U.S-China Cyberwar Rumors Overblown?

May 4, 2001 — -- Cyberwar, or electronic food fight?

Well into a much-hyped "cyberwar" rumored for this week between U.S. and Chinese hackers, Internet security experts describe the activity so far more as typical than warlike.

Although the two sides seem to be exchanging taunts and defacing Web sites — including scattered American government-operated sites — the overall level of damage to data on sites appears to be limited, several security experts say.

"It's really, literally, the electronic equivalent of graffiti," says Paul Robertson, director of risk assessment at TruSecure, an Internet security company. "There's nothing big here. It's a bunch of kids who usually [metaphorically] spray paint walls, picking the walls they spray paint and picking the messages they paint."

Among the American government sites defaced recently have been pages operated by the departments of labor, health and energy, said Michael Assante, a security consultant for Vigilinx Inc., another company that provides Internet security.

However, a White House spokesman said an apparent "denial of service" attack hobbled parts of the White House Web site this morning. The spokesman said the attack, in which the site was bombarded with requests for information and overloaded, is being investigated. The origin of the attack has not been determined.

There had been threats about hacking the White House in Chinese chat rooms, Assante said. However, he and Robertson said they had no evidence that such threats were carried out.

Cyberthreat?

Rumors of a planned anti-American cyberwar by Chinese hackers from April 30 through May 7 arose after the federal government's National Infrastructure Protection Center issued an advisory on April 26.

"Chinese hackers have publicly discussed increasing their activity during this period, which coincides with the dates of historic significance to the PRC [People's Republic of China]," the advisory reads. "May 1 is May Day; May 4 is Youth Day; and, May 7 is the anniversary of the accidental bombing of the Chinese Embassy in Belgrade" by the United States in 1999.

However, at least 21,756 Web sites faced hacking attacks last year, according to CERT, an institute that studies Internet security vulnerabilities. American sites, including government and military sites, are frequent targets, and security experts don't see much evidence of escalation now.

"In the past week, we've seen an increase in probes and scans, which is intruders essentially knocking on the [Web site's] door to see if there are vulnerabilities," says Jeffrey Carpenter, manager of the CERT coordination center. "We've seen a slight increase in compromises of Web sites, but we have not seen a significant increase in compromises of Web sites overall, … not above what we see on a normal day-to-day basis."

Perhaps, Robertson says, that is because several groups or individuals that normally hack American sites seem to have turned their wrath on China this week. Numerous such attacks are documented on sites such as attrition.org and cnhonker.com.

"Hey China," reads one defaced Chinese page, to the sound of sinister laughter and animation of a cartoon boy urinating on a Chinese flag. "America P*** [expletive deleted] on Yew!!!" The message then proceeds with Casey Kasem-style dedications to women, presumably the hackers' girlfriends, and an e-mail address and invitation to send "fan mail."

Although attrition.org documented the hack and others, the site's operators said in a commentary that they consider talk of a cyberwar "media hype" and the subsequent attacks a "self-fulfilling prophecy."

"Holy fortune cookie, Batman! Could this be the end of the Internet in America??" the Attrition commentary asked. "No, not really."

Anti-American Hacks

There also have been a number of anti-American hacks on Western sites. Assante says Chinese chat room participants claim to have executed more severe attacks than defacements, but none have been substantiated.

On the hacked Web site of a travel agency, animation of a flame rests next to a photo gallery featuring Wong Wei, the Chinese pilot believed killed in a collision with a U.S. surveillance plane.

"China Redhackers will beat down all the hegemonism of the world," reads the hacker's syntactically challenged message. "All the Chinese must be united and battle for honour of our homeland. F--- [expletive deleted] U.S.A."

A Chinese flag waves atop another hacked site as patriotic music plays. "Beat down the imperialism of American!" reads the hack, which claims to be "powered by [the] Honker Union of China" hacking group.

Standing Threats from Hackers

Assante says checks of Chinese chats show such groups are well-organized in their hack attacks, and therefore represent a threat in the future, when they might hypothetically resort to attacks with more damaging payloads.

"If you look at the Chinese groups, they went out with a very controlled message," Assante says. "Those messages are different from the Western hackers in that they're not necessarily showing off their abilities as hackers."

Some accuse Web security companies like Vigilinx of exploiting rumors of a cyberwar for profit, a charge Assante denies.

However, most agree hacking is fairly common, and Web security should be an ongoing issue.

Carpenter said rather than Chinese hackers, he is far more worried by other threats, such as a recently exposed flaw in Microsoft's Windows 2000 operating system, for which Microsoft is distributing an emergency patch.

"I would be much more worried about whether I have systems running Windows 2000 and IIS 5.0 and whether the appropriate patch has been installed," Carpenter said "[The flaw] allows intruders to obtain privileged access to the Web server. It's [potentially] worse than a defacement."

ABCNEWS' Terry Moran and Paul Eng contributed to this report.