TUCoPS :: Web :: General :: webdeshp.txt

Web design in Hacked Pages - why no one cares about 31337 rants in hacked pages


# mv index.new index.html
# echo "03.20.99"
# echo "I do not advocate web defacement or intrusive hacking."

The Ends Justify The Means.
My Rant In Plain English.
Suggestions For Improving Your Hacked Pages.
The Good, The Bad, and The Impressive.



Browsing the web, enjoying your time, nothing better to do. Casual search
for something interesting to read, or maybe even a little research for a
project or term paper.  Click here, click there, link from site to site.
Some mostly worthless, nothing more than links to other pages.  Same old
thing, different day.. until today. You typed in the URL for a web page
that promised to have your info.  Instead of computer pricing or biology,
you found a cryptic message scrawled out claiming something, hell if you
could tell what it was. You click on and forget about it.

Yes, that was a hacked web page. One of the favored things of crackers to
boast their deeds. Proof that they alone control the universe and 'own'
someone else's computers.  Self reasoning and a shoddy moral vindication
of a petty break-in to some no name computer. At least, that sums up
almost 99% of current web defacement activities. Why?


The Ends Justify The Means.

Ok, lets buy that argument for now. The 'means' in our case is the hacking
of a site and the 'ends' constitutes replacement of the existing web page
with a new 'improved' page carrying the hacker's message. In today's
digital world, it is the equivalent of spray painting a wall to have your
message seen by passerbys. Stop here and think about all of the spraypaint
graffiti you have seen in the last six months. How much can you remember?
Odd isn't it. Some person took the time and effort to break the law in
order to get their message out. Risk possible incarceration for words or
ideas they felt were important, yet you can't remember any (or all)  of
it. Why?

Simple answer. Because there was no real message worth reading.  After
taking the power of free speech into their hands, after finding a place to
stand on a soapbox, the person stood up only to mumble to a handful of
faithful followers that already know the message. And boy, do they love to
hear you talk! The rest of the passerby's continue on, unconcerned. They
still don't know what you are trying to say. In fact, their opinion of you
has gone down because you took the time to get a soapbox, stand on it, and
face the public. You flaked out and didn't broadcast a meaningful message,
therefore you are worth no time or thought. And there you go, a passing
inattention in a fast moving world. Congrats.


My Rant in Plain English

In the past few years, over one thousand web pages have been hacked.
Their content has been replaced with whatever hasty rant has popped into
mind by the cracker. With few exceptions, arbitrary low traffic and no
name domains are 'chosen' by these crackers to put up their message. Some
of these sites get more traffic from the hack than a previous month of
regular visitors they are so low key.

The truth is, these kids(1) have delusions of grandeur in a networked
world that could give a second thought about them. Their message is
meaningless drivel that only impresses other kids for the most part. Web
viewers walk away from seeing their "message" thinking immature social
rejects plague the net, and they think so for damn good reasons.

More and more sites are being replaced by poorly designed pages, chock
full of misspelled words forming sentences that defy all rules of grammar.
Pages full of "elite speak"(2) that prove absolutely nothing, have no
humor value, and only contribute to more eye strain.  Pages containing
poorly written rants that form incoherent thoughts, opinions or reasons as
to why the page was altered in the first place. Basically, dull pages that
show a complete lack of intelligence and no creativity whatsoever.

These kids have a chance to show the world that they are indeed
intelligent well balanced *mature* net users, yet they throw every chance
away it seems.

(1) I use the word kids because more times than not, they ARE
    kids. Fifteen to Eighteen year olds that don't quite have
    a concept of how things work. In the cases where they are
    over eighteen, it is often difficult to tell based on the
    content of the altered pages. Don't like the use of the
    word 'kid'? Do a better job hacking these pages.
(2) Elite speak being the oh-so-old replacement of alternate
    characters to spell words. t|-|1s TyP3 0f +3xt.



It seems most hackers want/need to justify their actions, be it to the
admin of the site they broke into, the people reading the pages, their
friends or often times themselves. Regardless of who they are trying to
vindicate themselves to, the reasoning falls apart every time.

Justification #1: "I'm doing you a favor.. this could have been a
malicious hacker that damaged your system!". Gee thanks for breaking in to
tell me that. It didn't occur to you that the other 80 MILLION internet
users did me a favor by not breaking in? Yet I should thank you? Although
these kids rarely do damage, they cause the administrator extra grief in
one form or another. Rather than normal work, they are forced into doing a
full security audit of their system or reinstalling from scratch. Yes,
maybe they should have been more concerned with security before this, but
it is a rare site that can dedicate that kind of time or resource to
staying up to date on the bleeding edge.  That is the way the world works,
so deal with it. Oh, and don't try to use that as a justification.

Justification #2: "Because we can!" Ok, so if I shoot you in the
knee 'just because I can', does that teach you any real lesson? Amazingly
enough, this is about the only justification that holds any water.  If
nothing else, it is the brutally honest truth that the person had nothing
better to do, and had no well grounded reason for their actions. Instead
of using this as a justification, why not think of a truly noble cause and
follow it?

Justification #3: "I was pointing out security holes on your site!"
Gee, thanks for the free security audit. Not. While you did indeed prove
there was a hole, did you mail the administrator telling him HOW you broke
in? How to fix it? Did you find more than one way into the system or just
the one? If you did none of that, you weren't even close to performing a
security audit. Oh, audits require permission too. Bad reason.

Justification #4: "Read my political reasons yo!" This one almost
works for me, but like the others has serious shortcomings. If your true
reason is to impress upon your readers of some political or moral agenda,
did you really do it? A good job of it? Did you sit down and research your
topic, finding resources and legitimate sources of information to leak to?
Did you write up a political rant and place it on an appropriate system?
Did you spell check your work to make sure that it flowed reasonably well?
Doubtful. Putting up third grade level rants on www.unrelated.com mean
just about nothing and truly fail as a justification. Try again.


Suggestions For Improving Your Hacked Pages.

I am not one to complain about a problem without offering some solution or
input to offset the bitching. However, with this comes the chance people
will blame me for encouraging hacking and continued defacement of web
pages. I do NOT condone any such thing! I am practical and realize
that nothing I say will stop people from doing it. That in mind, I am just
trying to make the best out of an existing situation. That said... here
are my top 10 suggestions for future hacked pages.

1.      Better designed pages! Hackers and crackers are said to be
        creative. You sure wouldn't know it looking at many of these
        pages. Take your time and DESIGN the web page you are putting
        up. Make it aesthetically appealing to both lynx and graphical
        browsers. Why do companies spend all the time on beautiful
        pages in the first place?

2.      Better messages! You are cracking these machines and
        replacing pages to "get your message out". Err, ok, what is your
        message? Remember that people are visiting with no prior
        knowledge of you, your message, or your cause. Be clear and
        concise and spell out your message for them.

3.      No more elite speak crap. If you want to impress people with
        alternate characters, offer the hacked page in several languages.
        I for one would love to know what some of the hacked pages in
        Mexico say, and I would also bet that foreign hackers would
        love to read American hacks in their tongue. Surely you know
        someone who can translate to German, French, Latin, Russian
        or more impressive, Japanese. :)

4.      You want to use 'elite' speak? Try grammar, spelling, and
        puncuation. A well written paragraph will command more respect
        than any substitute character will. If you mispell common
        words, how can anyone take you seriously? Do you find yourself
        falling behind in English classes? Use the net to help you!
        You may find online resources like a dictionary or thesaurus
        an invaluable tool.

5.      Help the site! After all, you embarassed them and caused them
        some kind of hassle. After breaking in and changing their web
        page, why not temporarily patch the hole/bug in the system
        that gave you access? Better, patch it and tell what you exploited
        to get in on the web page. Let other admins learn that these
        holes are actively being exploited. Link to information on more
        permanent solutions to their security problem. That is at least
        half way noble.

6.      Back up the main page for them! Rather than overwriting their
        index.html and relying on them to have a copy, just rename
        the old one. From your new page, link to the old one and give
        customers a chance to reach the information they were looking
        for. They had to read your message to get to it, your job is

7.      Show knowledge of computers! Creating your hacked web pages
        with editors like 'FrontPage Express' isn't exactly conducive
        to propagating the myth that hackers know the system. If you
        can't write out a basic web page in a simple editor like 'vi',
        'pico', or 'DOS edit', you should probably learn HTML before
        worrying about other people's systems.

8.      Target your hacks! Don't change the page of any arbitrary
        domain you happen to stumble across. Pick a system you feel
        that needs a face lift and apply it to that system only.

9.      Don't actually carry out the mass hack! If you find yourself
        in the position of being able to change pages on multiple domains,
        don't. Just pick the highest traffic domain, or biggest name
        and change that one. On your hacked page link to a list of other
        domains that could have been affected.

10.     Choosing a name! Try to be mature when choosing a name.
        Everyone realizes that some names are quite humorous, but remember
        who reads these pages. Making a profound statement and backing
        it by "tHe SiNgAlOnG gAnG!@$#$@" just isn't very cool.


The Good, The Bad, and The Impressive.

The good, the bad, and the impressive.

In the past, there have been pages (more like *elements* of pages)  that
have stood out as creative, amusing, or to the point. Hopefully by
pointing out these examples you will begin to see what I have been
attempting to convey.

The Good

Humor: While it probably wasn't the best site to hit, the recent
       hack of Greenpeace had a certain dark (and sick)
       sense of humor behind it.

Interesting: Another new person/group to hit the scene recently is
             'Redemption'. Their hacks to date have simply contained
             (apparent) original poetry. A sign of creativity at last!
             You can read their work from hacks like DaytonTech,
             Town Green, and TC Edge.

Targeted: As suggested above, targeting specific domains in order to
          spread a specific message is a good thing. Examples of this
          can be found in Monica Lewinksy's Future Site, White Pride,
          and Ku Klux Klan.

Political: Probably the most memorable and well done hacks was that of
           the 'Human Rights China' site. When hacking for political
           agendas, hit the right site, with the right message, and
           present a well written argument. Does wonders. Don't believe
           me? Check out the http://www.attrition.org/mirror/attrition/1998/10/27/www.humanrights-china.org-1/index.html hack.

The Bad

Bad:      Amnesty International found themselves victim of a web
          page defacement. Of all the sites on the net, why hit
          groups that are trying to do good already? Isn't that
          somewhat defeating?

Pathetic: The various hacks for a short period of time carried out
          by 'zyklon' of LoU. These hacks (many movie home pages)
          turned out to be one or two lines of broken english followed
          by a dedication to his girlfriend. *yawn* Kiddies with
          no creativity.

Pathetic: The recent mass hack by the 'Miss Piggy Hackclub', which
          caused over one hundred domains to display a single line:
          "The Miss Piggy Hackclub Strikes again muthafuqErz!$##$!@"
          *yawn* That is almost worth reading.

The Impressive

None! There hasn't been a truly impressive web page defacement to come
along. None that took the cake in site, message, and design. :(


Brian Martin
Copyright 1999 Brian Martin

Disclaimer: I do not advocate web defacement. Don't do it. Go learn to
program or be creative in better capacities.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2023 AOH