http://www.wired.com/news/politics/0,1283,43134,00.html by Michelle Delio 11:20 a.m. Apr. 18, 2001 PDT As China and the United States attempt to peacefully end their diplomatic standoff sparked by the mid-air collision between a U.S. spy plane and a Chinese fighter jet, crackers from both countries continue to wage private wars on the Internet. American cracker group PoizonBOx has defaced at least a hundred Chinese websites since April 4. Chinese hackers are now vowing to retaliate with a planned week-long all-out crack attack on American websites and networks which will start on May 1. Security experts are warning that website owners and network administrators should make sure their networks are protected, since the recent rise in cracking activity will not be limited to government sites. "These guys are hitting whoever they can, any website that has any kind of weakness. They are using scanning tools to broadcast a search for security holes in domains that are hosted in China or America," said Taltos, a security consultant and hacker from Budapest, Hungary who has been following the online discussions of Chinese-U.S. crack attacks. "They don't care who the sites belong to, basically they are just collecting scalps," Taltos said. PoizonBOx's cracking campaign has been dubbed "ChinaKiller." The group is careful to refer to their activities as "net cracking" not hacking, and have also refrained from leaving political or hate messages on the Chinese sites that they crack. PoizonBOx defaces the Chinese websites with a simple notice proclaiming "This Site Was Owned by PoizonBOx," and also gives an attribution to hacker news site Security News Portal. The webmasters of Security News Portal said they have no idea why PoizonBOx is putting their URL on the attacked sites, and said there's really nothing they can do about it anyway. Posts on some of the Internet Relay Chat (IRC) groups populated by hackers and crackers indicate that PoizonBOx plans to continue its ChinaKiller blitz for the foreseeable future. Other American crackers urged others to participate in the attacks. A defacer known as "Pr0phet," who is credited at defacement tracking site Attrition.org for vandalizing two Chinese sites, urged all American crackers to "focus on China and wreak hell on their servers." Pr0phet said that he didn't think the attacks would have any influence politically, but the goal was "just to fuck with China in any little way we can." Chinese hackers plan to retaliate against the American cracking activity and what they see as U.S. interference in China's politics, with an organized effort to hit as many websites as possible in one week. The attack is set to launch May 1st through May 7th, timed to coincide with two major Chinese holidays. "The United States is deliberately attempting to influence the countries that circle around us -- Japan, Taiwan, and the Philippines and trying to turn them against China," said Jia En Zhu, a 22-year-old hacker who lives in Zhongguancun, a northeast Beijing suburb that has been called China's Silicon Valley. "The U.S. is trying to circle us with enemies, but we can send a message with the Internet and circle and block their American sites with Chinese power," Zhu said. The planned attack is being called the "Laodong Jie Wuy Strike" (Labor Day Strike), Zhu said, in honor of International Workers Day. Zhu said the attacks are planned to cumulate on May 4, on Qingnian Jie (Youth Day) in China. The national holiday commemorates demonstrations that occurred in Beijing's Tiananmen Square on May 4, 1919, when 3,000 students protested in Tiananmen Square, demanding that China resist the interference of foreign powers by refusing to comply with official concessions to Japan after the end of World War I. "May 4th is the day that we in China celebrate patriotism and our Chinese nationality," Zhu said. Chinese crackers have been encouraging each other to "Hack the USA" in retaliation for the mid-air collision between a U.S. spy plane and a Chinese fighter jet which claimed the life of Chinese pilot Wang Wei. One navy site, the Navy's Executive Office for Acquisition Related Business Systems in Arlington, Virginia, was defaced on April 10th with an animated image of a Chinese flag and a warning that "China have atom bomb too!!" A mapping business was also defaced with a Chinese flag and pointed warnings in Chinese and English requesting the United States to apologize. Zhu said that he believes that many unreported cracks have occurred since April 1 in response to the diplomatic crisis between his country and the United States. "Many people here are talking about the situation, and we do not understand why America cannot apologize for killing our pilot. But we have no way to tell you this directly. We are frustrated with our government's politeness. We want to tell you that we think this is wrong, so we will say it on everyone's Internet," said Zhu. Zhu said that he didn't mind talking about the planned attack, because "Chinese hackers are good enough to cut through most of your security anyway." The Chinese have only had access to the Internet since 1997, but Chinese crackers have been quick to use it to make political points. In May of 1999 Chinese hackers attacked U.S. government information systems, including the White House, in response to the bombing of the Chinese Embassy in Belgrade, Yugoslavia, according to an FBI report "China Cyber Activity," which was obtained by the Washington Times. More recently Taiwanese government websites have been defaced, and Taiwan universities have reported incidents of viruses originating from servers in China, which destroyed data on the universities' servers, said Murphy. The upcoming Chinese-American cyberwar may never escalate past a hundred or so defaced websites, Taltos said. But he said that the rumors and posts he's been seeing "really seem to be pointing to a lot of serious problems that could cause people to lose a lot of money because they have to take websites down for awhile to fix them after they have been defaced." Taltos also said that he wouldn't be surprised to see virus attacks and denial of service attacks originating from China and U.S. crackers during the first week of May. He said that if this happens the attacks will also affect many Internet users who will be caught in the crossfire. "I think people should just make sure they've protected their systems and their sites" Taltos said. "It's not like they shouldn't be protected anyway, if there are holes eventually someone is gonna crack into them anyway, so why not fix them now?" ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Thu Apr 19 2001 - 01:41:44 PDT