Pro-Chinese and pro-U.S. hackers continue attacks
WASHINGTON (CNN) -- With recent strains between the two countries, pro-China and pro-U.S. hackers dueled over the Internet on Monday, defacing dozens of Web sites but apparently leaving little permanent damage.
"Pro-Chinese hackers hit 14 more U.S. sites today, in addition to 12 Sunday and the four Saturday," said Michael Cheek, managing editor of intelligence services with iDEFENSE, a leading intelligence and risk management firm in Fairfax, Virginia.
"But it appears pro-American hackers are hitting back hard," he said. "So far, 24 Chinese Web sites, including eight government sites have been hit today," Cheek told CNN.
He said a 29-page report to be compiled late Monday by iDEFENSE will show that among the Web sites defaced Sunday and Monday are a smattering of federal government sites, some commercial sites, private organizations and public educational institutions.
One federal law enforcement official involved in combating computer hackers confirmed some additional Web pages were attacked Monday, but that "the fire walls are holding up" and no significant damage had been reported.
The threat is being taken seriously enough by the Pentagon that its Information Condition, or security status for its computer systems, has been elevated from INFO-CON NORMAL to INFO-CON ALPHA, which means the likelihood of a threat has increased.
The Department of Defense is the largest single user of computers in the U.S. government and maintains offices staffed 365 days a year by computer security experts whose sole mission it is to halt computer attacks.
The FBI had warned last week of possible hacker attacks because of significant dates in China this week, including May Day.
'Cyber equivalent of spray-painting'
One Internet security expert said the hacker attacks did not appear to be out of the ordinary.
"Web site defacement is a typical type of hack for political activists since it provides a forum to display a political message," said Rob Clyde, chief technologist for Symantec Corp., a Silicon Valley-based company which provides cyberspace security systems.
"This is the cyber-equivalent of spray-painting a message on the front of a company's building," he said. "Every day 30 to 50 Web sites are defaced, so at this point the Chinese hacks have not yet exceeded the normal background noise."
The company iDEFENSE said the Web pages attacked Sunday and Monday included one for the White House (White House.History.org), two for the Navy and two for the National Institutes of Health. Web pages for the U.S. Minerals Management Services, the MCI Center in Washington and the U.S. Chamber of Commerce were also hacked. A state court site in Texas, the Web sites of the University of Maryland and Rutgers University, and a Web page of a U.S.-Japan organization were also infiltrated by hackers.
The Labor Department's Web site was attacked Saturday, according to spokesman Stuart Roy.
Under the title "Chinese Hack," a tribute to missing Chinese pilot Wang Wei was posted on the site's main page, along with his picture. "The Whole Country is Sorrow" the posting read.
Wang is the Chinese pilot involved in the April 1 collision with a U.S. reconnaissance plane. He is missing and presumed dead.
According to Roy, the attack was limited to the Web site's home page and did not penetrate the fire wall to any of the thousands of other pages on the site. "No monetary damage and no harm was done," Roy said. "Whether this was mischief or an attempt to do more harm, I don't know."
The defacement was up for six hours Saturday until the entire system was brought down. After another four hours of testing for viruses and damage, the Web site was brought back on-line.
Viruses may not immediately show up
More hacking incidents were reported Monday. On the main page for the news service United Press International, a Chinese flag were posted with the message, "The Great Chinese Nation Hooray!!!! USA Will Be With Responsibility for the Accident Totally!!! Protest USA sell Weapon to Taiwan, Break The World Peace!!!
The source of the Web site graffiti could not be determined.
At Network Associates, a Silicon Valley-based Internet security company, officials also reported minimal hacking activity Monday. Vincent Gullotto, senior director of security labs, described the threat from Chinese hackers as low to medium. He pointed out that the attacks usually consisted of simple defacement, which is faster and easier to do with less risk of detection.
However, he pointed out that, if any viruses had been planted, they might not be activated until the system is rebooted or a certain date is reached.
The pro-U.S. hacking incidents may not have originated in the United States. One of the most notorious hackers who goes by the name PoisonBox claims to have been responsible for defacing 238 Chinese Web sites over time and insists he is not a U.S. citizen, Cheek said. Analysts believe he has moved on to hacking Web sites in Taiwan and Malaysia.
The FBI's National Infrastructure Protection Center, which issued a warning Friday of expected attacks this week by Chinese hackers, said it had no new information.
The government warning posted on the Web at www.nipc.gov cautioned against "increased hacker activity directed against U.S. systems during the period of April 30, 2001, through May 7, 2001."
The FBI statement also warned of a worm named "Lion" that is infecting computers and disrupting service tools on various systems.
The FBI announcement noted the week covers three dates of significance in China: May Day on the first of the month, Youth Day on May 4, and, on May 7, "the anniversary of the accidental bombing of the Chinese embassy in Belgrade."
"There's an effort not to hype this," said one federal law enforcement official, referring to the lack of information from the FBI. "Obviously there are some issues between the U.S. and China right now."
A senior FBI official characterized current law enforcement cooperation between the FBI and Chinese police as "generally productive, particularly in some Chinese provinces." The official, who asked not to be named, said in some areas of mutual interest, such as cracking down on drug trafficking, cooperation had been good.
"I'm not sure there's been a good test before," the official said of cooperation between the governments on combating computer hackers.
The official said the FBI has two representatives based in Hong Kong who travel in the Chinese mainland, but the FBI's request to place a legal attache in the U.S. embassy in Beijing has been pending for six years.
Cheek said there is no indication the pro-Chinese hacking incidents involved the Chinese government.
"We have no way of knowing if these attacks are state-sponsored. But the Chinese government tries to control the Internet closely, and attempts to filter Western influences, so it leads to the suspicion that they're at least looking the other way," Cheek said.
CNN Producer Chuck Afflerbach contributed to this report.
Feds warn of May Day attacks on U.S. Web sites
Department of Labor
|Back to the top|