[ISN] U.S.-China cyberwar: Fact or fear-mongering?

From: InfoSec News (isnat_private)
Date: Tue May 01 2001 - 16:43:36 PDT

  • Next message: InfoSec News: "[ISN] The Black Hat Briefings USA '01 Security Conference Announcement"

    May 01, 2001
    WASHINGTON -- U.S. and Chinese hackers began exchanging blows today in
    what some Internet security experts have referred to as the opening
    salvo of a "cyberwar" sparked by the recent loss of a Chinese fighter
    pilot whose jet collided with a U.S. plane.
    Since April 1, the date of the collision (see story), hackers have
    vandalized around 360 Web sites in the U.S. and China, according to
    estimates issued by various security consulting firms. Web sites
    falling victim to the vandals so far include the National Institutes
    of Health, the U.S. Navy, the California Department of Energy, the
    U.S. Labor Department and some corporate Web sites. Some Chinese
    Internet service providers and news organizations have also been hit.
    To date, most of the defacements have been attacks on Chinese Web
    sites, prompting security analysts to suggest that most of the hackers
    are probably U.S. teenagers.
    Given an alternative, most people will take a cyberwar over a real war
    any day. The proclivity of the media and security consulting firms to
    use the terms war and terrorism when talking about politically
    motivated Web site defacements is beginning to harm overall security
    awareness, experts said. The hype that has been created over the
    equivalent of a cybergraffiti campaign could lull the unscathed into a
    false sense of security, they said.
    Jay Dyson, senior security consultant for OneSecure Inc., a
    Denver-based managed network security services firm, referred to
    recent statements regarding the U.S.-China cyberwar as
    "fear-mongering" and said the hype won't result in greater security on
    the Internet. "This kind of hype will only serve to desensitize people
    to the everyday threats of Net insecurity," said Dyson, who also
    consults for NASA. "It's at the point now where people are so busy
    listening to the 'Boy Who Cries Wolf' that they don't assign any
    importance to those of us who quietly inform them of the scorpions in
    their shoes."
    "The popular use of terms like cyberwar reflects muddled thinking and
    creates confusion," said Steven Aftergood, a defense and intelligence
    specialist at the Federation of American Scientists, a public policy
    think tank in Washington. "Calling it war promotes cynicism and
    arguably makes it more difficult to achieve a realistic approach to
    security. After countless incidents of so-called cyberterror, no one
    has died. That isn't terrorism, and it isn't war."
    Security experts, including the FBI's National Infrastructure
    Protection Center, warned last week of a significant increase in
    Chinese hacker activity targeted at U.S. government and private-sector
    Web sites starting May 1, which coincides with China's May Day, or the
    International Workers Day celebration (see story). Another prominent
    date that could mark the launch of a major wave of attacks is May 7,
    the two-year anniversary of the accidental bombing of the Chinese
    Embassy in Belgrade, Yugoslavia, by U.S.-led NATO forces.
    However, most of the hacking activity so far can be attributed to kids
    and not to any government-sponsored campaign, said other experts.
    Graham Cluley, senior technology consultant at Sophos Anti-Virus in
    Wakefield Mass., said government and industry representatives have
    acted irresponsibly when making public pronouncements about Internet
    security threats. "Some will say almost anything for the headline,"
    said Cluley. "There don't seem to be repercussions for the guy who
    cries wolf. In this case, it's mostly egg on your face as opposed to a
    mortar down your trousers."
    Even the Pentagon seems to be taking the "pie in your face" tactics of
    U.S. and Chinese hackers in stride. A Defense Department spokeswoman
    said she would "leave the rhetoric to others," adding that the
    department has advised all of its organizations to simply "increase
    their computer security awareness appropriately."
    The lack of official hostilities between the U.S. and China is
    important to consider when talking about cyberwar, said Amit Yoran,
    CEO of Riptech Inc., an Alexandria, Va.-based network security
    consulting firm. The number of attacks and their level of
    sophistication would likely be significantly higher if open
    hostilities existed between the two countries, said Yoran.
    Yoran, who is also the former director of vulnerability assessments at
    the Defense Department's Computer Emergency Response Team, said he
    views the current state of hacker activity as a subset of what experts
    define as information warfare. He added that what some call media hype
    can actually help some companies and organizations.
    "I think there is a certain value to be gained in the hype," said
    Yoran. "There is an increasing awareness."
    David Endler, practice manager at iDefense Inc., a Fairfax, Va.-based
    security consulting firm, agreed. How dangerous Web site defacements
    are to your business depends on the business, he said. "I'm sure some
    people are hurt by Web site defacements," particularly from the
    resulting drop in consumer and shareholder confidence, said Endler.
    But is this a cyberwar? Not really, he said. "It's not a cyberwar
    financed by a government, but it really depends on how you define that
    term," he said. "There's no evidence that the Chinese government has
    sponsored any of these attacks."
    Keith Morgan, chief of information security at Terradon Communications
    Group LLC in Nitro, W.Va., said the stories and the warnings have been
    overstated. "Site defacements under the guise of political motivation
    happen on a daily basis," said Morgan, who characterized the growing
    list of Web site defacements as "the work of script kiddies involved
    in some sort of site-defacement contest."
    "In reality, we've seen a steady stream of systems vulnerability
    probes, worm infections and other malicious activity originating from
    the Asia-Pacific network for months now," said Morgan. "I would boil
    this entire issue down to media hype as a result of strained
    U.S.-China relations over the aircraft incident."
    While most security experts agree that the latest skirmish between
    U.S. and Chinese hackers has been confined to Web sites with known
    vulnerabilities, there are clear lessons to be learned from the first
    day of what one security firm termed the "China Hackers 6th Network
    War of National Defense." The name refers to the penchant of Chinese
    hackers to react over the Internet to a political crisis.
    "The lesson to security managers is focus on security every single day
    of the year," said Cluley. "Don't just focus on a particular doomsday.
    The problem is that when the next threat comes along, [security
    consulting] organizations are going to panic people again."
    ISN is hosted by SecurityFocus.com
    To unsubscribe email LISTSERVat_private with a message body of

    This archive was generated by hypermail 2b30 : Wed May 02 2001 - 01:33:24 PDT