[ISN] Crackers Expand Private War

From: InfoSec News (isnat_private)
Date: Wed Apr 18 2001 - 15:14:02 PDT

  • Next message: InfoSec News: "[ISN] Security UPDATE, April 18, 2001"

    by Michelle Delio
    11:20 a.m. Apr. 18, 2001 PDT
    As China and the United States attempt to peacefully end their
    diplomatic standoff sparked by the mid-air collision between a U.S.
    spy plane and a Chinese fighter jet, crackers from both countries
    continue to wage private wars on the Internet.
    American cracker group PoizonBOx has defaced at least a hundred
    Chinese websites since April 4. Chinese hackers are now vowing to
    retaliate with a planned week-long all-out crack attack on American
    websites and networks which will start on May 1.
    Security experts are warning that website owners and network
    administrators should make sure their networks are protected, since
    the recent rise in cracking activity will not be limited to government
    "These guys are hitting whoever they can, any website that has any
    kind of weakness. They are using scanning tools to broadcast a search
    for security holes in domains that are hosted in China or America,"
    said Taltos, a security consultant and hacker from Budapest, Hungary
    who has been following the online discussions of Chinese-U.S. crack
    "They don't care who the sites belong to, basically they are just
    collecting scalps," Taltos said. PoizonBOx's cracking campaign has
    been dubbed "ChinaKiller." The group is careful to refer to their
    activities as "net cracking" not hacking, and have also refrained from
    leaving political or hate messages on the Chinese sites that they
    PoizonBOx defaces the Chinese websites with a simple notice
    proclaiming "This Site Was Owned by PoizonBOx," and also gives an
    attribution to hacker news site Security News Portal.
    The webmasters of Security News Portal said they have no idea why
    PoizonBOx is putting their URL on the attacked sites, and said there's
    really nothing they can do about it anyway.
    Posts on some of the Internet Relay Chat (IRC) groups populated by
    hackers and crackers indicate that PoizonBOx plans to continue its
    ChinaKiller blitz for the foreseeable future.
    Other American crackers urged others to participate in the attacks.
    A defacer known as "Pr0phet," who is credited at defacement tracking
    site Attrition.org for vandalizing two Chinese sites, urged all
    American crackers to "focus on China and wreak hell on their servers."
    Pr0phet said that he didn't think the attacks would have any influence
    politically, but the goal was "just to fuck with China in any little
    way we can."
    Chinese hackers plan to retaliate against the American cracking
    activity and what they see as U.S. interference in China's politics,
    with an organized effort to hit as many websites as possible in one
    The attack is set to launch May 1st through May 7th, timed to coincide
    with two major Chinese holidays.
    "The United States is deliberately attempting to influence the
    countries that circle around us -- Japan, Taiwan, and the Philippines
    and trying to turn them against China," said Jia En Zhu, a 22-year-old
    hacker who lives in Zhongguancun, a northeast Beijing suburb that has
    been called China's Silicon Valley.
    "The U.S. is trying to circle us with enemies, but we can send a
    message with the Internet and circle and block their American sites
    with Chinese power," Zhu said. The planned attack is being called the
    "Laodong Jie Wuy Strike" (Labor Day Strike), Zhu said, in honor of
    International Workers Day.
    Zhu said the attacks are planned to cumulate on May 4, on Qingnian Jie
    (Youth Day) in China. The national holiday commemorates demonstrations
    that occurred in Beijing's Tiananmen Square on May 4, 1919, when 3,000
    students protested in Tiananmen Square, demanding that China resist
    the interference of foreign powers by refusing to comply with official
    concessions to Japan after the end of World War I.
    "May 4th is the day that we in China celebrate patriotism and our
    Chinese nationality," Zhu said. Chinese crackers have been encouraging
    each other to "Hack the USA" in retaliation for the mid-air collision
    between a U.S. spy plane and a Chinese fighter jet which claimed the
    life of Chinese pilot Wang Wei.
    One navy site, the Navy's Executive Office for Acquisition Related
    Business Systems in Arlington, Virginia, was defaced on April 10th
    with an animated image of a Chinese flag and a warning that "China
    have atom bomb too!!"
    A mapping business was also defaced with a Chinese flag and pointed
    warnings in Chinese and English requesting the United States to
    Zhu said that he believes that many unreported cracks have occurred
    since April 1 in response to the diplomatic crisis between his country
    and the United States.
    "Many people here are talking about the situation, and we do not
    understand why America cannot apologize for killing our pilot. But we
    have no way to tell you this directly. We are frustrated with our
    government's politeness. We want to tell you that we think this is
    wrong, so we will say it on everyone's Internet," said Zhu.
    Zhu said that he didn't mind talking about the planned attack, because
    "Chinese hackers are good enough to cut through most of your security
    The Chinese have only had access to the Internet since 1997, but
    Chinese crackers have been quick to use it to make political points.
    In May of 1999 Chinese hackers attacked U.S. government information
    systems, including the White House, in response to the bombing of the
    Chinese Embassy in Belgrade, Yugoslavia, according to an FBI report
    "China Cyber Activity," which was obtained by the Washington Times.
    More recently Taiwanese government websites have been defaced, and
    Taiwan universities have reported incidents of viruses originating
    from servers in China, which destroyed data on the universities'
    servers, said Murphy.
    The upcoming Chinese-American cyberwar may never escalate past a
    hundred or so defaced websites, Taltos said. But he said that the
    rumors and posts he's been seeing "really seem to be pointing to a lot
    of serious problems that could cause people to lose a lot of money
    because they have to take websites down for awhile to fix them after
    they have been defaced."
    Taltos also said that he wouldn't be surprised to see virus attacks
    and denial of service attacks originating from China and U.S. crackers
    during the first week of May. He said that if this happens the attacks
    will also affect many Internet users who will be caught in the
    "I think people should just make sure they've protected their systems
    and their sites" Taltos said. "It's not like they shouldn't be
    protected anyway, if there are holes eventually someone is gonna crack
    into them anyway, so why not fix them now?"
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 01:41:44 PDT