it as their own, Martin said. Some media organizations did the same, he said, and while they did not resell the information, they frequently misquoted Attrition members and misused their data, Martin and DeLong said.

So in the face of all this, why did they continue their work for two years?

"We're pessimistic masochists. We love what we do, but we take a lot of abuse," Martin said.

Nonetheless, the group stopped mirroring Web site defacements, leaving the job to other sites such as and Others who want to open a mirror site should examine closely how they will proceed and why they want to undertake the task, Martin said.

Hackers cannot run a mirror, he said. "If you're an active hacker, you're not fit to run a mirror" because hackers would have an incentive to deface Web sites, defeating the impartiality needed to run such a site.

Security companies also should not run a mirror, because they may profit from it or use it as a marketing tool to sell their security wares, also a conflict of interest, he said. In fact, when Attrition announced that it would be ending its mirror, both hackers and security firms approached them with offers to fund the group, but it declined the offers on ethical grounds, Martin said.

Instead, hobby sites like Attrition, which claim to have no vested interest other than curiosity and commitment, are best suited to the task, he said.

If other hobbyists do pick up where Attrition left off, perhaps they can tackle some of the things that Martin said the group would like to have done but didn't. They include studying the motivations of defacers and their relationships with each other, opening a limited dialog with the defacers, and exchanging information with similar groups such as the HoneyNet Project.

As for Attrition and its members, though they will no longer be maintaining the defacements mirror, they plan to stay busy. Martin and another member of the group plan to publish papers based on data gathered by the group, and the site will continue to be updated with commentary, analysis and other material, Martin said.

"Two years ago we were evil hackers. One year ago, depending on who quoted us, we were a mix of hacker group and security site," Martin said, commenting on the site's growth and the growing acceptance of it among the media and mainstream computer community. "In the last six months, (we were called a) respected security site."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

PC World
Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?