dispenses advice on defacements

When nonprofit security site decided in late May to stop mirroring Web site defacements, the group blamed the volume of defacements and said their hobby had become a "thankless chore." On Thursday, members of Attrition gave a talk at the Black Hat Briefings conference in Las Vegas and dispensed hard-earned wisdom -- and some bitterness -- to those who might follow in their footsteps.

During the two years the group ran the mirror -- a Web site which offers copies of defaced sites -- they encountered numerous obstacles. Despite never having a day in which more than 100 sites matching the group's exacting criteria for a defacement were hit, they frequently received as many as 250 e-mails a day about defacements, according to Brian Martin, who goes by the nickname "Jericho." Of the 250 e-mails they would receive, as many as 66 percent of them would be repeated messages from defacers seeking glory, said. B.K. DeLong, a.k.a. McIntyre, another Attrition member. ("Cancer Omega," a third member, also participated in the discussion.)The group also faced more serious problems, some involving federal law enforcement agencies, the panelists said. On one hand, many would-be defacers would notify Attrition prior to their actions, or those who had already defaced sites would include personally-identifying information when attempting to claim the defacement for themselves. Both situations left the group, which tried to remain neutral, in the difficult position of having to report these activities to the U.S. Federal Bureau of Investigation so as to avoid prosecution themselves.

To make matters worse, many law enforcement agencies were initially distrustful of the group, thinking them to be involved in the defacements, the group said. A number of defacement victims even reported the group to federal agencies for perpetrating defacements, something the Attrition staff members maintain they never did.

Even after the site had gained grudging acceptance in the security industry, other problems arose, Martin said. Some security companies took the information on Attrition's mirror, which they claim is covered by copyrighted, did not credit its source and even resold it as their own, Martin said. Some media organizations did the same, he said, and while they did not resell the information, they frequently misquoted Attrition members and misused their data, Martin and DeLong said.

So in the face of all this, why did they continue their work for two years?

"We're pessimistic masochists. We love what we do, but we take a lot of abuse," Martin said.

Nonetheless, the group stopped mirroring Web site defacements, leaving the job to other sites such as and Others who want to open a mirror site should examine closely how they will proceed and why they want to undertake the task, Martin said.

Hackers cannot run a mirror, he said. "If you're an active hacker, you're not fit to run a mirror" because hackers would have an incentive to deface Web sites, defeating the impartiality needed to run such a site.

Security companies also should not run a mirror, because they may profit from it or use it as a marketing tool to sell their security wares, also a conflict of interest, he said. In fact, when Attrition announced that it would be ending its mirror, both hackers and security firms approached them with offers to fund the group, but it declined the offers on ethical grounds, Martin said.

Instead, hobby sites like Attrition, which claim to have no vested interest other than curiosity and commitment, are best suited to the task, he said.

If other hobbyists do pick up where Attrition left off, perhaps they can tackle some of the things that Martin said the group would like to have done but didn't. They include studying the motivations of defacers and their relationships with each other, opening a limited dialog with the defacers, and exchanging information with similar groups such as the HoneyNet Project.

As for Attrition and its members, though they will no longer be maintaining the defacements mirror, they plan to stay busy. Martin and another member of the group plan to publish papers based on data gathered by the group, and the site will continue to be updated with commentary, analysis and other material, Martin said.

"Two years ago we were evil hackers. One year ago, depending on who quoted us, we were a mix of hacker group and security site," Martin said, commenting on the site's growth and the growing acceptance of it among the media and mainstream computer community. "In the last six months, (we were called a) respected security site."

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

PC World
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?