The government and private technology experts are warning web site operators that hackers plan to attack thousands of web sites Sunday in a loosely coordinated “contest” that could disrupt internet traffic.
Organizers established a web site, defacers-challenge.com, listing in broken English the rules for hackers who might participate. The web site appeared to operate out of California and cautioned to “deface its crime”an apparent acknowledgment that vandalizing internet pages is illegal.
The Department of Homeland Security said Wednesday it was aware of the hackers’ plans but did not expect to issue any formal public warnings. The Chief Information Officers Council, part of the Office of Management and Budget, cautioned U.S. agencies and instructed experts to tighten security at federal web sites.
“Frankly, hacker challenges occur frequently, and we don’t think they all rise to the level of a warning,” Homeland Security spokesman David Wray said.
Home internet users, who typically do not operate web sites, probably would not be affected directly, said Oliver Friedrichs, the senior manager for security response at Symantec Corp. But operators of web sites for school districts, businesses, and other organizations were being warned to step up their security efforts in light of the warnings.
An early-warning network for the technology industry, operating with Homeland Security, notified companies that it received “credible information” about the planned attacks and already has detected surveillance probes by hackers looking for weaknesses in corporate and government networks.
“We emphasize that all web site administrators should ensure that their sites are not vulnerable,” wrote Peter Allor of Internet Security Systems Inc. (ISS), the Atlanta-based company that runs the Information Technology Information Sharing and Analysis Center.
Friedrichs, though, said Symantec’s global monitoring network wasn’t detecting unusual probes.
“We really haven’t seen any of that activity,” he said. “We’re certainly going to keep watching and looking.”
Separately, the New York Office of Cyber-Security and Critical Infrastructure Coordination warned internet providers and other organizations that the goal of the hackers was to vandalize 6,000 web sites in six hours.
New York officials urged web site operators to change default computer passwords, begin monitoring web site activities more aggressively, remove unnecessary functions from server computers, and apply the latest software repairs from vendors such as Microsoft Corp.
Chris Rouland, director of the X-force security team at ISS, said researchers monitoring underground chat rooms and other internet activity detected a drop in the numbers of vandalized web sites recently and an increase in the types of surveillance scans that typically precede computer break-ins.
“It’s kind of a sand-bagging period,” said Rouland, who predicted that hackers were quietly breaking into computers and waiting to vandalize them on Sunday.
The purported “prize” for participating hackers was 500-megabytes of online storage space, which made little sense to computer experts. They said hackers capable of breaking into thousands of computers could easily steal that amount of storage on corporate networks.