Warning raises specter of Chinese crack attacks

Chinese hackers, frustrated at recent events involving the U.S. and their government, are planning to step up cracking and defacement efforts against U.S. Web sites and networks, government officials said Thursday.

Chinese hackers, frustrated at recent events involving the U.S. and their government, are planning to step up cracking and defacement efforts against U.S. Web sites and networks, government officials said Thursday.

YES

A warning issued by the National Infrastructure Protection Center urges network administrators to be alert for organized attacks coming from Chinese crackers over the next few days, which include several dates of particular importance to the Chinese. Tuesday is May Day, the biggest holiday on the communist calendar; May 4 is Youth Day; and May 7 is the anniversary of the U.S. bombing of the Chinese embassy in Belgrade.

The warning, of course, also comes close on the heels of the incident involving a U.S. surveillance plane in which the pilot of a Chinese fighter jet was killed. The crew of the U.S. plane was subsequently held in China for more than a week before being released.

There is some evidence, however, that such efforts by Chinese crackers have already begun. Data compiled by Internet Security Systems Inc. of Atlanta shows that attacks originating from Chinese domains against U.S. sites increased seven-fold during the height of the crisis in China in the first week of April.

The Lion worm
NIPC also reiterated its warning about the presence of a known worm called Lion that installs a DDoS tool on machines that it infects and also sends password files to an e-mail address in China.

Chinese crackers have made public statements about redoubling their efforts against U.S. sites next week, NIPC officials said.

"As a result of the activity already seen, together with the public statements threatening increased illegal activity, network and system administrators are encouraged to more closely monitor their Web sites and mail servers ... for attacks that could include Web page defacements and denial-of-service attacks," the warning said.

Most of the malicious activity in recent weeks originating from China has involved Web site defacements, but that could all change.

"This kind of hacktivism is low-level stuff, but the concern is what's going to happen next week," said Chris Rouland, director of the X Force research team at ISS. "We haven't seen any mystery payloads yet from China, but defacements are usually a good bellwether of other activity, so it could be out there."

Rouland said the increased activity from China is on a par with what ISS saw in Israel and Palestine when tensions heated up again recently.