July 9, 2001

Cry Havoc and Let Slip the Cogs of Cyber-War?

By: AF Editors

Americans were recently warned of a new fallout from the U.S.-China spy
plane dispute. Chinese hackers apparently promised cyber-attacks on American
web sites throughout the first week of May in retaliation for a wave of
American hacks of Chinese sites. CNN told viewers (Apr. 27) to “beware …
That nice picture of your corporate headquarters building on your web page
may be replaced by a picture of [Chinese pilot] Wang Wei.” In fact, this was
“the first effort by American hackers to battle counterparts in another
nation over a political conflict,” according to the Los Angeles Times (May
2).

Warnings from the Federal Bureau of Investigation and accompanying media
coverage posited a gripping story of “yellow peril” suitable for a Tom
Clancy novel. Unfortunately, rather than a huge increase in
politically-motivated hacking, this story may have been pure media hype.
Several government web sites do appear to have been attacked, ranging from
the White House to the Road Commission of Oakland County. On May 1, hackers
even hit that vital American resource, the Albuquerque office of the
Department of Energy. The same day, CERT Coordination Center (CERT/CC) at
Carnegie-Mellon University, received 100 more notices of possible hacks than normal. However, the Center manager, Jeffrey Carpenter, conceded to
USA Today (May 2) that he “had not seen a significant increase in actual
compromises of machines.”

This smelled like an irresistible man-bites-dog — hackers motivated by
more than egotism. Clive Thompson wrote in Newsday (May 6) that he was
“rather charmed by the new wave of protest.” Dr. Dorothy Denning, director
of the Georgetown Institute of Information Assurance, told the BBC (Apr. 28)
that “Basically, this is a way for young people to express their opinions.”
Do any of the hackers really deserve the designation “hacktivists?” Brian
Martin, who until recently chronicled cyber-vandalism for Attrition.org,
pointed out that “Chinese web sites were being defaced before the spy plane
incident and with no political agenda.” He recalls that the political
“slant” to the web site defacements only seemed to emerge after news media
started running speculative stories about them. Martin accused the media on
April 29 of making “news out of nothing.”

Most news reports of the “cyber-war” derived from postings on hacker
message boards, brimming over with bluster from both Chinese and American
hackers. The “conflict” even earned the moniker of a “world cyber-war” when
hackers from other countries seemed to be getting involved on either side.
Was it global political intrigue or just ego as usual? Deciphering the
true national origin of the average hacker would be a tremendous feat. Other
conflicts, such as Israel-Palestine and India-Pakistan, have featured what
people assumed to be politically-motivated hacking, but close investigations
revealed that many of these hacks originated in the United States. The poor grammar in
many of the supposed Chinese hackers’ defacements is endemic to all
hackers, including native English speakers.
It is quite possible the “cyber-war” was not actually a U.S.-China dispute at
all.

A more important question remains: what was the impact? William Knowles,
senior analyst with a computer security and intelligence site, said, “if
this was a true cyber-war, the (Dow Jones) would be tanking into the
four-digit range, government systems would be offline, the 747s that planned
to land at O’Hare would be landing in my front yard, 911 networks would be
in disarray, and a state of emergency would likely be called” (Wired News,
May 4).

Of course, the world did not end. The “hacking” that took place was minor:
distributed denial of service (DDOS) attacks and web site defacements. DDOS
attacks bombard network systems with tons of junk mail. They are low-tech
operations designed to cause traffic jams on the Internet, like those that
felled Ebay.com and other e-commerce sites last February. All over the
Internet, aspiring cyber-hoodlums can find easy-to-implement programming
code and software to run a DDOS attack. Web site defacement at least
requires skill in order to beat a web site’s security, but internal networks
and important data are usually (or at least should be) separated from web
sites and more secure. While a cyber-vandal has indeed “hacked” in, he or
she can usually do minimal damage.

Does vandalism qualify as a threat to national security? If so, we are in
trouble. Virus protection company Symantec told the Christian Science
Monitor (May 3) that 30 to 50 sites are defaced by hackers every day. They
claim hackers defaced about 6,000 sites last year and expect more than 8,000
this year. Geoff Voelker, a computer science professor at the University of
California San Diego, told United Press International (UPI) on May 31 that
“roughly 4,000 denial of service attacks likely occur on the Internet each
week, and cover the range of countries and businesses large and small.”
Figures from CERT/CC since its establishment in 1998 show a “constant and
steady rise in the number of security” problems. CERT/CC admits that this
rise is “commensurate with the growth of the use of the Internet.”

Editor John O’Sullivan summed up the reality of the supposed “cyber-war”
after his UPI site was attacked on April 30: “No great harm seems to have
been done on this occasion. It was cyber-nuisance rather than cyber-terror.”
Unfortunately, by raising hysteria over what seems to have been a minimal
“nuisance,” we might be encouraging a dangerous copycat effect, inspiring
more mischievous individuals to carry out previously rare or non-existent
cyber-crimes. To paraphrase some useful advice: Be careful what you warn
about — you might just get it.