Forwarded from: William Knowles <wkat_private> http://www.washingtonpost.com/wp-dyn/articles/A60363-2003Mar31.html By Brian Krebs washingtonpost.com Staff Writer Monday, March 31, 2003 Chinese hacker groups are planning attacks on U.S.- and U.K.-based Web sites to protest the war in Iraq, the Department of Homeland Security warned in an alert that it unintentionally posted on a government Web site today. The hackers are planning "distributed denial-of-service" attacks, which render Web sites and networks unusable by flooding them with massive amounts of traffic. They also are planning to deface selected Web sites, according to the alert, though the government said it did not know when the attacks would occur. The Homeland Security Department said it got the information by monitoring an online meeting that the hackers held last weekend to coordinate the attacks. The department sent the alert to government and industry officials over the weekend, but accidentally posted the link this morning on the homepage of the National Infrastructure Protection Center (NIPC). The alert was pulled early this afternoon. Homeland Security Department spokesman David Wray said the information was not supposed to be released to the public. "This was an inadvertent release and the information -- while not classified -- is sensitive," he said. The disclosure was an embarrassment for NIPC, which has tried to win the trust of private sector companies that share information about cyber attacks and vulnerabilities, said Fred Cohen, a security researcher and former principal member of the technical staff at Sandia National Laboratories. "When these groups see this alert, they'll potentially be able to see ways that they're being monitored and avoid those forums in the future," said Cohen, a pioneer in computer virus defense techniques. "All this from an agency that is supposed to be trusted to keep this level of information appropriately confidential." The messages cited in the NIPC alert were posted on several hacker Web sites thought to be affiliated with the "Honker Union of China," a cadre of Chinese hackers that launched an assault against dozens of U.S. government Web sites in May 2001, after the collision of a Chinese fighter jet and a U.S. surveillance plane on April 1, 2001. "Honker" is Chinese slang for "hacker." The group at that time claimed responsibility for defacements at the National Institutes of Health, the U.S. Navy, the California Department of Energy, the U.S. Department of Labor and other government and business Web sites. One Internet security expert said the April 1 anniversary cannot be overlooked. "Anniversaries are very important to Chinese hackers, and if they're planning on something in protest of the war in Iraq and to coincide with the anniversary of the April 1 collision, I think we can expect to see something fairly soon," said Jim Melnick, director of threat intelligence for iDefense, an Internet security firm based in Reston, Va. Melnick said the Honker group was rumored to be one the top suspects behind the "Slammer" worm, a fast-moving Internet virus that spread to hundreds of thousands of servers almost instantaneously in January. "The exploit code for Slammer was very similar to code they had posted on a Web site earlier, but no one was ever able to verify the two were related," he said. The Homeland Security Department's warning comes amid a flurry of antiwar hacking activity. Approximately 10,000 Web sites have been marred with digital graffiti by protesters and supporters of U.S.-led war in Iraq, according to F-Secure, a Finnish Internet security firm. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ================================================================ C4I.org - Computer Security, & Intelligence - http://www.c4i.org *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Tue Apr 01 2003 - 04:33:33 PST