dispenses advice on defacements

When nonprofit security site decided in late May to stop mirroring Web site defacements, the group blamed the volume of defacements and said their hobby had become a "thankless chore." On Thursday, members of Attrition gave a talk at the Black Hat Briefings conference in Las Vegas and dispensed hard-earned wisdom -- and some bitterness -- to those who might follow in their footsteps.

During the two years the group ran the mirror -- a Web site which offers copies of defaced sites -- they encountered numerous obstacles. Despite never having a day in which more than 100 sites matching the group's exacting criteria for a defacement were hit, they frequently received as many as 250 e-mails a day about defacements, according to Brian Martin, who goes by the nickname "Jericho." Of the 250 e-mails they would receive, as many as 66 percent of them would be repeated messages from defacers seeking glory, said. B.K. DeLong, a.k.a. McIntyre, another Attrition member. ("Cancer Omega," a third member, also participated in the discussion.)The group also faced more serious problems, some involving federal law enforcement agencies, the panelists said. On one hand, many would-be defacers would notify Attrition prior to their actions, or those who had already defaced sites would include personally-identifying information when attempting to claim the defacement for themselves. Both situations left the group, which tried to remain neutral, in the difficult position of having to report these activities to the U.S. Federal Bureau of Investigation so as to avoid prosecution themselves.

To make matters worse, many law enforcement agencies were initially distrustful of the group, thinking them to be involved in the defacements, the group said. A number of defacement victims even reported the group to federal agencies for perpetrating defacements, something the Attrition staff members maintain they never did.

Even after the site had gained grudging acceptance in the security industry, other problems arose, Martin said. Some security companies took the information on Attrition's mirror, which they claim is covered by copyrighted, did not credit its source and even resold it as their own, Martin said. Some media organizations did the same, he said, and while they did not resell the information, they frequently misquoted Attrition members and misused their data, Martin and DeLong said.

So in the face of all this, why did they continue their work for two years?

"We're pessimistic masochists. We love what we do, but we take a lot of abuse," Martin said.

Nonetheless, the group stopped mirroring Web site defacements, leaving the job to other sites such as and Others who want to open a mirror site should examine closely how they will proceed and why they want to undertake the task, Martin said.

Hackers cannot run a mirror, he said. "If you're an active hacker, you're not fit to run a mirror" because hackers would have an incentive to deface Web sites, defeating the impartiality needed to run such a site.

Security companies also should not run a mirror, because they may profit from it or use it as a marketing tool to sell their security wares, also a conflict of interest, he said. In fact, when Attrition announced that it would be ending its mirror, both hackers and security firms approached them with offers to fund the group, but it declined the offers on ethical grounds, Martin said.

Instead, hobby sites like Attrition, which claim to have no vested interest other than curiosity and commitment, are best suited to the task, he said.

If other hobbyists do pick up where Attrition left off, perhaps they can tackle some of the things that Martin said the group would like to have done but didn't. They include studying the motivations of defacers and their relationships with each other, opening a limited dialog with the defacers, and exchanging information with similar groups such as the HoneyNet Project.

As for Attrition and its members, though they will no longer be maintaining the defacements mirror, they plan to stay busy. Martin and another member of the group plan to publish papers based on data gathered by the group, and the site will continue to be updated with commentary, analysis and other material, Martin said.

"Two years ago we were evil hackers. One year ago, depending on who quoted us, we were a mix of hacker group and security site," Martin said, commenting on the site's growth and the growing acceptance of it among the media and mainstream computer community. "In the last six months, (we were called a) respected security site."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Sam Costello

PC World
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?