US fears Chinese hack attack

Attacks predicted to coincide with significant dates

By BBC News Online's Kevin Anderson in Washington

Rising tensions between the United States and China have sparked an online tit-for-tat between hackers in both countries.

US officials and corporate computer security firms have put the nation on alert as Chinese hackers have promised to step up their attacks in the coming week.

The FBI's National Infrastructure Protection Centre (NIPC) said that the attacks will coincide with several dates of historical significance including May Day, Youth Day on 4 May and the second anniversary of the accidental bombing by US forces of the Chinese Embassy in Belgrade.

US and Chinese hackers have been trading barbs online

"To date, hackers already have unlawfully defaced a number of US websites, replacing existing content with pro-Chinese or anti-US rhetoric," according to the NIPC. Chinese hackers have left such messages as "hack the USA" and "For our pilot Wang", the latter referring to the fighter pilot who died in the recent collision with an American surveillance plane off the coast of China.

But US hackers have also targeted Chinese Government websites, leaving obscenity-laden anti-Chinese statements.

The Chinese National Grain Bureau website was defaced by a hacker going by the alias of "acidklown", who railed against state repression in China encouraged others to "join me and deface a Chinese website in the name of the klown".

The US hackers appear to be aware of the threat of increased activity by their Chinese counterparts in the coming week.

A hacker going by the handle of "Hackweiser" wrote on a Chinese website: "We have heard reports that you guys are planning a strategic militant style strike on cyber grounds during the week of May 1-7. Well let me tell ya one thing China... don't even try to play us at this game!

Denial of service

But in addition to the defacing of websites, US officials fear that American websites could also be the target of denial-of-service attacks similar to the ones that crippled high-profile websites including Yahoo and CNN last year.

Denial of service

Hide software "daemons" on hundreds of computers

Daemons bombard internet sites with thousands of requests for information

Volume of internet traffic paralyses website

Daemons give false addresses making them hard to trace

The NIPC says an internet "worm" named Lion, which distributes denial-of-service tools on victims' computers, has ties to China.

These types of attacks surreptitiously install software on victims' computers. The hacker then uses these remote computers to deluge websites with traffic so that the web server slows to a halt under the onslaught.

"Analysis of the Lion worm's source code reveals that, when illegally exploited, it sends password files from the victim site to an email address located in China," the NIPC said.

Although the US is concerned with China's preparations for information warfare, there is no evidence to suggest that the recent spate of website defacing or the Lion worm are state-sponsored activity, according to Dr Dorothy Denning, director of the Georgetown Institute for Information Assurance.

She compared the spate of recent attacks between US and Chinese hackers to online exchanges between hackers in Israel and Palestine.

"Basically, this is a way for young people to express their opinions," Dr Denning said.

Broadband vulnerable

Private commercial, government and military sites should all be on alert, she said, adding that with so many attacks happening on a daily basis that sites should always be on alert.

She also said that home computer users with high-speed connections such as DSL or cable modems should also be especially aware of security in the coming week.

Hackers launching denial-of-service attacks often focus their efforts on users with high-speed connections, because they can use these connections to send more traffic to targeted websites.

She suggested that broadband users should make sure that their anti-virus software was up to date, and that they went to a site called Shields Up, which tests users computers for vulnerabilities.