http://www.computerworld.com/cwi/story/0,1199,NAV47_STO60116,00.html
By DAN VERTON
May 01, 2001
WASHINGTON -- U.S. and Chinese hackers began exchanging blows today in
what some Internet security experts have referred to as the opening
salvo of a "cyberwar" sparked by the recent loss of a Chinese fighter
pilot whose jet collided with a U.S. plane.
Since April 1, the date of the collision (see story), hackers have
vandalized around 360 Web sites in the U.S. and China, according to
estimates issued by various security consulting firms. Web sites
falling victim to the vandals so far include the National Institutes
of Health, the U.S. Navy, the California Department of Energy, the
U.S. Labor Department and some corporate Web sites. Some Chinese
Internet service providers and news organizations have also been hit.
To date, most of the defacements have been attacks on Chinese Web
sites, prompting security analysts to suggest that most of the hackers
are probably U.S. teenagers.
Given an alternative, most people will take a cyberwar over a real war
any day. The proclivity of the media and security consulting firms to
use the terms war and terrorism when talking about politically
motivated Web site defacements is beginning to harm overall security
awareness, experts said. The hype that has been created over the
equivalent of a cybergraffiti campaign could lull the unscathed into a
false sense of security, they said.
Jay Dyson, senior security consultant for OneSecure Inc., a
Denver-based managed network security services firm, referred to
recent statements regarding the U.S.-China cyberwar as
"fear-mongering" and said the hype won't result in greater security on
the Internet. "This kind of hype will only serve to desensitize people
to the everyday threats of Net insecurity," said Dyson, who also
consults for NASA. "It's at the point now where people are so busy
listening to the 'Boy Who Cries Wolf' that they don't assign any
importance to those of us who quietly inform them of the scorpions in
their shoes."
"The popular use of terms like cyberwar reflects muddled thinking and
creates confusion," said Steven Aftergood, a defense and intelligence
specialist at the Federation of American Scientists, a public policy
think tank in Washington. "Calling it war promotes cynicism and
arguably makes it more difficult to achieve a realistic approach to
security. After countless incidents of so-called cyberterror, no one
has died. That isn't terrorism, and it isn't war."
Security experts, including the FBI's National Infrastructure
Protection Center, warned last week of a significant increase in
Chinese hacker activity targeted at U.S. government and private-sector
Web sites starting May 1, which coincides with China's May Day, or the
International Workers Day celebration (see story). Another prominent
date that could mark the launch of a major wave of attacks is May 7,
the two-year anniversary of the accidental bombing of the Chinese
Embassy in Belgrade, Yugoslavia, by U.S.-led NATO forces.
However, most of the hacking activity so far can be attributed to kids
and not to any government-sponsored campaign, said other experts.
Graham Cluley, senior technology consultant at Sophos Anti-Virus in
Wakefield Mass., said government and industry representatives have
acted irresponsibly when making public pronouncements about Internet
security threats. "Some will say almost anything for the headline,"
said Cluley. "There don't seem to be repercussions for the guy who
cries wolf. In this case, it's mostly egg on your face as opposed to a
mortar down your trousers."
Even the Pentagon seems to be taking the "pie in your face" tactics of
U.S. and Chinese hackers in stride. A Defense Department spokeswoman
said she would "leave the rhetoric to others," adding that the
department has advised all of its organizations to simply "increase
their computer security awareness appropriately."
The lack of official hostilities between the U.S. and China is
important to consider when talking about cyberwar, said Amit Yoran,
CEO of Riptech Inc., an Alexandria, Va.-based network security
consulting firm. The number of attacks and their level of
sophistication would likely be significantly higher if open
hostilities existed between the two countries, said Yoran.
Yoran, who is also the former director of vulnerability assessments at
the Defense Department's Computer Emergency Response Team, said he
views the current state of hacker activity as a subset of what experts
define as information warfare. He added that what some call media hype
can actually help some companies and organizations.
"I think there is a certain value to be gained in the hype," said
Yoran. "There is an increasing awareness."
David Endler, practice manager at iDefense Inc., a Fairfax, Va.-based
security consulting firm, agreed. How dangerous Web site defacements
are to your business depends on the business, he said. "I'm sure some
people are hurt by Web site defacements," particularly from the
resulting drop in consumer and shareholder confidence, said Endler.
But is this a cyberwar? Not really, he said. "It's not a cyberwar
financed by a government, but it really depends on how you define that
term," he said. "There's no evidence that the Chinese government has
sponsored any of these attacks."
Keith Morgan, chief of information security at Terradon Communications
Group LLC in Nitro, W.Va., said the stories and the warnings have been
overstated. "Site defacements under the guise of political motivation
happen on a daily basis," said Morgan, who characterized the growing
list of Web site defacements as "the work of script kiddies involved
in some sort of site-defacement contest."
"In reality, we've seen a steady stream of systems vulnerability
probes, worm infections and other malicious activity originating from
the Asia-Pacific network for months now," said Morgan. "I would boil
this entire issue down to media hype as a result of strained
U.S.-China relations over the aircraft incident."
While most security experts agree that the latest skirmish between
U.S. and Chinese hackers has been confined to Web sites with known
vulnerabilities, there are clear lessons to be learned from the first
day of what one security firm termed the "China Hackers 6th Network
War of National Defense." The name refers to the penchant of Chinese
hackers to react over the Internet to a political crisis.
"The lesson to security managers is focus on security every single day
of the year," said Cluley. "Don't just focus on a particular doomsday.
The problem is that when the next threat comes along, [security
consulting] organizations are going to panic people again."
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV@SecurityFocus.com with a message body of
"SIGNOFF ISN".
Received on Wed May 2 03:40 CDT 2001