US-China tensions played out over the Web

News

US-China tensions played out over the Web

US and Chinese hackers began exchanging blows today in what some Internet security experts have referred to as the opening salvo of a "cyberwar", sparked by the recent loss of a Chinese fighter pilot whose jet collided with a US plane.

Since 1 April, the date of the collision, hackers have vandalised around 360 Web sites in the US and China, according to estimates issued by various security consulting firms. Web sites falling victim to the vandals so far include the National Institute of Health, the US Navy, the California Department of Energy, the US Labor Department and some corporate Web sites. Some Chinese Internet service providers and news organisations have also been hit. To date, most of the defacements have been attacks on Chinese Web sites, prompting security analysts to suggest that most of the hackers are probably US teenagers.

Given an alternative, most people will take a cyberwar over a real war any day. The proclivity of the media and security consulting firms to use the terms war and terrorism when talking about politically motivated Web site defacements is beginning to harm overall security awareness, experts said. The hype that has been created over the equivalent of a "cybergraffiti" campaign could lull the unscathed into a false sense of security, they said.

Jay Dyson, senior security consultant for OneSecure, a managed network security services firm, referred to recent statements regarding the US-China cyberwar as "fear-mongering" and said the hype will not result in greater security on the Internet. "This kind of hype will only serve to desensitise people to the everyday threats of Net insecurity," said Dyson, who also consults for NASA. "It's at the point now where people are so busy listening to the 'Boy Who Cries Wolf' that they don't assign any importance to those of us who quietly inform them of the scorpions in their shoes."

"The popular use of terms like cyberwar reflects muddled thinking and creates confusion," said Steven Aftergood, a defence and intelligence specialist at the Federation of American Scientists, a public policy think-tank in Washington. "Calling it war promotes cynicism and arguably makes it more difficult to achieve a realistic approach to security. After countless incidents of so-called cyberterror, no one has died. That isn't terrorism, and it isn't war."

Security experts, including the FBI's National Infrastructure Protection Center, warned last week of a significant increase in Chinese hacker activity targeted at US government and private-sector Web sites starting 1 May, which coincides with China's May Day, or the International Workers Day celebration. Another prominent date that could mark the launch of a major wave of attacks is 7 May, the two-year anniversary of the accidental bombing of the Chinese Embassy in Belgrade by US-led NATO forces.

However, most of the hacking activity so far can be attributed to kids and not to any government-sponsored campaign, said other experts.

Graham Cluley, senior technology consultant at Sophos Anti-Virus, said government and industry representatives have acted irresponsibly when making public pronouncements about Internet security threats. "Some will say almost anything for the headline," said Cluley. "There don't seem to be repercussions for the guy who cries wolf. In this case, it's mostly egg on your face as opposed to a mortar down your trousers."

Even the Pentagon seems to be taking the "pie in your face" tactics of US and Chinese hackers in its stride. A Defense Department spokeswoman said she would "leave the rhetoric to others", adding that the department has advised all of its organisations only to "increase their computer security awareness appropriately".

The lack of official hostilities between the US and China is important to consider when talking about cyberwar, said Amit Yoran, chief executive officer (CEO) of Riptech, a network security consulting firm. The number of attacks and their level of sophistication would likely be significantly higher if open hostilities existed between the two countries, said Yoran.

Yoran, who is also the former director of vulnerability assessments at the Defense Department's Computer Emergency Response Team, said he views the current state of hacker activity as a subset of what experts define as information warfare. He added that what some call media hype can actually help some companies and organisations.

"I think there is a certain value to be gained in the hype," said Yoran. "There is an increasing awareness."

David Endler, practice manager at iDefense, a Virginia-based security consulting firm, agreed. How dangerous Web site defacements are to your business depends on the business, he said. "I'm sure some people are hurt by Web site defacements," particularly from the resulting drop in consumer and shareholder confidence, said Endler. But is this a cyberwar? Not really, he said. "It's not a cyberwar financed by a government, but it really depends on how you define that term," he said. "There's no evidence that the Chinese government has sponsored any of these attacks."

Keith Morgan, chief of information security at Terradon Communications Group, said the stories and the warnings have been overstated. "Site defacements under the guise of political motivation happen on a daily basis," said Morgan, who characterised the growing list of Web site defacements as "the work of script kiddies involved in some sort of site-defacement contest."

"In reality, we've seen a steady stream of systems vulnerability probes, worm infections and other malicious activity originating from the Asia-Pacific network for months now," said Morgan. "I would boil this entire issue down to media hype as a result of strained US-China relations over the aircraft incident."

While most security experts agree that the latest skirmish between US and Chinese hackers has been confined to Web sites with known vulnerabilities, there are clear lessons to be learned from the first day of what one security firm termed the "China Hackers 6th Network War of National Defense". The name refers to the penchant of Chinese hackers to react over the Internet to a political crisis.

"The lesson to security managers is focus on security every single day of the year," said Cluley. "Don't just focus on a particular doomsday. The problem is that when the next threat comes along, [security consulting] organisations are going to panic people again."

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy