Chinese hackers strike U.S. sites

By Brian Krebs and Steve Gold, Newsbytes
April 30, 2001 - Copyright © 2001, Newsbytes News Network LLC. All rights reserved.

The much-anticipated campaign was in apparent retaliation for nearly 100 U.S. hacker attacks on Chinese state-run sites following the collision of a U.S. spy plane and a Chinese jet last month. Last week, a U.S. government-funded security watchdog, the National Infrastructure Protection Center, warned the campaign could continue unabated until at least May 7, the two-year anniversary of the NATO bombing of a Chinese embassy in Belgrade.

"It looks as if the campaign was very well orchestrated to begin around 8 a.m. (ET)," said Mike Assante, vice president of intelligence the risk assessment service company Vigilinx. "All the activity we've been monitoring on Chinese networks shows that quite a few hacker groups appear to have organized and coordinated these attacks and have been working toward this date for several days now."

Vigilinx' comments come as Attrition.org, a hacker monitoring site, reported that United Press International's Web site was defaced overnight Sunday, apparently by Chinese hackers. The Web site was taken offline around 8 a.m. ET Monday.

Chinese hackers also hit several government Web sites over the weekend, including the Department of Energy, the Labor Department, the Department of Health and Human Services, the Interior Department, the Naval Computer and Telecommunications Station, and a Web site on the history of the White House.

Assante said Chinese hacker groups appear to have set ground rules that the attacks should be limited to Web page defacements, with the exception of U.S. government Web sites.

"We're watching for potential escalation in the attacks, which could include viruses, network penetrations and distributed denial of service tools," Assante said.

Security analysts with IDefense Inc. say they have uncovered an e-mail attack tool that appears to be targeting the president and the vice president's e-mail addresses at www.whitehouse.gov. IDefense said several Chinese hacker
White House sources could not confirm the attacks. President Bush has said in the past that he has abandoned use of e-mail, however, citing privacy concerns.

"These groups met on IRC (Internet relay chat) at 7 a.m. today our time," said Michael Cheek, IDefense's managing editor for intelligence services. "Following that, they declared official start time for attack at 21:00 their time, which is 9 am. (ET)."

Cheek said Chinese hacker groups have also targeted several other high-profile sites for future attacks, including pages at the FBI, the House of Representatives and NASA, as well as CNN and the New York Times.

Cheek also said Chinese hackers have advertised a "ping flood" attack against the White House Web site to occur 10 a.m. ET on May 4.