http://washingtonpost.com/wp-dyn/articles/A13431-2001Apr12.html

Chinese Suspected of Hacking U.S. Sites

Anger Over Plane Collision Produces Calls for Revenge, Advice on Web Attacks

By Ariana Eunjung Cha

Washington Post Staff Writer

Friday, April 13, 2001; Page A13

The diplomatic standoff over the collision of a U.S. surveillance plane and a Chinese jet fighter may be over. But hard feelings still linger in cyberspace.

On message boards and in e-mails, angry Chinese commentators plot revenge for the death of pilot Wang Wei. They encourage Chinese loyalists to take to their keyboards and strike at U.S. Web sites.

"Hack the USA!!!" commanded one posting. "For our pilote [sic] Wang!!! For our China!!!"

Since the accident occurred on April 1, no fewer than nine U.S. government and business sites have been attacked. Most of the attacks were simple vandalism, with an official Web page being replaced by one with a political message.

Two Navy sites that are not militarily critical were targeted; only one was defaced. A Navy spokeswoman said she can't say for sure that the perpetrators were in China but said the attacks did "appear" to be coming from there.

Computer users who tried yesterday to pull up a forum for artists and writers in Marin County, Calif., at www.iplexmarin.com, found instead a giant red Chinese flag, threatening messages and audio of the Chinese national anthem.

"This is becoming a cyber-mob," said Michael Assante, a security consultant with Vigilinx Inc. and a former U.S. government intelligence officer. "Really, China is quite threatening in that they have a lot of nationalism as well as a lot of technology."

Assante and other computer experts said administrators of U.S. Web sites should take the recent Chinese attacks as a warning that their electronic defenses are inadequate. Just last week, a House committee issued a report saying that hackers -- of many nationalities -- had gained control of at least 155 government computer systems last year.

The recent rash of apparent collision-inspired hacking is not without precedent. Chinese vigilantes have been bullying their way through the virtual world since around 1998, defacing Web sites and releasing viruses into computer systems, experts say.

They are different from other foreign hackers, security experts say, in that they are not motivated by money like hackers from struggling regions such as the former Soviet republics or the Philippines. For the Chinese, it's almost always about politics, the experts say.

After the Taiwanese president said last year that his country and China should speak on a "state-to-state" basis, Chinese compatriots launched more than 100,000 attacks on Taiwan government sites. And when some Japanese at a public rally refused to acknowledge that they had committed any atrocities during the 1937 Nanking massacre, Chinese hackers began putting gory pictures of victims on Japanese government Web sites.

The surveillance plane dispute has so riled many Chinese that they have been voicing their anger in a way that might not have been possible even in a democracy in the pre-Internet era.

Using portals such as Sina.com and Sohu.com or more obscure sites such as killusa.abc.yesite.com, the organizers list simple-to-use hacking tools, suggest targets -- and encourage the general populace to join in.

At a time when high technology can make war impersonal -- with pilotless planes and laser guided bombs -- the Internet has become a way for people to fight, even when the enemy is far away, experts say. "They're picking up their keyboards instead of guns and sticks and rocks," said Joel De La Garza of Silicon Valley's Securify.com.

Many of the recent hackings were signed by the Hackers Union of China, also known as the Honkers Union of China or the "red guest" alliance. Max Vision, a security consultant who has been monitoring the group, describes it as a "very loosely organized" band. On its Web site, cnhonker.com, the group calls itself a "network security organization."

Members of the group did not respond to e-mail inquiries, and the FBI declined to comment on any recent hacking from China.

A small company called Intelligent Direct Inc. in Wellsboro, Pa., has been fending off the hackers for a week. The company's president, Dan Olasin, said that each time it managed to get its www.zipcodemaps.com sales page online, it was replaced with the Chinese flag and messages such as "China have atom bomb too," as well as "fairly profane comments about someone's mother."

He said he didn't know why his company had been targeted, but he thinks -- or hopes -- the attacks have subsided.

Olasin said the incident has given him time to reflect on how the Internet, once hailed as way to erase borders, was becoming a powerful tool for acting out nation-stateanimosities.

He said he wishes he could tell the hackers: "I understand your frustration. It's a touchy situation for all of us. I'm not sure why you're taking this out on me but maybe if I sent you a picture of myself and my staff, you might say what you want to say without all the damage."

-- (h@cking. away), April 13, 2001