Some interesting things about the popular defacement archive

Jun 8, 2013 14:31 GMT  ·  By

There are a lot of hackers and hacker groups out there that breach websites to gain fame or for political motives. Many of them deface the websites they hack to send out various messages.

Most of these hackers and hacker groups submit mirrors of their “work” to defacement archives to keep track of their “achievements.” One of the most popular defacement archives is Zone-H.

We wanted to find out more about the service so we contacted Alberto Redi, the CEO of Security Lab, the company that owns Zone-H. Redi has shared some interesting things with us about the service.

Softpedia: Tell us a bit about yourself and your experience in the information security industry.

Alberto Redi: I'm working in the IT business since 1981. I'm in the IT security business since 2006, when I led the spin-off of the security department of another IT company creating Security Lab. Zone-H was part of the deal, and I was quite enthusiastic about the project.

Softpedia: How did you come up with the idea to start Zone-H.org and why did you launch the service?

Alberto Redi: I'm not the founder of Zone-H, although I was a Zone-H ambassador since the beginning. Anyway, Zone-H was started aggregating several former web sites that were trying to do the same: collecting incidents from the underground community with the purpose of better understanding what is going on "under the carpet."

Softpedia: Tell us about Zone-H's history. What does the name Zone-H stand for? When was it founded? How was the service improved over the years?

Alberto Redi: Zone-H was started in 2001/2002. “H” stands for “Hackers,” “Hacking.” In the beginning we were trying to build up a sort of community, besides the pure incident posting/verification.

That's why there was a period when we were building up different localized versions of the web site in several languages. Also a blog section was enabled to exchange comments on several topics.

But soon it turned into a pointless effort, because the people were keeping on surfing the original web sites, and the "social" part of the web site turned into just "noise."

That's why we step back to the pure nature of Zone-H: a web site to post defacement and research in a huge archive of more than 8 million incidents, all verified manually one-by-one. Zone-H is one institution!

Softpedia: Can you clarify for our readers why Zone-H.org has been flagged as being malicious by browsers and antivirus providers over the past period?

Alberto Redi: Well, when one defacement is posted on Zone-H, our automatic bot grabs immediately the supposed-to-be-defaced web page and stores it (the mirror), so that we can verify manually if the post is fake or not.

These pages may contain malicious code, although we run security checks in order to remove it, because the hacker was probably trying to make more than just a defacement, but also putting additional traps in it.

Google has probably detected some of these malicious pages, marking Zone-H as a suspicious web site. Unfortunately this is not the truth. We are just like a bulletin board. It's pretty sad to be marked as "suspicious," cause Zone-H is a very useful crime directory. And this is a value for understanding the cyber world, not a threat, in our point of view.

Softpedia: Do you feel that a service such as Zone-H might be encouraging hackers to hack?

Alberto Redi: I don't think so. Hackers will hack anyway. And they will post anyway in other blogs or web sites where the information is not verified, thus useless. Additionally, we clearly write on Zone-H, when posting a defacement, that defacing is definitely illegal for most of international laws.

We are not, and we will never encourage such practices. We just collect information and verify it, for information and statistic purpose.

Softpedia: Some companies have denied being hacked, even after they were presented with defacement mirrors on Zone-H. Can Zone-H mirrors be fake?

Alberto Redi: All mirrors are verified one-by-one to avoid fakes. Consider that two thirds of the posted defacements are fake. This is a very big work for us, to distinguish the correct information from the fake. But for us it’s extremely important to give correct information.

Hackers are trying any means to post fake defacements. Anyone who keeps on trying to post fakes, is banned.

Btw, companies often ask us to remove incidents because they think that this creates damage to the company’s image. I think this is pure BS. Companies should thank us for pointing out their weaknesses, so that they can fix it and make it more secure for the future!

If searching for one company on Google shows the Zone-H post on the first page, it means that the company has nothing to say on the internet, that's why the Zone-H post is the only information available about the company in the search engine. Once again they should thank us for revealing a non-existing web strategy.

Softpedia: Regarding the companies that have contacted you to remove the defacement mirrors. Have any of these companies threatened you with lawsuits? Have they made any other kinds of threats or are they just asking nicely?

Alberto Redi: Well, from time to time some people contact us not nicely, and sometimes even threatening us with a possible lawsuit.

We simply try to explain to them that we are not responsible for what people report on Zone-H and that in the end it's better to know that a web site is vulnerable, so the admin can fix it, than not knowing this. Anyway, we never had a lawsuit so far.

Softpedia: Can you provide some statistics regarding the evolution of submissions since the project started?

Alberto Redi: Here is the total number of defacements by year: 2001 - 21.097 2002 - 77.766 2003 - 285.951 2004 - 392.459 2005 - 493.720 2006 - 752.039 2007 - 480.622 2008 - 517.406 2009 - 544.097 2010 - 1.419,388 2011 - 1.608,929 2012 - 1.192,326 2013 - 665.367

Softpedia: Are there any improvements you plan on making to the website?

Alberto Redi: Well, we are pretty satisfied that Zone-H is still keeping the profile of a start-up. Everything is free, no ads, no commercial goals.

Anyway, we are cooking up some changes for the future, and we are open to considering some options to try to finance the project a bit, of course without changing the fundamentals of the project. I can't add anything for the moment ;-)

Softpedia: How has the project been financed so far if there aren't any ads and everything is free?

Alberto Redi: We put our own money into it. And we built-up 3 training tracks called "Zone-H Ethical Hacking Trainings" that we execute from time to time in some countries like Japan, Norway, Switzerland, Italy, etc... That's the only pay back, but it's not really related to Zone-H. Zone-H trainings and Zone-H.org are sharing the same founders and developers. Period.

Softpedia: What’s the value of having a defacement archive?

Alberto Redi: Having one exhausting archive about one specific topic, like defacements in this case, helps to understand trends and geo-political issues. Sure, many people are defacing just for bragging, others for political reasons, others for revenge, and so on.

Anyway, it's all part of the cyber underground scene. Many of these people will soon become IT security specialists, maybe others will become cyber criminals. Defacing is their own self-training. I think it's worth to monitor this, am i right?

Softpedia: There are some relatively new sites that provide the same services. What makes Zone-H better/different?

Alberto Redi: Every now and then some new web site of this kind pops-up. Most of the time they disappear after a while. To run a website like this requires time and money, to be good willing is not enough. And Zone-H is here for more than 10 years, with a constant grow trend.

Softpedia: Is there anything else you want to add, something that might be important for our readers to know about Zone-H?

Alberto Redi: Hacking is a very interesting field, security researchers will always find their place in the business community. Just one advice: always stay on the right side of the game.