|This article relies too much on references to primary sources. (April 2009)|
Attrition is an information security-related website, updated at least weekly by an all-volunteer staff. Until 21 May 2001, Attrition maintained the largest mirror of defaced (or cracked) websites available on the World Wide Web. The defacement mirror has since ceased updating.
Often incorrectly described by journalists as a site for hackers, Attrition is actually a privately owned and operated hobby-site operated primarily by Brian Martin (who goes by various aliases on his website, including Jericho, Jared E. Richo, and security curmudgeon) with a variety of information available, including movie and music reviews, poetry, and security tips covering topics like forensics, data theft, security advisories, and incident response.
The "Going Postal" section, some of the more interesting emails the staffers get are posted, sometimes with humorous responses by the staff, often at the expense of the recipients. Exploiting the ignorance of others is a common theme in attrition.org's dark humor throughout the website. One example of this involved the setup of Todd Shriber, who attempted to "hire" the attrition team to hack into his former university to change his grades. Shriber was sacked from his job as a Republican communications director due to the incident.
The attrition.org website was hacked and defaced itself in 2001; site owner Brian Martin commented that he could not be held accountable to the same standards he held security companies accountable to, since he was not running a security service. The site was defaced again in 2003 by a group called PHC.
In 2001 attrition.org was given a cease and desist order by lawyers of MasterCard for supposedly posting parodies of the now-famous "Priceless" advertising campaign, which violated copyright law. The original parodies have since been removed from the website when the image gallery was later closed, but the correspondence between Jericho and MasterCard's retained lawyers has been published.
Since updating of the defacement mirror has ceased in May 2001, the staff has focused on the "Errata" section, which is devoted to pointing out inaccuracies, omissions, and other problems with mainstream media related to computer security and hacking. Additionally, staff members publish opinion pieces such as "Security Rants" pointing out problems with the computer security industry.
Attrition will frequently publish pages, or devote entire sections of a project, to topics the staff feel deserve extra attention. Examples include "Cisco: There is no fixed software for this issue," "Security Advisories," "Negation," regarding John Vranesevich and Antionline.com; "Shame," regarding Carolyn Meinel.
Attrition formerly hosted several electronic mailing lists relating to information security, such as InfoSec News. It also maintained the Data Loss Database, which records the data breaches at companies.
In addition to his involvement with DataLossDB.org, attrition.org founder Brian Martin is currently President of the Open Security Foundation, a non-profit that seeks to monitor, report, and maintain historical archives of security flaws and incidents.
- Robert Lemos (21 May 2001). "Defaced-site archive retires". CNET Networks.
- "Attrition Offs Its Hacker Monitor". Wired. 22 May 2001.
- "Index of /security/advisory". Attrition.org.
- "Going Postal". Attrition.org.
- "Going Postal". Attrition.org.
- "Attempt to hire hackers costs press aide his job". Networkworld.com. 22 December 2006.
- Brian Martin speaks about Attrition defacement, Hackinthebox.org 2 August 2001
- "Attrition Hoax Defacements". Attrition.org. 28 July 2001.
- "Wrath of the Impotent: Mastercard". Attrition.org.
- "ATTRITION Defacement Mirror". Attrition.org. 18 August 2010.
- "Security Industry Errata Page". Attrition.org.
- Andy Greenberg (7 October 2007). "The Cybercriminal Inside". Forbes.