[iwar] Is China's Guandong province ground zero for hackers?

From: Fred Cohen (fc@all.net)
Date: 2001-08-31 23:46:26


Return-Path: <sentto-279987-1678-999326790-fc=all.net@returns.onelist.com>
Delivered-To: fc@all.net
Received: from 204.181.12.215 by localhost with POP3 (fetchmail-5.1.0) for fc@localhost (single-drop); Fri, 31 Aug 2001 23:48:11 -0700 (PDT)
Received: (qmail 29519 invoked by uid 510); 1 Sep 2001 06:46:50 -0000
Received: from n11.groups.yahoo.com (216.115.96.61) by 204.181.12.215 with SMTP; 1 Sep 2001 06:46:50 -0000
X-eGroups-Return: sentto-279987-1678-999326790-fc=all.net@returns.onelist.com
Received: from [10.1.4.52] by c3.egroups.com with NNFMP; 01 Sep 2001 06:46:30 -0000
X-Sender: fc@big.all.net
X-Apparently-To: iwar@onelist.com
Received: (EGP: mail-7_3_2); 1 Sep 2001 06:46:30 -0000
Received: (qmail 61520 invoked from network); 1 Sep 2001 06:46:30 -0000
Received: from unknown (10.1.10.26) by m8.onelist.org with QMQP; 1 Sep 2001 06:46:30 -0000
Received: from unknown (HELO big.all.net) (65.0.156.78) by mta1 with SMTP; 1 Sep 2001 06:46:30 -0000
Received: (from fc@localhost) by big.all.net (8.9.3/8.7.3) id XAA25300 for iwar@onelist.com; Fri, 31 Aug 2001 23:46:26 -0700
Message-Id: <200109010646.XAA25300@big.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
X-Mailer: don't even ask
X-Mailer: ELM [version 2.5 PL1]
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Delivered-To: mailing list iwar@yahoogroups.com
Precedence: bulk
List-Unsubscribe: <mailto:iwar-unsubscribe@yahoogroups.com>
Date: Fri, 31 Aug 2001 23:46:26 -0700 (PDT)
Reply-To: iwar@yahoogroups.com
Subject: [iwar] Is China's Guandong province ground zero for hackers?
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Is China's Guandong province ground zero for hackers?

By Robert Vamosi, AnchorDesk, 8/31/2001
http://dailynews.yahoo.com/h/zd/20010830/tc/is_china_s_guandong_province_ground_zero_for_hackers__1.html

Last week, while discussing new priorities for the Department of Defense
(news - web sites), Secretary of Defense Donald Rumsfeld told the
Washington Post that "serious moves to transform the military to meet
such emerging threats as computer warfare, terrorism and missile
proliferation will not produce new war-fighting capabilities for a
number of years." Although paraphrased, it sounds to me like Secretary
Rumsfeld just told our enemies that we're years away from defending
ourselves against cyberterrorism.  Oops.  Now is not the time to admit
weakness in this area, Mr.  Secretary. 

Quietly, the U.S.  government had been hacking away at cyberterrorism. 
The EP-3E spy plane that crash-landed in China earlier this year was,
according to James Bamford in his keynote speech at this year's Black
Hat Briefing, working for the National Security Agency.  Even the 1999
war in Kosovo featured early information warfare techniques against the
Serbian government.  A recent report by MSNBC explains the emerging
global information warfare threat in greater detail.  If the secretary
is serious about transforming the U.S.  defense department, then let me
suggest that it is much more prudent to shore up our computer networks
today than to invest in the 20-year-old concept of laser-toting
satellites orbiting the earth tomorrow: Our computer networks are
already under serious attack. 

HOSTILE NATIONS, and for that matter, hostile groups, such as Osama bin
Laden (news - web sites)'s followers, realize they can't challenge the
U.S.  military one-on-one.  But they can disrupt our utilities, our
telecommunications, and our e-commerce.  Just last spring, during a
period of rolling blackouts in Northern California, someone hacked into
the California Independent System Operators system, which regulates the
flow of power in the state.  The malicious users were stopped before
they caused any damage, but the incident shows how vulnerable our
ancillary government agencies are to attack.  The hack was traced back
to the Guangdong province in China.  Turns out, this was not an isolated
incident. 

A few weeks ago, I wrote that students at Foshan University in
Guangdong, China, may have created the Code Red worm.  Shortly after
that column appeared, someone at the Defense Department called me with a
serious interest in that information.  Now, the recent and very nasty
Offensive Trojan horse also happens to share a connection to Guangdong. 
I don't think this is a coincidence. 

Guangdong is the largest and wealthiest province, and Hainan Island, the
site where the American EP-3E plane was held after landing last April,
is nearby.  According to a report prepared by the security company
Vigilinx, Guangdong is also home to hacker groups, such as the Honker
Union of China (also known as the Red Guest Alliance) and China Eagle,
and to criminal extortionists who have been terrorizing Hong Kong's
financial networks for years.  Guangdong also happens to be very
beautiful, historic, and the focus of major Western investment and
tourism. 

RATHER THAN ASSUME the Chinese government is behind Code Red and
Offensive, I think it is more credible that different groups of
individuals within Guangdong might be hacking the United States and
other nations (like Japan) for their own reasons.  Like the cracker
activity once seen in Eastern Europe, these exploits may not be a
political expression against, but a general frustration with, Western
arrogance and influence.  The crackers in Guangdong seem to be doing
their own thing, and they are definitely pushing the envelope of what is
possible in terms of malicious activity on the Internet. 

Whatever their motives, I suggest we'll hear even more from the crackers
in Guangdong.  If ego is involved, these crackers probably aren't done
flexing their programming muscles or announcing themselves to the world. 
Now, thanks to comments from the U.S.  Defense Secretary, others
elsewhere might also be tempted to join in their fun. 


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Speak up and rate leading IT and computer Web sites
Get a $10 AMAZON.COM Gift Certificate
http://us.click.yahoo.com/IjDtZD/Gd6CAA/yigFAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ 



This archive was generated by hypermail 2.1.2 : 2001-09-29 21:08:40 PDT