advertising information

CNN.com
 MAIN PAGE
 WORLD
 ASIANOW
 U.S.
 LOCAL
 POLITICS
 WEATHER
 BUSINESS
 SPORTS
 TECHNOLOGY
   computing
   personal technology
   space
 NATURE
 ENTERTAINMENT
 BOOKS
 TRAVEL
 FOOD
 HEALTH
 STYLE
 IN-DEPTH

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

  CNN WEB SITES:
CNN Websites
 TIME INC. SITES:
 MORE SERVICES:
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines
 pointcast
 pagenet

 DISCUSSION:
 message boards
 chat
 feedback

 SITE GUIDES:
 help
 contents
 search

 FASTER ACCESS:
 europe
 japan

 WEB SERVICES:
COMPUTING

Kosovo cyber-war intensifies: Chinese hackers targeting U.S. sites, government says

May 12, 1999
Web posted at: 2:01 p.m. EDT (1801 GMT)

by Ellen Messmer

From...
Network World Fusion
computer war graphic

 ALSO:
   Insurgency on the Internet

   Sign up for the Computer Connection email service

   For more computing stories

  

(IDG) -- The war in Kosovo has intensified as hackers on either side of the conflict try to take over or block Web servers around the world.

The federal government said today that Chinese hackers have joined the online war, targeting U.S. government sites over the accidental bombing of the Chinese embassy in Belgrade last Friday.

Web sites at the departments of Energy and the Interior and the National Park Service were hijacked on Sunday by intruders claiming to be from mainland China. The Department of Energy (DOE) has sent an alert to other federal agencies and defense contractor warning them of possible mailbombing attacks from China.

Meanwhile, the White House shut down www.whitehouse.gov for three days because of security concerns stemming from a non-stop denial-of-service attack. The site only came back up this morning.

White House spokesman Barry Toiv was evasive about whether the White House Web site had actually been hacked or not.

But a couple of hacker-oriented Web sites that record hacker exploits posted claims by a group calling itself Hong Kong Danger Duo saying it had, indeed, taken down www.whitehouse.gov on Monday. According to the hacker posting, Hong Kong Daner Duo, and perhaps others, scribbled "Stop all war. Consintrate [stet] on your problems. Nothing was damaged, but we are not telling how we got in."

Secret Service spokeswoman Shaun Yount said there is an ongoing investigation into an attempted hacking of the White House Web site, but until the investigation was more complete, she couldn't offer further detail.

The Energy and Interior home pages were replaced by pages expressing fury over NATO's accidental bombing of the Chinese embassy in Belgrade.

"Protest USA's Nazi action! Protest NATO's brutal action!" was the message left on the hijacked Web servers. Officials say the Interior break-in has been definitely traced back to China.

"We are Chinese hackers who take no care about politics," said the message signed by "Rocky." But with three Chinese nationals left dead after the embassy bombing, the hackers were wrathful: "You have owed Chinese people a bloody debt which you must pay for! We will not stop attacking until the war stops!"

While Interior quickly restored its Web server to its original state, DOE decided not to go back online until it figured out exactly how the hackers got into www.doe.gov. Department security experts determined that the system administrator's user ID and password files were modified on the agency's Unix-based Apache Web server.
MORE COMPUTING INTELLIGENCE
IDG.net   IDG.net home page
  Network World Fusion home page
  Free Network World Fusion newsletters
 Reviews & in-depth info at IDG.net
 *   IDG.net's bridges & routers page
  IDG.net's hubs & switches page
 *   IDG.net's network operating systems page
  IDG.net's network management software page
  Year 2000 World
  Questions about computers? Let IDG.net's editors help you
  Subscribe to IDG.net's free daily newsletter for network experts
  Search IDG.net in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute
   

In a memo to government agencies , Sandy Spark, a manager at DOE's Computer Incident Advisory Capability (CIAC), warned that a Chinese tidal wave of e-mail with unresolvable IP addresses is being sent to U.S. government servers in an attempt to overload them.

Government administrators are being advised to apply anti-spam measures to block all e-mail from China's .cn domain if necessary.

The Chinese-related incidents are just the latest in what has become a string of Web hijackings by hackers apparently inflamed over the war in Kosovo.

Just a few weeks ago, the Holland-based hacker group called "Dutchthreat" blasted their way into a Yugoslavian Web server after two of the group's members got angry about a Web posting on a Yugoslavian ISP that called NATO a bunch of Nazis.

The Dutch hackers - using the names Xoloth1 and Meestervervalser - replaced the anti-NATO page with a pro-NATO "Help Kosovo" page of their own.

The Dutch hacker posting said "NATO does not rape innocent women" and "NATO is not out for blood, but for peace." What prompted the action?

Xoloth1 said he got mad when a "Serbian guy" in a chat room started calling NATO and the U.S. a bunch of criminals and Nazis He also resented that one of the main Yugoslavian ISPs had set up an anti-NATO Web page with the domain name pentagon.co.yu.

"The enemy shouldn't have a domain name like pentagon.co.yu, this is a weapon," argues Xolothl. This Dutch hackers,who says he's 17 years old, discovered security to be weak at the Yugoslavian ISP. So he decided to take out the offending page, while sparing the ISP's mail server.

Surprisingly, Dutchthreat's leader, named Acos, says he thinks most of the Kosovo-inspired hacking going on is not motivated by genuine political concerns, but is simply a way of getting attention. But Acos adds he, too, doesn't care to hear NATO called fascist.

Back in the U.S., American hackers are on a political binge, breaking into Web sites to leave what amounts to anti-war graffiti.

One Web site, recreation.gov, was hijacked April 30 and didn't get restored until May 2. The perpetrators, part of a hacker group called 'Team spl0it,' signed their names as f0bic, nostalgic, cellbl0ck and jay. Their message was: "Kosovo (stop the war)."

Noting that Serbia has been bombed for over a month now, the hackers suggested the air war had not accomplished its goals and that "NATO has screwed up." The hackers also had harsh words for Serb president Slobodan Milosevic. "He doesn't give a damn about his people. He couldn't care less if they're dead or alive."

Team spl0it left a similar anti-war message on the City of Los Angeles site they recently hacked.


RELATED STORIES:
White House Web site back online
May 12, 1999
Hackers hit government Web sites after China embassy bombing
May 10, 1999
DOD overhauls network to thwart hackers
May 4, 1999
Serb supporters sock it to NATO, U.S. Web sites
April 6, 1999

RELATED IDG.net STORIES:
Hackers retaliate after NATO bombing
(Federal Computer Week)
Serbia launches cyberattack on NATO
(Federal Computer Week)
NATO Gets Spammed
(PCWorld)
NATO reinforces against Net attack from Serbs
(InfoWorld)

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.


RELATED SITES:
White House
Department of Energy
Serbia Info News
YuSky - Yugoslav Internet Information Service
Stop NATO!

Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

 LATEST HEADLINES:
SEARCH CNN.com
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.