Burning BaneWolf
05-03-2002, 01:27 PM
www.counterpane.com/alert-ceu.html
A group of military chinese hackers may or may not attack the US this week. The full story from counterpane.com is below.
Chinese Hacker Group
30 April 2002
Counterpane Internet Security is receiving reports that a private hacker group from China is planning to launch an assault on the US, Japan and Taiwan.
iDefense, an intelligence research firm based in Chantilly, VA, has released reports in the last two weeks detailing the operations of the China Eagle Union. iDefense warns that the CEU is likely to be active during the week of May 1, marking the anniversaries of the bombing of the Chinese embassy in Belgrade in 1999, and the collision between a Chinese fighter plane and a US surveillance flight that killed a Chinese pilot in 2001.
The iDefense predictions are supported by an unpublished report from the CIA, picked up by the news media late last week (references are included below). The CIA report allegedly states that the Chinese government does not have the technical capability to cause direct damage to the US computer infrastructure. However, iDefense identifies the CEU, a private organization, as the greatest threat, and suggests that they have tacit official support and ample technical resources for their malicious activity.
iDefense believes that the CEU is likeliest to attack three categories of systems: Cisco routers, Web servers, and Digital Equipment Corporation VAX 11/780 systems. (The VAX computers are still in common use in several US government agencies threatened by the China Eagle Union.)
Counterpane recommends the following preventative measures:
Verify that anti-virus software has the most recent versions of signatures.
Make sure that your Internet-accessible computer systems are running only the required network services. In particular, given the recent vulnerabilities announced in SNMP and Oracle, restrict or disable SNMP and SQL*Net/Oracle Listener access wherever possible.
Verify that administrative access to Internet-accessible systems is appropriately restricted.
According to Counterpane monitoring, HTTP and FTP are the most frequently probed services within our customer networks. If your organization maintains a public Web or FTP site, confirm that you are running the most up-to-date versions of your server software.
For more information on the network security threat from China:
iDefense public information:
Will Chinese hackers attack the US again?
Inside the China Eagle Union Hacker Group (white paper available by request)
Source: NY Times
Date Written: 2002-04-25
Date Collected: 2002-04-26
Title: China Incapable of Hacking US Files (requires free registration)
A report from the CIA surfaced April 25, 2002 warning that Chinese military hackers may be targeting the United States and Taiwan for cyberwarfare. Analysts believe, however, that the Chinese Army does not have the capabilities to conduct an attack that would cause mass-scale damage. A larger threat is posed by individual hackers attacking through worms, Web defacements, DDoS attacks, or other damaging malware. However, cyberwarfare may be developed as a relatively inexpensive means to cause damage and chaos to one's enemy, and continues to be a concern.
CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
Quotes a RAND Institute analyst, James Mulvenon, as perceiving an alarming increase in the likelihood of Chinese attacks against Taiwanese computer targets. The RAND Institute is a federally sponsored intelligence think tank; we interpret this article, although based on the same unpublished CIA report as the NY Times coverage, to represent independent confirmation of the iDefense results.
Worries of Cyberattacks on U.S. are aired
Quotes Toshi Yoshihara from the Institute of Foreign Policy Analysts about China's motivations for launching cyber attacks, but doesn't really confirm or deny the possible threat level.
Report: U.S. Expecting Chinese Hack Blitz
Quotes Oliver Friedrichs from SecurityFocus; ARIS has not detected any increase in attacks from China, although SecurityFocus bumped up its (non-quantitative) ThreatCon indicator to Two (on a 1-4 scale)
An analysis of Chinese defense spending emphasizes problems with modernizing the Chinese military. Inadvertently emphasizes the reasons for China to surreptitiously encourage private hackers to compromise its foreign adversaries.
Unrestricted Warfare
"Taken from 'Unrestricted Warfare,' a book published in China in February 1999 that proposes tactics for developing countries, in particular China, to compensate for their military inferiority vis-Ã*-vis the United States during a high-tech war....Hacking into websites, targeting financial institutions, terrorism, using the media, and conducting urban warfare are among the methods proposed."
The China Syndrome, Part 6
A curmudgeon downplays the seriousness of the risk, and develops a conspiracy theory between American anti-virus vendors and the Chinese malware community.
DISCLAIMER:
The information contained within this Security Alert is provided for informational purposes and without warranty. Counterpane recommends consulting your security policy when responding to this or any security related event. Counterpane also recommends testing any vendor recommended countermeasures prior to their deployment in a production environment.
:eyebrow:
A group of military chinese hackers may or may not attack the US this week. The full story from counterpane.com is below.
Chinese Hacker Group
30 April 2002
Counterpane Internet Security is receiving reports that a private hacker group from China is planning to launch an assault on the US, Japan and Taiwan.
iDefense, an intelligence research firm based in Chantilly, VA, has released reports in the last two weeks detailing the operations of the China Eagle Union. iDefense warns that the CEU is likely to be active during the week of May 1, marking the anniversaries of the bombing of the Chinese embassy in Belgrade in 1999, and the collision between a Chinese fighter plane and a US surveillance flight that killed a Chinese pilot in 2001.
The iDefense predictions are supported by an unpublished report from the CIA, picked up by the news media late last week (references are included below). The CIA report allegedly states that the Chinese government does not have the technical capability to cause direct damage to the US computer infrastructure. However, iDefense identifies the CEU, a private organization, as the greatest threat, and suggests that they have tacit official support and ample technical resources for their malicious activity.
iDefense believes that the CEU is likeliest to attack three categories of systems: Cisco routers, Web servers, and Digital Equipment Corporation VAX 11/780 systems. (The VAX computers are still in common use in several US government agencies threatened by the China Eagle Union.)
Counterpane recommends the following preventative measures:
Verify that anti-virus software has the most recent versions of signatures.
Make sure that your Internet-accessible computer systems are running only the required network services. In particular, given the recent vulnerabilities announced in SNMP and Oracle, restrict or disable SNMP and SQL*Net/Oracle Listener access wherever possible.
Verify that administrative access to Internet-accessible systems is appropriately restricted.
According to Counterpane monitoring, HTTP and FTP are the most frequently probed services within our customer networks. If your organization maintains a public Web or FTP site, confirm that you are running the most up-to-date versions of your server software.
For more information on the network security threat from China:
iDefense public information:
Will Chinese hackers attack the US again?
Inside the China Eagle Union Hacker Group (white paper available by request)
Source: NY Times
Date Written: 2002-04-25
Date Collected: 2002-04-26
Title: China Incapable of Hacking US Files (requires free registration)
A report from the CIA surfaced April 25, 2002 warning that Chinese military hackers may be targeting the United States and Taiwan for cyberwarfare. Analysts believe, however, that the Chinese Army does not have the capabilities to conduct an attack that would cause mass-scale damage. A larger threat is posed by individual hackers attacking through worms, Web defacements, DDoS attacks, or other damaging malware. However, cyberwarfare may be developed as a relatively inexpensive means to cause damage and chaos to one's enemy, and continues to be a concern.
CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
Quotes a RAND Institute analyst, James Mulvenon, as perceiving an alarming increase in the likelihood of Chinese attacks against Taiwanese computer targets. The RAND Institute is a federally sponsored intelligence think tank; we interpret this article, although based on the same unpublished CIA report as the NY Times coverage, to represent independent confirmation of the iDefense results.
Worries of Cyberattacks on U.S. are aired
Quotes Toshi Yoshihara from the Institute of Foreign Policy Analysts about China's motivations for launching cyber attacks, but doesn't really confirm or deny the possible threat level.
Report: U.S. Expecting Chinese Hack Blitz
Quotes Oliver Friedrichs from SecurityFocus; ARIS has not detected any increase in attacks from China, although SecurityFocus bumped up its (non-quantitative) ThreatCon indicator to Two (on a 1-4 scale)
An analysis of Chinese defense spending emphasizes problems with modernizing the Chinese military. Inadvertently emphasizes the reasons for China to surreptitiously encourage private hackers to compromise its foreign adversaries.
Unrestricted Warfare
"Taken from 'Unrestricted Warfare,' a book published in China in February 1999 that proposes tactics for developing countries, in particular China, to compensate for their military inferiority vis-Ã*-vis the United States during a high-tech war....Hacking into websites, targeting financial institutions, terrorism, using the media, and conducting urban warfare are among the methods proposed."
The China Syndrome, Part 6
A curmudgeon downplays the seriousness of the risk, and develops a conspiracy theory between American anti-virus vendors and the Chinese malware community.
DISCLAIMER:
The information contained within this Security Alert is provided for informational purposes and without warranty. Counterpane recommends consulting your security policy when responding to this or any security related event. Counterpane also recommends testing any vendor recommended countermeasures prior to their deployment in a production environment.
:eyebrow: