Chinese hackers have fired the first shots on U.S. websites, making good on widely announced promises. Now some U.S. hackers are seeking revenge.
The first shots in a planned week-long cyberwar between Chinese and American hackers were fired early Monday, with Chinese hackers claiming credit for defacing a dozen U.S websites.
The attacked sites include the MCI Center in Washington, several Air Force sites and websites operated by the departments of Energy, Labor, and Health and Human Services.
American hackers swiftly responded by defacing 15 websites in China with ethnic jokes and calls for hackers to join the war.
Chinese hacker groups “Honker Union” and the “Chinese Red Guest Network Security Technology Alliance” held an online “network mobilization meeting” on Sunday to finalize their plans for a week-long cyberattack they say will target government and business websites and computer networks in the United States.
The week-long attacks were planned to launch May 1, timed to coincide with two major Chinese holidays. May 1 is Laodong Jie Wuy (International Workers Day). May 4 is Qingnian Jie (Youth Day) in China, a national holiday commemorating demonstrations that occurred in Beijing’s Tiananmen Square on May 4, 1919, protesting the interference of foreign powers involvement in Chinese politics. The cyberwar is planned to end on May 7, the two-year anniversary of the bombing of the Chinese embassy.
During the meeting, the hackers decided that the destruction of business websites and networks should be kept to a bare minimum, but all agreed that government-owned sites and systems should be hit hard and completely ruined if at all possible.
The point of the planned hack-attacks is to encourage the people of the U.S to protest against their government and demand peace between nations, the hackers said.
“The U.S. wants the world to go to war. All people cherish peace, but the mildew dog government of the U.S wants war. We will attack to send a message to the people of the U.S., to tell them that we know we are all one, but they must stop their government from destroying the world,” said one hacker, who went by the name “Mr. Fish.”
The meeting was held through a private channel on Internet Relay Chat, a network that allows users to send instant text messages to each other. Admittance to the meeting required a pre-approved user name and password.
The focus of the discussion was the forthcoming “Red Guest” attacks. “Black Guest” is a Chinese slang term for any computer intrusions by hackers. The planned cyberwar between China and the U.S, slated to start Monday, has been dubbed the “Red Guest” attack by the Chinese hackers.
Meeting attendees said they hoped that every Chinese hacker — and “all hackers that supported the cause of peace” — would attack U.S. websites and networks in the upcoming week.
Hackers were urged to “make use of their skills for China,” and each was urged to do his part dependent on his cracking talents. Possible attacks that were discussed included flooding computers with garbage data in an attempt to shut down networks, defacing websites, and e-mailing viruses to U.S government employees.
Enthusiastic but unskilled participants were directed to a detailed four-part invasion course that can teach them how to break into computer networks running Unix or Windows NT systems. The course is posted on the Honker Union’s website.
Also available on the site is meticulous documentation that explains how to scan computer networks to find vulnerable systems, along with downloadable software that allows any moderately skilled person to scan, attack and then remotely control a network.
“The files and tools that the Honker Union has provided are very thorough, very sophisticated and very easy to use,” said Taltos, a Hungarian hacker who has been monitoring the cyberwar plans closely.
The union has also made a “KillUSA” package available for those who want to participate in the attacks. This “special purpose” collection of files contains an image of the Chinese flag, a sound file of the Chinese national anthem and a black page, which members can use to replace the pages of the websites they want to deface.
A member of the Honker’s Union, known only as “Lion,” said that he had already “delivered a head blow” to five websites earlier on Sunday: the MCI Center, a sports and entertainment venue in Washington, an Air Force site that contained medical statistics, another Air Force site that handles Special Packaging Instruction Development and Distribution Systems (SPIIDDS) and two websites that belong to the Wright-Patterson Air Force Base in Dayton, Ohio.
Spokespeople for the five sites that Lion claimed to have attacked were unavailable for comment.
Lion is also credited with authoring the “Lion Worm” — a computer virus that attacks Unix systems and sends network and password information to an e-mail address in China.
There was no way to determine how many participants were online for the Red Guest meeting, but the notice announcing the meeting was read by close to 3,000 people. Most of the discussion was conducted by five people, with additional comments made by 14 others.
According a poll conducted by China.com 84.49 percent of 2,089 respondents firmly support the Chinese “Red Guest” action.
Only 2.77 percent were strongly opposed. The remainder of the respondents were in favor of the action but had held some reservations. But many noted with pride that the early wave of “Red Guest” attacks were successful, even though American media had broadcast warnings to ramp up security prior to the defacements.
The U.S. government and military have stated that they have sharply stepped up network security in response to an FBI-led National Infrastructure Protection Center warning on Friday that urged businesses and governments to protect themselves against the threat of a week-long attempt to attack U.S computer systems.
The government and computer security firms are also bracing for the possibility of several large-scale denial-of-service attacks aimed at U.S. websites that could snarl Internet traffic and even take down significant parts of the Internet or private networks for a day or more.
The NIPC and other security firms are also advising that all e-mail attachments should be carefully monitored for possible viruses.
“We are recommending that IT managers take this issue very seriously and ensure their anti-virus and security systems are updated,” said Michael Callahan, from Network Associates, a U.S security firm.
Author: Michelle Delio
News Service: Wired News