http://www.computerworld.com/cwi/story/0,1199,NAV47_STO60116,00.html By DAN VERTON May 01, 2001 WASHINGTON -- U.S. and Chinese hackers began exchanging blows today in what some Internet security experts have referred to as the opening salvo of a "cyberwar" sparked by the recent loss of a Chinese fighter pilot whose jet collided with a U.S. plane. Since April 1, the date of the collision (see story), hackers have vandalized around 360 Web sites in the U.S. and China, according to estimates issued by various security consulting firms. Web sites falling victim to the vandals so far include the National Institutes of Health, the U.S. Navy, the California Department of Energy, the U.S. Labor Department and some corporate Web sites. Some Chinese Internet service providers and news organizations have also been hit. To date, most of the defacements have been attacks on Chinese Web sites, prompting security analysts to suggest that most of the hackers are probably U.S. teenagers. Given an alternative, most people will take a cyberwar over a real war any day. The proclivity of the media and security consulting firms to use the terms war and terrorism when talking about politically motivated Web site defacements is beginning to harm overall security awareness, experts said. The hype that has been created over the equivalent of a cybergraffiti campaign could lull the unscathed into a false sense of security, they said. Jay Dyson, senior security consultant for OneSecure Inc., a Denver-based managed network security services firm, referred to recent statements regarding the U.S.-China cyberwar as "fear-mongering" and said the hype won't result in greater security on the Internet. "This kind of hype will only serve to desensitize people to the everyday threats of Net insecurity," said Dyson, who also consults for NASA. "It's at the point now where people are so busy listening to the 'Boy Who Cries Wolf' that they don't assign any importance to those of us who quietly inform them of the scorpions in their shoes." "The popular use of terms like cyberwar reflects muddled thinking and creates confusion," said Steven Aftergood, a defense and intelligence specialist at the Federation of American Scientists, a public policy think tank in Washington. "Calling it war promotes cynicism and arguably makes it more difficult to achieve a realistic approach to security. After countless incidents of so-called cyberterror, no one has died. That isn't terrorism, and it isn't war." Security experts, including the FBI's National Infrastructure Protection Center, warned last week of a significant increase in Chinese hacker activity targeted at U.S. government and private-sector Web sites starting May 1, which coincides with China's May Day, or the International Workers Day celebration (see story). Another prominent date that could mark the launch of a major wave of attacks is May 7, the two-year anniversary of the accidental bombing of the Chinese Embassy in Belgrade, Yugoslavia, by U.S.-led NATO forces. However, most of the hacking activity so far can be attributed to kids and not to any government-sponsored campaign, said other experts. Graham Cluley, senior technology consultant at Sophos Anti-Virus in Wakefield Mass., said government and industry representatives have acted irresponsibly when making public pronouncements about Internet security threats. "Some will say almost anything for the headline," said Cluley. "There don't seem to be repercussions for the guy who cries wolf. In this case, it's mostly egg on your face as opposed to a mortar down your trousers." Even the Pentagon seems to be taking the "pie in your face" tactics of U.S. and Chinese hackers in stride. A Defense Department spokeswoman said she would "leave the rhetoric to others," adding that the department has advised all of its organizations to simply "increase their computer security awareness appropriately." The lack of official hostilities between the U.S. and China is important to consider when talking about cyberwar, said Amit Yoran, CEO of Riptech Inc., an Alexandria, Va.-based network security consulting firm. The number of attacks and their level of sophistication would likely be significantly higher if open hostilities existed between the two countries, said Yoran. Yoran, who is also the former director of vulnerability assessments at the Defense Department's Computer Emergency Response Team, said he views the current state of hacker activity as a subset of what experts define as information warfare. He added that what some call media hype can actually help some companies and organizations. "I think there is a certain value to be gained in the hype," said Yoran. "There is an increasing awareness." David Endler, practice manager at iDefense Inc., a Fairfax, Va.-based security consulting firm, agreed. How dangerous Web site defacements are to your business depends on the business, he said. "I'm sure some people are hurt by Web site defacements," particularly from the resulting drop in consumer and shareholder confidence, said Endler. But is this a cyberwar? Not really, he said. "It's not a cyberwar financed by a government, but it really depends on how you define that term," he said. "There's no evidence that the Chinese government has sponsored any of these attacks." Keith Morgan, chief of information security at Terradon Communications Group LLC in Nitro, W.Va., said the stories and the warnings have been overstated. "Site defacements under the guise of political motivation happen on a daily basis," said Morgan, who characterized the growing list of Web site defacements as "the work of script kiddies involved in some sort of site-defacement contest." "In reality, we've seen a steady stream of systems vulnerability probes, worm infections and other malicious activity originating from the Asia-Pacific network for months now," said Morgan. "I would boil this entire issue down to media hype as a result of strained U.S.-China relations over the aircraft incident." While most security experts agree that the latest skirmish between U.S. and Chinese hackers has been confined to Web sites with known vulnerabilities, there are clear lessons to be learned from the first day of what one security firm termed the "China Hackers 6th Network War of National Defense." The name refers to the penchant of Chinese hackers to react over the Internet to a political crisis. "The lesson to security managers is focus on security every single day of the year," said Cluley. "Don't just focus on a particular doomsday. The problem is that when the next threat comes along, [security consulting] organizations are going to panic people again." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERVat_private with a message body of "SIGNOFF ISN".
This archive was generated by hypermail 2b30 : Wed May 02 2001 - 01:33:24 PDT