Website administrators and hosting companies in Bermuda have been warned to be on guard this weekend after hackers announced they would attack thousands of websites on Sunday as part of a global contest, according to Internet security specialists QuoVadis.

The competition challenges hackers to deface as many as 6,000 sites in the shortest time possible to win the contest. During a defacement, the server hosting a website is attacked, often using automated toolkits, so that the normal web pages may be replaced with the cracker's own images.

Steve Davidson from QuoVadis said that more than 20 Bermuda websites have been similarly defaced in the past 18 months, usually with bragging or insulting language.

He went on to say that in addition to the inconvenience to the company, these attacks often undermine customers' confidence in the security and privacy of the business.

Mr. Davidson said that during the competition, which will last six hours, the crackers gain points for every website they deface. Different point values are awarded based on the underlying operating systems. Rarer systems - such as HP-UX, Apple-OSX, and IBM-AIX - are worth more points than the commonly used Microsoft and Linux platforms, added Mr. Davidson.

Because of the limited duration of the contest, QuoVadis said it anticipates companies that host multiple websites are at higher risk than individual corporate web servers.

According to Walter Cooke, chief security officer at QuoVadis, "Reports have shown a sharp decrease in website defacements over the past week, indicating that hackers are laying groundwork on targets without defacing them. That way, they'll have a large pool of ready victims on the contest day."

Similar warnings have been issued the US Department of Homeland Security. While the contest is not expected to impact the integrity of the Internet, it is likely than tens of thousands of websites worldwide will be defaced.

The US government and private technology experts in the US have also warned that hackers plan to attack thousands of websites on Sunday.

Organisers established a website, defacers-challenge.com, which was shut down early on Wednesday evening. Before it was removed, the site listed in broken English the rules for hackers who might participate. It cautioned that "deface its crime" - an apparent acknowledgement that vandalising Internet pages is illegal.

"The FBI is taking this very seriously," FBI spokesman Bill Murray said. "Hacking is a crime and those who participate in this activity will be investigated and brought to justice."

The Department of Homeland Security said on Wednesday that it was aware of the hackers' plans but did not expect to issue any formal public warnings. The Chief Information Officers Council, part of the Office of Management and Budget, cautioned US agencies and instructed experts to tighten security at federal websites. "Frankly, hacker challenges occur frequently, and we don't think they all rise to the level of a warning," Homeland Security spokesman David Wray said.

Finally, QuoVadis reminded system administrators of the most common vulnerabilities targeted by defacers. These include flaws in OpenSSL, Samba, Webdav, Frontpage extension misconfiguration, AIX ftpd, Solaris telnetd, Sendmail, Wuftpd, Proftpd, PHPnuke, OmniBack II, and Cpanel.