http://news.cnet.com/news/0-1003-200-5773288.html?tag=cd_pr
By Robert Lemos
Special to CNET News.com
April 30, 2001, 4:50 p.m. PT
Online vandals made good on their threats to disrupt U.S.-based Web
sites Monday by defacing dozens of sites.
By late Monday, the hacking group Honkers Union of China increased the
number of Web sites defaced since early April to more than 80, while
online vandals posting pro-American graffiti had tagged at least 100,
according to several sources.
Web sites falling victim to the vandals included the National
Institutes of Health, the U.S. Navy, the California Department of
Energy, and the U.S. Department of Labor, as well as many corporate
Web sites.
"This is very much statistically on par with the Israeli-Palestinian
defacement war," said Chris Rouland, director of the internal
development and research group for network protection firm Internet
Security Systems. "We are seeing a seven- to 10-fold increase in scans
and defacements."
Federal authorities warned last week of a planned "Labor Day Strike"
from Chinese hackers upset over the recent spy plane incident.
According to the National Infrastructure Protection Center, a unit of
the FBI, "Chinese hackers have publicly discussed increasing their
activity" between two major holidays this week in China. May 1 is
International Workers Day, and May 4 is Youth Day. Also coming up is
the two-year anniversary, May 7, of the accidental U.S. bombing of the
Chinese embassy in Belgrade.
Rouland said most companies should be safe from the defacements, but
IT managers should take the time to check how well their networks are
protected.
The attacks come in the wake of the April 1 collision between a
Chinese jet fighter and a U.S. surveillance plane. The pilot of the
jet fighter, Wang Wei, died in the crash. Recent news reports say that
Chinese officials have decided to allow U.S. officials to inspect the
plane, which still remains on the island where it made an emergency
landing after the collision.
Chinese hackers rising
The most active group of Chinese defacers appears to be the Honker
Union of China. "Honker" is slang in China for hacker.
"The manifesto of Honker maintains the reunification of the
motherland! Guards the national sovereignty! Outside consistent
resistance shame! Attack anti-Chinese arrogance!" read the standard
defacement message that adorned several of the compromised sites.
Web sites maintained by members of the group indicated that more than
80 sites had been defaced as part of this week's protests. The site
reported that another 400 servers had been compromised.
Attacks have not been limited to defacing, either. One consultant for
a large U.S. company said that almost all the data on two servers at
the company had been systematically deleted on Saturday, leaving
behind an expletive-filled message directed at the United States.
While defacing Web sites has seemingly been a game for a great many
online vandals, data about the efforts of Chinese hackers has been
rare--not because of a lack of incidents, but because Chinese hackers
don't report their defacements to sites that track such attacks, said
Brian Martin, staff member at security site Attrition.org, a group
that tracks Web site defacements.
"One thing that is interesting is that over the past week, American
hackers have said that the Chinese haven't done anything," he said.
"Now it looks like the Chinese have been defacing sites but not
reporting them to us or the other mirrors."
Motives for attack?
Martin believes news reports speculating on whether Chinese hackers
would attack U.S. sites to protest the surveillance plane incident
started a self-fulfilling prophesy.
"A lot of this seems to have started because the media said it would
start," Martin said. "The timeline clearly shows it didn't turn into a
political-based defacement spree until (the media) said it would."
Others disagreed. Fred Cohen, a security researcher and principal
member of the technical staff at Sandia National Laboratories, said
evidence suggests the Chinese attacks are condoned, if not actively
organized, by the Chinese government.
"The most important thing to understand is it is not like the U.S," he
said. "We have hackers and miscreants--but they don't come from China
without the government taking actions to make it happen."
In China, because hacking is a capital crime, government approval
would be necessary for such a large group of vandals to work together,
Cohen said.
Cohen also pointed to such incidents as the 1i0n worm, which
apparently originated in China, as evidence that the situation could
escalate. The 1i0n worm is an Internet program that uses scanners and
automated exploit scripts to hack Linux servers and then send
information regarding the servers back to China.
Such information could be used to attack the servers later, Cohen
said. The result could be a denial-of-service attack or some other
assault on the U.S. Internet infrastructure. Its goal would be to show
that such cyberattacks are another weapon in the country's arsenal.
"It's not an accident; it's not a populist move," Cohen said. "It's a
demonstration. They are saying, 'We are capable of doing this to you
too, and we can do it in a controlled fashion, and we can stop it when
we say.'"
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Tue May 1 01:45 CDT 2001