Through the following post I am not purposing to
influence you to start defacing, but to briefly give you a better
understanding of how and why it is done.
Almost everyday I visit Zone-H’s archive
of special digital attacks, I find that at least 1 or 2 attacks were
done against US governmental web servers. The domain suffix of the
defaced websites was *.gov. Does this fact means that they are totally
secure? I don’t think so… Obviously the web servers may host very
confidential data. In this case the web server administrators seemed to
have allowed threats against governmental assets. Any unwanted
consequences that a breach of security can lead to, are mainly caused by
the irresponsibility and lazyness of system administrators and web
developers.
The methodology for defacing a website is pretty
standard. Here is the standard sequence of tasks that normally the
crackers/defacers would follow: Footprinting, scanning,
enumeration, penetration, attack, covering of tracks and installation
of backdoors. As I mentioned before, the motivations for defacing any
website are various, whereas when defacing governmental websites, could
be a promotion of an ideology, revenge, or just a challenge.
I don’t believe that people who are serial website
defacers hold good real-life jobs, or any job at all. This is just my
personal opinion which is based on the fact that defacing is illegal in
most countries – thus involving a high risk of getting arrested - and
requires some basic knowledge, time, and patience. Advanced knowledge of
technical and theoretical network security issues is not always
required to deface. I think that understanding IT security theories,
enhances intelligently your logical application of related
practicalities. Achieving a deface could require the application of a
complex exploitation methodology. This is enough reason to give up for
some defacers without patience and with incomplete knowledge.
Tools assisting each step mentioned in the last
paragraph are widely available for free on the internet. Most of the
authors coded them for ethical, legal and educational use. Of course
some were specifically coded for easily generating domain lists,
exploiting security vulnerabilities, and mass-defacing websites. These
are not easy to find on the web, nor are that difficult to code.
Instead, individual defacers and groups exchange them in IRC channels,
private forums and servers, and through instant messengers.
One example of such an IRC server is irc.gigachat.net.
Script kiddies who deface, prefer to use fancy GUIs
for tools rather than command line. Command line tools seem to exceed
their learning and memory capabilities, or they don’t have the will and
patience to research and analyze effective methodologies used by
professionals in netsec pen-testing. They would be more technically
skilled and better exercise their brain to remember simple and complex
command sequences in multi-OS environments. Plus they would develop
their practical skill-set which may be necessary if they choose to
follow an IT career at some point – if they don’t end up in jail.
Depending on their ethical and legal attitudes,
usually what they want is to quickly accomplish breaking in a network,
maybe lookup for confidential data, download them and deface the home
pages of hosted sites. Always counting in exceptions, most probably they
didn’t use their own exploits, but what was already public.
Now I’m going to quote from another of my posts the following:
“In the mind and soul of the crackers who deface
high-profiled websites, there is a false sense of pride. They think that
it reflects their cracking skills and status in the defacers scene. For
them defacing is more like a game. The messages shown in their
defacements are more like an excuse for taking part in this game. The
real motivation and reasoning behind their attacks, in most of the cases
is not political, patriotic or other; but is just to show off
themselves and their country to the world…
They attach a nickname to their personalities and
cracking abilities, and they try to raise its status in the scene. They
like searching for their nicknames in news websites and showing off the
link to other crackers in their IRC channel, other channels, or through
their websites.”
You will be ignored if you request mentioned tools or help to deface a website. Comments are welcome of course. 
No comments:
Post a Comment