From: InfoSec News (isnC4I.ORG)
Date: Wed Apr 11 2001 - 10:47:06 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.wired.com/news/politics/0,1283,42982,00.html

by Michelle Delio
2:00 a.m. Apr. 11, 2001 PDT

Chinese crackers are being encouraged to "hack the USA" in retaliation
for the mid-air collision between a U.S. spy plane and a Chinese
fighter jet which claimed the life of a Chinese pilot.

Websites such as KillUSA.com and Sohu are filled with messages
pointing to proposed cracking targets such as the United States'
Defense Technical Information Center and the Defense Department's news
site, along with encouragement to "Hack it Great Chinese!!!"

But despite all the calls for cyber-retaliation, the only incident
that can be officially connected with the standoff is a crack of an
obscure U.S. Navy website.

There are many excited posts on KillUSA.com that claim the White House
website and other prime targets have also been cracked. "For our pilot
Wang!!! For our China!!!"

Wang Wei is the Chinese fighter pilot killed when a U.S. Navy
surveillance plane collided with a Chinese fighter jet off China's
coast on April 1.

The incident resulted in a standoff between China and the United
States over the return of the U.S. military plane and its crew, which
is still being held on Hainan, a Chinese island. On Wednesday morning,
the situation finally seemed to be resolved, with China accepting U.S.
regrets and agreeing to release the detained Americans.

Jia En Zhu, a 22-year-old hacker who lives in Zhongguancun, a
northeast Beijing suburb that has been called China's Silicon Valley,
said he believes that many unreported cracks have been completed since
April 1.

"Many people here are talking about the situation, and we do not
understand why America cannot apologize for killing our pilot. But we
have no way to tell you this directly," Zhu said. "We are frustrated
with our government's politeness. We want to tell you that we think
this is wrong, so we will say it on everyone's Internet."

The defaced Navy site belongs to the Navy's Executive Office for
Acquisition Related Business Systems in Arlington, Virginia. It was
defaced with an animated image of a Chinese flag and anti-American
graffiti in English and Chinese.

The site was shut down immediately on Friday after the crack was
discovered, and remains closed as of Tuesday afternoon.

Navy officials could not be reached for comment. According to a report
by Government Computer News, the Navy is reviewing the incident.

Zhu said that Chinese computer experts will receive "much support and
community love" if they manage to attack western computer systems.

And he believes that the United States government is not reporting
attacks to "save their own face."

"If your government was not ashamed they would have apologized for
killing our pilot. They (the U.S. government) are ashamed of many
things, but speak of nothing. So why should you think they would speak
of the damage we do to their computers?" Zhu asked.

Zhou Li Wei, a 27-year-old Beijing technical support specialist, said
he also believes that Chinese crackers have accessed American websites
in the past two weeks to protest pilot Wang's death.

"I hear from some that they are attacking businesses rather than the
government. I also hear that some are creating worms to strike back at
your country," Zhou said.

"Many of these worms are for Linux systems though, because that's what
we mostly use here in computer classes. But I think that maybe Linux
worms don't have as much of a strong effect in your country."

Joe Murphy, CEO of security firm Vigilinx, believes that the recently
discovered Adore worm, which affects Linux operating systems and is
designed to send information about the contents of infected systems to
two different e-mail addresses hosted on servers in China, was created
as a retaliation for the air crash.

Zhou refused to discuss the Adore worm. Zhu said that he was familiar
with the worm, but would not comment on its motives.

"I will say only that it is intended to get information. You must
figure out why yourself," Zhu said.

China's people have only had access to the Internet since 1997, but
Chinese crackers have been quick to use it to make political points.

In May 1999, Chinese hackers attacked U.S. government information
systems, including the White House, in response to the bombing of the
Chinese Embassy in Belgrade, Yugoslavia, according to an FBI report
"China Cyber Activity," which was obtained by The Washington Times.

"The National Infrastructure Protection Center has received multiple
reports of recent hacking and cyber activity directed at U.S.
government computer networks, in response to the accidental bombing of
the Chinese embassy in Belgrade," the Times reported.

"Targets include departments of Interior, Energy and State, the U.S.
Embassy in China and The White House."

Taiwanese government websites have also been defaced, and Taiwan
universities have reported incidences of viruses originating from
servers in China, which destroyed data on the universities' servers,
Murphy said.

Max Vision, a white-hat hacker and security consultant, discovered on
Tuesday that a Chinese hacker named Lion created the Lion worm,
another Linux-only bug that has been making the rounds since the end
of March.

Vision said on his website that Lion, who founded the Chinese hacker
group H.U.C. (the Honker Union of China) to aid in "the cyber defense
of the motherland sovereignty of China," created the worm to protest
Japanese textbooks that indicate the Japanese occupation of China and
Korea was justified and beneficial to the occupied countries.

Lion also told Vision that he made the worm to tell the Japanese,
"Chinese is not sheep."

Zhu said that Chinese-created worms are always intended to send a
message or gather information, and will only incidentally do damage.

"We use our skills to do important things, not to just play with
people," Zhu said.

Zhu said that the government does not support Chinese hackers. Local
laws against hacking are strict, and several hackers have in the past
been executed for cracking into Chinese financial systems.

But some security experts wonder whether the Chinese government is
stockpiling its own cache of viruses for use in a cyberwar.

Chinese security officials require antiviral software vendors to
provide complete virus code samples in exchange for permission to sell
their products in China.

Many experts are concerned about potential military applications of
the virus samples.

"Considering China's openly acknowledged desire to develop an
information warfare capability, there is good reason to question
China's motivation and intent in imposing this requirement,"
Vigilinx's Murphy said.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]