Hackers Protest Full Disclosure

2009-07-21

John Leyden, The Register, is reporting that a group of hackers broke into the biggest image hosting website on the internet to post a protest against sites that publish full disclosure material on security vulnerabilities.

The article writes, "Anti-Sec broke into ImageShack to post a protest over sites that publish full disclosure material on security vulnerabilities, though how the attack furthers this agenda is unclear. The group, which also attacked the websites of astalavista.com last month, pledged to cause further 'mayhem and destruction' against supporters of full disclosure, which it argues benefits security firms and cybercrooks at the expense of the wider community."

Leyden is quick to point out that the exploit code used by Anti-Sec to hack ImageShack was ironically posted on a full disclosure mailing list.

A TrendMicro security consultant, Rik Ferguson, blogged about the incident, pointing out that through full disclosure the security industry is able to design proactive protection mechanisms that help people and businesses avoid serious financial and personal damage, in addition to the fact that full disclosure allows security organizations to mitigate against attacks before they are exploited in the wild and that organized crime profits from undisclosed vulnerabilities.

ImageShack was quickly restored after the incident. An image of the defacement can be seen here.