http://www.wired.com/news/politics/0,1283,43134,00.html
by Michelle Delio
11:20 a.m. Apr. 18, 2001 PDT
As China and the United States attempt to peacefully end their
diplomatic standoff sparked by the mid-air collision between a U.S.
spy plane and a Chinese fighter jet, crackers from both countries
continue to wage private wars on the Internet.
American cracker group PoizonBOx has defaced at least a hundred
Chinese websites since April 4. Chinese hackers are now vowing to
retaliate with a planned week-long all-out crack attack on American
websites and networks which will start on May 1.
Security experts are warning that website owners and network
administrators should make sure their networks are protected, since
the recent rise in cracking activity will not be limited to government
sites.
"These guys are hitting whoever they can, any website that has any
kind of weakness. They are using scanning tools to broadcast a search
for security holes in domains that are hosted in China or America,"
said Taltos, a security consultant and hacker from Budapest, Hungary
who has been following the online discussions of Chinese-U.S. crack
attacks.
"They don't care who the sites belong to, basically they are just
collecting scalps," Taltos said. PoizonBOx's cracking campaign has
been dubbed "ChinaKiller." The group is careful to refer to their
activities as "net cracking" not hacking, and have also refrained from
leaving political or hate messages on the Chinese sites that they
crack.
PoizonBOx defaces the Chinese websites with a simple notice
proclaiming "This Site Was Owned by PoizonBOx," and also gives an
attribution to hacker news site Security News Portal.
The webmasters of Security News Portal said they have no idea why
PoizonBOx is putting their URL on the attacked sites, and said there's
really nothing they can do about it anyway.
Posts on some of the Internet Relay Chat (IRC) groups populated by
hackers and crackers indicate that PoizonBOx plans to continue its
ChinaKiller blitz for the foreseeable future.
Other American crackers urged others to participate in the attacks.
A defacer known as "Pr0phet," who is credited at defacement tracking
site Attrition.org for vandalizing two Chinese sites, urged all
American crackers to "focus on China and wreak hell on their servers."
Pr0phet said that he didn't think the attacks would have any influence
politically, but the goal was "just to fuck with China in any little
way we can."
Chinese hackers plan to retaliate against the American cracking
activity and what they see as U.S. interference in China's politics,
with an organized effort to hit as many websites as possible in one
week.
The attack is set to launch May 1st through May 7th, timed to coincide
with two major Chinese holidays.
"The United States is deliberately attempting to influence the
countries that circle around us -- Japan, Taiwan, and the Philippines
and trying to turn them against China," said Jia En Zhu, a 22-year-old
hacker who lives in Zhongguancun, a northeast Beijing suburb that has
been called China's Silicon Valley.
"The U.S. is trying to circle us with enemies, but we can send a
message with the Internet and circle and block their American sites
with Chinese power," Zhu said. The planned attack is being called the
"Laodong Jie Wuy Strike" (Labor Day Strike), Zhu said, in honor of
International Workers Day.
Zhu said the attacks are planned to cumulate on May 4, on Qingnian Jie
(Youth Day) in China. The national holiday commemorates demonstrations
that occurred in Beijing's Tiananmen Square on May 4, 1919, when 3,000
students protested in Tiananmen Square, demanding that China resist
the interference of foreign powers by refusing to comply with official
concessions to Japan after the end of World War I.
"May 4th is the day that we in China celebrate patriotism and our
Chinese nationality," Zhu said. Chinese crackers have been encouraging
each other to "Hack the USA" in retaliation for the mid-air collision
between a U.S. spy plane and a Chinese fighter jet which claimed the
life of Chinese pilot Wang Wei.
One navy site, the Navy's Executive Office for Acquisition Related
Business Systems in Arlington, Virginia, was defaced on April 10th
with an animated image of a Chinese flag and a warning that "China
have atom bomb too!!"
A mapping business was also defaced with a Chinese flag and pointed
warnings in Chinese and English requesting the United States to
apologize.
Zhu said that he believes that many unreported cracks have occurred
since April 1 in response to the diplomatic crisis between his country
and the United States.
"Many people here are talking about the situation, and we do not
understand why America cannot apologize for killing our pilot. But we
have no way to tell you this directly. We are frustrated with our
government's politeness. We want to tell you that we think this is
wrong, so we will say it on everyone's Internet," said Zhu.
Zhu said that he didn't mind talking about the planned attack, because
"Chinese hackers are good enough to cut through most of your security
anyway."
The Chinese have only had access to the Internet since 1997, but
Chinese crackers have been quick to use it to make political points.
In May of 1999 Chinese hackers attacked U.S. government information
systems, including the White House, in response to the bombing of the
Chinese Embassy in Belgrade, Yugoslavia, according to an FBI report
"China Cyber Activity," which was obtained by the Washington Times.
More recently Taiwanese government websites have been defaced, and
Taiwan universities have reported incidents of viruses originating
from servers in China, which destroyed data on the universities'
servers, said Murphy.
The upcoming Chinese-American cyberwar may never escalate past a
hundred or so defaced websites, Taltos said. But he said that the
rumors and posts he's been seeing "really seem to be pointing to a lot
of serious problems that could cause people to lose a lot of money
because they have to take websites down for awhile to fix them after
they have been defaced."
Taltos also said that he wouldn't be surprised to see virus attacks
and denial of service attacks originating from China and U.S. crackers
during the first week of May. He said that if this happens the attacks
will also affect many Internet users who will be caught in the
crossfire.
"I think people should just make sure they've protected their systems
and their sites" Taltos said. "It's not like they shouldn't be
protected anyway, if there are holes eventually someone is gonna crack
into them anyway, so why not fix them now?"
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Thu Apr 19 03:44 CDT 2001