On Thursday, March 25, the Los Angeles Times wrote that, according to a CIA document they'd obtained, China could be preparing to attack U.S. and Taiwanese Web sites in a mass hack. Other media outlets, including the New York Times, quickly ran articles refuting the report. Who's right?
One compelling reason to believe the LA Times story: May 1 marks the one-year anniversary of the incident in which a U S. spy plane collided with a Chinese fighter, killing the pilot. In retaliation, the Chinese grounded the American plane for several weeks in its country.
Immediately after that incident, there was some speculation of a pending Chinese-U.S. cyberwar. We do know what Chinese programmers may be capable of: The original version of the Klez worm, as well as its most recent variation, Klez.h, are both thought to have originated in China.
But nothing came of the cyberwar rumors that followed the spy-plane incident. I have the same feeling about the speculation this year. If anything does happen, I'd pin the blame on the calendar instead. There just seems to be something about spring that makes virus and worm writers go a little crazy.
Back in April 1999, the Chernobyl virus released a destructive payload on Southeast Asia, exactly a month after Melissa first brought viruses to the public's attention with a fury, by showing how corporate e-mail systems could be used to spread a virus worldwide in a short amount of time. One year later, in May 2000, the ILOVEYOU worm improved on that model, encircling the world in a mere five hours; it remains the fastest spreading worm to date. Then on May 9, 2001, the Homepage worm was set loose. While not on the level of Melissa or ILOVEYOU, Homepage still ranked a "7" on our virus meter.
Apparently, script kiddies also follow the calendar.
Last spring, during the height of the West Coast energy crises, someone hacked California's Independent System Operators (Cal-ISO). While the guilty party has not been found, there's no reason to think foreign nationals were behind it.
Last Wednesday, another government agency, the Federal Aviation Agency (FAA) found itself defaced, with one of its internal files made public. The people responsible claim to be U.S. citizens. They say they want to call attention to security flaws at the FAA.
The next day, MSNBC.com itself was taken offline in a SYN flood DDoS attack. Normally, Web browsers send synchronization packets (SYNS) to Web sites, announcing they'd like to view the site. The Web site sends back an acknowledgement (ACK). The browser then sends its own ACK to secure the connection. In a SYN flood, attackers flood the Web server with SYN packets; when the server sends back its ACK, the attackers never respond. While the server waits for ACKs that never come, it can't respond to legitimate user requests, and those users are denied access to that site.
Whatever it is about the beginning of May that seems to bring out such attacks, it's probably time to brace ourselves for yet another Big Virus. And even if such an attack isn't in the offing, this is a good time to make sure your defenses are in place. Download those updated antivirus signature files, patch your Microsoft software, and install a firewall if you haven't already. Don't say I didn't warn you.
Do you think we'll see a major virus or Web-based attack in the next 30 days? TalkBack to me below.