http://www.hackernews.com/orig/whoever.html http://www.hackersclub.com/km/library/hack2000/web_defacement.htm # mv index.new index.html # echo "03.20.99" # echo "I do not advocate web defacement or intrusive hacking." Introduction The Ends Justify The Means. My Rant In Plain English. Justification Suggestions For Improving Your Hacked Pages. The Good, The Bad, and The Impressive.
Introduction Browsing the web, enjoying your time, nothing better to do. Casual search for something interesting to read, or maybe even a little research for a project or term paper. Click here, click there, link from site to site. Some mostly worthless, nothing more than links to other pages. Same old thing, different day.. until today. You typed in the URL for a web page that promised to have your info. Instead of computer pricing or biology, you found a cryptic message scrawled out claiming something, hell if you could tell what it was. You click on and forget about it. Yes, that was a hacked web page. One of the favored things of crackers to boast their deeds. Proof that they alone control the universe and 'own' someone else's computers. Self reasoning and a shoddy moral vindication of a petty break-in to some no name computer. At least, that sums up almost 99% of current web defacement activities. Why?
The Ends Justify The Means. Ok, lets buy that argument for now. The 'means' in our case is the hacking of a site and the 'ends' constitutes replacement of the existing web page with a new 'improved' page carrying the hacker's message. In today's digital world, it is the equivalent of spray painting a wall to have your message seen by passerbys. Stop here and think about all of the spraypaint graffiti you have seen in the last six months. How much can you remember? Odd isn't it. Some person took the time and effort to break the law in order to get their message out. Risk possible incarceration for words or ideas they felt were important, yet you can't remember any (or all) of it. Why? Simple answer. Because there was no real message worth reading. After taking the power of free speech into their hands, after finding a place to stand on a soapbox, the person stood up only to mumble to a handful of faithful followers that already know the message. And boy, do they love to hear you talk! The rest of the passerby's continue on, unconcerned. They still don't know what you are trying to say. In fact, their opinion of you has gone down because you took the time to get a soapbox, stand on it, and face the public. You flaked out and didn't broadcast a meaningful message, therefore you are worth no time or thought. And there you go, a passing inattention in a fast moving world. Congrats.
My Rant in Plain English In the past few years, over one thousand web pages have been hacked. Their content has been replaced with whatever hasty rant has popped into mind by the cracker. With few exceptions, arbitrary low traffic and no name domains are 'chosen' by these crackers to put up their message. Some of these sites get more traffic from the hack than a previous month of regular visitors they are so low key. The truth is, these kids(1) have delusions of grandeur in a networked world that could give a second thought about them. Their message is meaningless drivel that only impresses other kids for the most part. Web viewers walk away from seeing their "message" thinking immature social rejects plague the net, and they think so for damn good reasons. More and more sites are being replaced by poorly designed pages, chock full of misspelled words forming sentences that defy all rules of grammar. Pages full of "elite speak"(2) that prove absolutely nothing, have no humor value, and only contribute to more eye strain. Pages containing poorly written rants that form incoherent thoughts, opinions or reasons as to why the page was altered in the first place. Basically, dull pages that show a complete lack of intelligence and no creativity whatsoever. These kids have a chance to show the world that they are indeed intelligent well balanced *mature* net users, yet they throw every chance away it seems. (1) I use the word kids because more times than not, they ARE kids. Fifteen to Eighteen year olds that don't quite have a concept of how things work. In the cases where they are over eighteen, it is often difficult to tell based on the content of the altered pages. Don't like the use of the word 'kid'? Do a better job hacking these pages. (2) Elite speak being the oh-so-old replacement of alternate characters to spell words. t|-|1s TyP3 0f +3xt.
Justification It seems most hackers want/need to justify their actions, be it to the admin of the site they broke into, the people reading the pages, their friends or often times themselves. Regardless of who they are trying to vindicate themselves to, the reasoning falls apart every time. Justification #1: "I'm doing you a favor.. this could have been a malicious hacker that damaged your system!". Gee thanks for breaking in to tell me that. It didn't occur to you that the other 80 MILLION internet users did me a favor by not breaking in? Yet I should thank you? Although these kids rarely do damage, they cause the administrator extra grief in one form or another. Rather than normal work, they are forced into doing a full security audit of their system or reinstalling from scratch. Yes, maybe they should have been more concerned with security before this, but it is a rare site that can dedicate that kind of time or resource to staying up to date on the bleeding edge. That is the way the world works, so deal with it. Oh, and don't try to use that as a justification. Justification #2: "Because we can!" Ok, so if I shoot you in the knee 'just because I can', does that teach you any real lesson? Amazingly enough, this is about the only justification that holds any water. If nothing else, it is the brutally honest truth that the person had nothing better to do, and had no well grounded reason for their actions. Instead of using this as a justification, why not think of a truly noble cause and follow it? Justification #3: "I was pointing out security holes on your site!" Gee, thanks for the free security audit. Not. While you did indeed prove there was a hole, did you mail the administrator telling him HOW you broke in? How to fix it? Did you find more than one way into the system or just the one? If you did none of that, you weren't even close to performing a security audit. Oh, audits require permission too. Bad reason. Justification #4: "Read my political reasons yo!" This one almost works for me, but like the others has serious shortcomings. If your true reason is to impress upon your readers of some political or moral agenda, did you really do it? A good job of it? Did you sit down and research your topic, finding resources and legitimate sources of information to leak to? Did you write up a political rant and place it on an appropriate system? Did you spell check your work to make sure that it flowed reasonably well? Doubtful. Putting up third grade level rants on www.unrelated.com mean just about nothing and truly fail as a justification. Try again.
Suggestions For Improving Your Hacked Pages. I am not one to complain about a problem without offering some solution or input to offset the bitching. However, with this comes the chance people will blame me for encouraging hacking and continued defacement of web pages. I do NOT condone any such thing! I am practical and realize that nothing I say will stop people from doing it. That in mind, I am just trying to make the best out of an existing situation. That said... here are my top 10 suggestions for future hacked pages. 1. Better designed pages! Hackers and crackers are said to be creative. You sure wouldn't know it looking at many of these pages. Take your time and DESIGN the web page you are putting up. Make it aesthetically appealing to both lynx and graphical browsers. Why do companies spend all the time on beautiful pages in the first place? 2. Better messages! You are cracking these machines and replacing pages to "get your message out". Err, ok, what is your message? Remember that people are visiting with no prior knowledge of you, your message, or your cause. Be clear and concise and spell out your message for them. 3. No more elite speak crap. If you want to impress people with alternate characters, offer the hacked page in several languages. I for one would love to know what some of the hacked pages in Mexico say, and I would also bet that foreign hackers would love to read American hacks in their tongue. Surely you know someone who can translate to German, French, Latin, Russian or more impressive, Japanese. :) 4. You want to use 'elite' speak? Try grammar, spelling, and punctuation. A well written paragraph will command more respect than any substitute character will. If you mispell common words, how can anyone take you seriously? Do you find yourself falling behind in English classes? Use the net to help you! You may find online resources like a dictionary or thesaurus an invaluable tool. 5. Help the site! After all, you embarrassed them and caused them some kind of hassle. After breaking in and changing their web page, why not temporarily patch the hole/bug in the system that gave you access? Better, patch it and tell what you exploited to get in on the web page. Let other admins learn that these holes are actively being exploited. Link to information on more permanent solutions to their security problem. That is at least half way noble. 6. Back up the main page for them! Rather than overwriting their index.html and relying on them to have a copy, just rename the old one. From your new page, link to the old one and give customers a chance to reach the information they were looking for. They had to read your message to get to it, your job is done. 7. Show knowledge of computers! Creating your hacked web pages with editors like 'FrontPage Express' isn't exactly conducive to propagating the myth that hackers know the system. If you can't write out a basic web page in a simple editor like 'vi', 'pico', or 'DOS edit', you should probably learn HTML before worrying about other people's systems. 8. Target your hacks! Don't change the page of any arbitrary domain you happen to stumble across. Pick a system you feel that needs a face lift and apply it to that system only. 9. Don't actually carry out the mass hack! If you find yourself in the position of being able to change pages on multiple domains, don't. Just pick the highest traffic domain, or biggest name and change that one. On your hacked page link to a list of other domains that could have been affected. 10. Choosing a name! Try to be mature when choosing a name. Everyone realizes that some names are quite humorous, but remember who reads these pages. Making a profound statement and backing it by "tHe SiNgAlOnG gAnG!@$#$@" just isn't very cool.
The Good, The Bad, and The Impressive. The good, the bad, and the impressive. In the past, there have been pages (more like *elements* of pages) that have stood out as creative, amusing, or to the point. Hopefully by pointing out these examples you will begin to see what I have been attempting to convey. The Good Humor: While it probably wasn't the best site to hit, the recent hack of Greenpeace had a certain dark (and sick) sense of humor behind it. Interesting: Another new person/group to hit the scene recently is 'Redemption'. Their hacks to date have simply contained (apparent) original poetry. A sign of creativity at last! You can read their work from hacks like DaytonTech, Town Green, and TC Edge. Targeted: As suggested above, targeting specific domains in order to spread a specific message is a good thing. Examples of this can be found in Monica Lewinksy's Future Site, White Pride, and Ku Klux Klan. Political: Probably the most memorable and well done hacks was that of the 'Human Rights China' site. When hacking for political agendas, hit the right site, with the right message, and present a well written argument. Does wonders. Don't believe me? Check out the www.humanrights-china.org hack. The Bad Bad: Amnesty International found themselves victim of a web page defacement. Of all the sites on the net, why hit groups that are trying to do good already? Isn't that somewhat defeating? Pathetic: The various hacks for a short period of time carried out by 'zyklon' of LoU. These hacks (many movie home pages) turned out to be one or two lines of broken english followed by a dedication to his girlfriend. *yawn* Kiddies with no creativity. Pathetic: The recent mass hack by the 'Miss Piggy Hackclub', which caused over one hundred domains to display a single line: "The Miss Piggy Hackclub Strikes again muthafuqErz!$##$!@" *yawn* That is almost worth reading. The Impressive None! There hasn't been a truly impressive web page defacement to come along. None that took the cake in site, message, and design. :(
Brian Martin Copyright 1999 Brian Martin Disclaimer: I do not advocate web defacement. Don't do it. Go learn to program or be creative in better capacities. -EOF