[ISN] Feds: Chinese Hack Attacks Likely

From: InfoSec News (isnat_private)
Date: Tue Apr 01 2003 - 01:46:11 PST

  • Next message: InfoSec News: "[ISN] Sendmail flaw puts systems at risk, again"

    Forwarded from: William Knowles <wkat_private>
    
    http://www.washingtonpost.com/wp-dyn/articles/A60363-2003Mar31.html
    
    By Brian Krebs
    washingtonpost.com Staff Writer
    Monday, March 31, 2003
    
    Chinese hacker groups are planning attacks on U.S.- and U.K.-based Web 
    sites to protest the war in Iraq, the Department of Homeland Security 
    warned in an alert that it unintentionally posted on a government Web 
    site today. 
    
    The hackers are planning "distributed denial-of-service" attacks, 
    which render Web sites and networks unusable by flooding them with 
    massive amounts of traffic. They also are planning to deface selected 
    Web sites, according to the alert, though the government said it did 
    not know when the attacks would occur. 
    
    The Homeland Security Department said it got the information by 
    monitoring an online meeting that the hackers held last weekend to 
    coordinate the attacks. 
    
    The department sent the alert to government and industry officials 
    over the weekend, but accidentally posted the link this morning on the 
    homepage of the National Infrastructure Protection Center (NIPC). The 
    alert was pulled early this afternoon. 
    
    Homeland Security Department spokesman David Wray said the information 
    was not supposed to be released to the public. "This was an 
    inadvertent release and the information -- while not classified -- is 
    sensitive," he said. 
    
    The disclosure was an embarrassment for NIPC, which has tried to win 
    the trust of private sector companies that share information about 
    cyber attacks and vulnerabilities, said Fred Cohen, a security 
    researcher and former principal member of the technical staff at 
    Sandia National Laboratories. 
    
    "When these groups see this alert, they'll potentially be able to see 
    ways that they're being monitored and avoid those forums in the 
    future," said Cohen, a pioneer in computer virus defense techniques. 
    "All this from an agency that is supposed to be trusted to keep this 
    level of information appropriately confidential." 
    
    The messages cited in the NIPC alert were posted on several hacker Web 
    sites thought to be affiliated with the "Honker Union of China," a 
    cadre of Chinese hackers that launched an assault against dozens of 
    U.S. government Web sites in May 2001, after the collision of a 
    Chinese fighter jet and a U.S. surveillance plane on April 1, 2001. 
    "Honker" is Chinese slang for "hacker." 
    
    The group at that time claimed responsibility for defacements at the 
    National Institutes of Health, the U.S. Navy, the California 
    Department of Energy, the U.S. Department of Labor and other 
    government and business Web sites. 
    
    One Internet security expert said the April 1 anniversary cannot be 
    overlooked. 
    
    "Anniversaries are very important to Chinese hackers, and if they're 
    planning on something in protest of the war in Iraq and to coincide 
    with the anniversary of the April 1 collision, I think we can expect 
    to see something fairly soon," said Jim Melnick, director of threat 
    intelligence for iDefense, an Internet security firm based in Reston, 
    Va. 
    
    Melnick said the Honker group was rumored to be one the top suspects 
    behind the "Slammer" worm, a fast-moving Internet virus that spread to 
    hundreds of thousands of servers almost instantaneously in January. 
    
    "The exploit code for Slammer was very similar to code they had posted 
    on a Web site earlier, but no one was ever able to verify the two were 
    related," he said. 
    
    The Homeland Security Department's warning comes amid a flurry of 
    antiwar hacking activity. Approximately 10,000 Web sites have been 
    marred with digital graffiti by protesters and supporters of U.S.-led 
    war in Iraq, according to F-Secure, a Finnish Internet security firm. 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ================================================================
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Tue Apr 01 2003 - 04:33:33 PST