Embassy cracker may be playing government's game

The response to crackers invading a US embassy site: It's just what the US wants.

Top British computer security experts have warned that those responsible for cracking and defacing the US embassy Web site in China on Wednesday may be playing into the hands of the US government.

The crackers have identified themselves as "The Level Seven Crew". The group claims not to have damaged the site's servers during the crack and says also that it repaired the security hole after posting details of the crack on the front page.

Chad Davis, a founder member of cracking group Global Hell, which has been linked with The Level Seven Crew, was arrested in August by US authorities for breaking into the US army Web page. He has been accused of "maliciously" interfering with the army's communications system.

British government security expert Ian Jonsten-Bryden, of Oceanus Security in Suffolk, believes the crackers could be doing exactly what the US government wants. "Governmental organisations will have a really strong barrier somewhere and then a number of much less strong barriers in front of that," he says. "They will do this for two reasons. One is to see if people are targeting them and the other is to see exactly how they are doing it. Effectively they work as a trip wire."

Johnston-Bryden also believes that cracking a government agency is no stepping stone to more sensitive information. "Usually the really sensitive government stuff won't get anywhere near a public network. Also the encryption used to send information is not only very strong but is completely different from public encryption."

Robert Schifreen, another security consultant and self-confessed ex-hacker, agrees that getting into a governmental Web site says little about real computer security. "It is tempting to advertise these sorts of things as major security breaches, but they are probably just the sort of standard cracks that could happen to anyone."

"I would be inclined to think that normal hackers would not be able to break into something like the US embassy. The security measures they use are very, very different to those protecting a commercial Web server."

Take me to the Hackers news special