# mv index.new index.html
# echo "03.20.99"
# echo "I do not advocate web defacement or intrusive hacking."
Introduction
The Ends Justify The Means.
My Rant In Plain English.
Justification
Suggestions For Improving Your
Hacked
Pages.
The Good, The Bad, and The
Impressive.
Introduction
Browsing the web, enjoying your time, nothing better to do. Casual search
for something interesting to read, or maybe even a little research for a
project or term paper. Click here, click there, link from site to site.
Some mostly worthless, nothing more than links to other pages. Same old
thing, different day.. until today. You typed in the URL for a web page
that promised to have your info. Instead of computer pricing or biology,
you found a cryptic message scrawled out claiming something, hell if you
could tell what it was. You click on and forget about it.
Yes, that was a hacked web page. One of the favored things of crackers to
boast their deeds. Proof that they alone control the universe and 'own'
someone else's computers. Self reasoning and a shoddy moral vindication
of a petty break-in to some no name computer. At least, that sums up
almost 99% of current web defacement activities. Why?
The Ends Justify The Means.
Ok, lets buy that argument for now. The 'means' in our case is the hacking
of a site and the 'ends' constitutes replacement of the existing web page
with a new 'improved' page carrying the hacker's message. In today's
digital world, it is the equivalent of spray painting a wall to have your
message seen by passerbys. Stop here and think about all of the spraypaint
graffiti you have seen in the last six months. How much can you remember?
Odd isn't it. Some person took the time and effort to break the law in
order to get their message out. Risk possible incarceration for words or
ideas they felt were important, yet you can't remember any (or all) of
it. Why?
Simple answer. Because there was no real message worth reading. After
taking the power of free speech into their hands, after finding a place to
stand on a soapbox, the person stood up only to mumble to a handful of
faithful followers that already know the message. And boy, do they love to
hear you talk! The rest of the passerby's continue on, unconcerned. They
still don't know what you are trying to say. In fact, their opinion of you
has gone down because you took the time to get a soapbox, stand on it, and
face the public. You flaked out and didn't broadcast a meaningful message,
therefore you are worth no time or thought. And there you go, a passing
inattention in a fast moving world. Congrats.
My Rant in Plain English
In the past few years, over one thousand web pages have been hacked.
Their content has been replaced with whatever hasty rant has popped into
mind by the cracker. With few exceptions, arbitrary low traffic and no
name domains are 'chosen' by these crackers to put up their message. Some
of these sites get more traffic from the hack than a previous month of
regular visitors they are so low key.
The truth is, these kids(1) have delusions of grandeur in a networked
world that could give a second thought about them. Their message is
meaningless drivel that only impresses other kids for the most part. Web
viewers walk away from seeing their "message" thinking immature social
rejects plague the net, and they think so for damn good reasons.
More and more sites are being replaced by poorly designed pages, chock
full of mispelled words forming sentences that defy all rules of grammar.
Pages full of "elite speak"(2) that prove absolutely nothing, have no
humor value, and only contribute to more eye strain. Pages containing
poorly written rants that form incoherent thoughts, opinions or reasons as
to why the page was altered in the first place. Basically, dull pages that
show a complete lack of intelligence and no creativity whatsoever.
These kids have a chance to show the world that they are indeed
intelligent well balanced *mature* net users, yet they throw every chance
away it seems.
(1) I use the word kids because more times than not, they ARE
kids. Fifteen to Eighteen year olds that don't quite have
a concept of how things work. In the cases where they are
over eighteen, it is often difficult to tell based on the
content of the altered pages. Don't like the use of the
word 'kid'? Do a better job hacking these pages.
(2) Elite speak being the oh-so-old replacement of alternate
characters to spell words. t|-|1s TyP3 0f +3xt.
Justification
It seems most hackers want/need to justify their actions, be it to the
admin of the site they broke into, the people reading the pages, their
friends or often times themselves. Regardless of who they are trying to
vindicate themselves to, the reasoning falls apart every time.
Justification #1: "I'm doing you a favor.. this could have been a
malicious hacker that damaged your system!". Gee thanks for breaking in to
tell me that. It didn't occur to you that the other 80 MILLION internet
users did me a favor by not breaking in? Yet I should thank you? Although
these kids rarely do damage, they cause the administrator extra grief in
one form or another. Rather than normal work, they are forced into doing a
full security audit of their system or reinstalling from scratch. Yes,
maybe they should have been more concerned with security before this, but
it is a rare site that can dedicate that kind of time or resource to
staying up to date on the bleeding edge. That is the way the world works,
so deal with it. Oh, and don't try to use that as a justification.
Justification #2: "Because we can!" Ok, so if I shoot you in the
knee 'just because I can', does that teach you any real lesson? Amazingly
enough, this is about the only justification that holds any water. If
nothing else, it is the brutally honest truth that the person had nothing
better to do, and had no well grounded reason for their actions. Instead
of using this as a justification, why not think of a truly noble cause and
follow it?
Justification #3: "I was pointing out security holes on your site!"
Gee, thanks for the free security audit. Not. While you did indeed prove
there was a hole, did you mail the administrator telling him HOW you broke
in? How to fix it? Did you find more than one way into the system or just
the one? If you did none of that, you weren't even close to performing a
security audit. Oh, audits require permission too. Bad reason.
Justification #4: "Read my political reasons yo!" This one almost
works for me, but like the others has serious shortcomings. If your true
reason is to impress upon your readers of some political or moral agenda,
did you really do it? A good job of it? Did you sit down and research your
topic, finding resources and legitimate sources of information to leak to?
Did you write up a political rant and place it on an appropriate system?
Did you spell check your work to make sure that it flowed reasonably well?
Doubtful. Putting up third grade level rants on www.unrelated.com mean
just about nothing and truly fail as a justification. Try again.
Suggestions For Improving Your Hacked Pages.
I am not one to complain about a problem without offering some solution or
input to offset the bitching. However, with this comes the chance people
will blame me for encouraging hacking and continued defacement of web
pages. I do NOT condone any such thing! I am practical and realize
that nothing I say will stop people from doing it. That in mind, I am just
trying to make the best out of an existing situation. That said... here
are my top 10 suggestions for future hacked pages.
1. Better designed pages! Hackers and crackers are said to be
creative. You sure wouldn't know it looking at many of these
pages. Take your time and DESIGN the web page you are putting
up. Make it aesthetically appealing to both lynx and graphical
browsers. Why do companies spend all the time on beautiful
pages in the first place?
2. Better messages! You are cracking these machines and
replacing pages to "get your message out". Err, ok, what is your
message? Remember that people are visiting with no prior
knowledge of you, your message, or your cause. Be clear and
concise and spell out your message for them.
3. No more elite speak crap. If you want to impress people
with alternate characters, offer the hacked page in several
languages. I for one would love to know what some of the hacked
pages in Mexico say, and I would also bet that foreign hackers
would love to read American hacks in their tongue. Surely you know
someone who can translate to German, French, Latin, Russian
or more impressive, Japanese. :)
4. You want to use 'elite' speak? Try grammar, spelling, and
puncuation. A well written paragraph will command more respect
than any substitute character will. If you mispell common
words, how can anyone take you serious? Do you find yourself
falling behind in English classes? Use the net to help you!
You may find online resources like a dictionary or thesauras
an invaluable tool.
5. Help the site! After all, you embarassed them and caused
them some kind of hassle. After breaking in and changing their web
page, why not temporarily patch the hole/bug in the system
that gave you access? Better, patch it and tell what you exploited
to get in on the web page. Let other admins learn that these
holes are actively being exploited. Link to information on more
permanent solutions to their security problem. That is at least
half way noble.
6. Back up the main page for them! Rather than overwriting
their index.html and relying on them to have a copy, just rename
the old one. From your new page, link to the old one and give
customers a chance to reach the information they were looking
for. They had to read your message to get to it, your job is
done.
7. Show knowledge of computers! Creating your hacked web pages
with editors like 'FrontPage Express' isn't exactly condusive
to propagating the myth that hackers know the system. If you
can't write out a basic web page in a simple editor like 'vi',
'pico', or 'DOS edit', you should probably learn HTML before
worrying about other people's systems.
8. Target your hacks! Don't change the page of any arbitrary
domain you happen to stumble across. Pick a system you feel
that needs a face lift and apply it to that system only.
9. Don't actually carry out the mass hack! If you find
yours in the position of being able to change pages on multiple
domains, don't. Just pick the highest traffic domain, or biggest
name and change that one. On your hacked page link to a list of
other domains that could have been affected.
10. Choosing a name! Try to be mature when choosing a name.
Everyone realizes that some names are quite humorous, but remember
who reads these pages. Making a profound statement and backing
it by "tHe SiNgAlOnG gAnG!@$#$@" just isn't very cool.
The Good, The Bad, and The Impressive.
The good, the bad, and the impressive.
In the past, there have been pages (more like *elements* of pages) that
have stood out as creative, amusing, or to the point. Hopefully by
pointing out these examples you will begin to see what I have been
attempting to convey.
The Good
Humor: While it probably wasn't the best site to hit, the recent
hack of Greenpeace
had a certain dark (and sick) sense of humor behind it.
Interesting: Another new person/group to hit the scene recently is
'Redemption'. Their hacks to date have simply contained
(apparent) original poetry. A sign of creativity at last!
You can read their work from hacks like DaytonTech,
Town Green, and TC Edge.
Targeted: As suggested above, targeting specific domains in order to
spread a specific message is a good thing. Examples of this
can be found in
Monica Lewinksy's
Future Site, White Pride, and Ku Klux Klan.
Political: Probably the most memorable and well done hacks was that of
the 'Human Rights China' site. When hacking for political
agendas, hit the right site, with the right message, and
present a well written argument. Does wonders. Don't believe
me? Check out the www.humanrights-china.org
hack.
The Bad
Bad: Amnesty International found themselves victim of a web
page defacement. Of all the sites on the net, why hit
groups that are trying to do good already? Isn't that
somewhat defeating?
Pathetic: The various hacks for a short period of time carried out
by 'zyklon' of LoU. These hacks (many movie home pages)
turned out to be one or two lines of broken english followed
by a dedication to his girlfriend. *yawn* Kiddies with
no creativity.
Pathetic: The recent mass hack by the 'Miss Piggy Hackclub', which
caused over one hundred domains to display a single line:
"The Miss Piggy Hackclub Strikes again muthafuqErz!$##$!@"
*yawn* That is almost worth reading.
The Impressive
None! There hasn't been a truly impressive web page defacement to come
along. None that took the cake in site, message, and design. :(
by whoever (whoever@attrition.org)
(c)opyright 1999 - This piece protected by U.S. copyright and may not
be copied without the express written permission of
'whoever@attrition.org'
or representing parties of said address. Permission is granted to repost
this work in full on any *non-profit* site or mail list.
Disclaimer: I do not advocate web defacement. Don't do it. Go learn to
program or be creative in better capacities.
-EOF
|