Government // Cybersecurity
News
4/18/2008
04:12 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

CNN Faces Cyberattack Over Tibet Coverage

Security experts and researchers are mixed on whether the attacks, reportedly scheduled around 8 p.m. on April 19, Beijing time, will happen.

Hackers sympathetic to China appear to have launched a minor denial-of-service attack on CNN's Web site, possibly as a prelude to a more significant cyberattack on CNN.com that is supposed to materialize around 8 p.m. on April 19, Beijing time.

"Looking at our data, I see evidence of a few dozen DDoS attacks against one of the CNN Web site IPs in the past day," said Jose Nazario, CTO of Arbor Networks, in a blog post. "These attacks were very small, they barely registered, so it's hard to say that they're the massive onslaught that we may see this weekend. It's possible this is entirely unrelated -- a lot of hackers try to bring down major Web sites like this every day."

A spokesperson for CNN confirmed that the site had experienced a denial of service attack on Thursday.

"CNN took preventative measures to filter traffic in response to attempts to disrupt our website," the network said in an e-mailed statement. "A small percentage of CNN.com users in Asia are impacted. We are working to restore access as quickly as possible."

CNN has posted its own account of the attack.

In a phone interview, Nazario indicated that the network activity his group was tracking was almost indistinguishable from low-level daily attacks. He said he was looking for signs that someone might have started the planned attack ahead of schedule. "Somebody always jumps the gun, and starts the party early," he said.

Scott J. Henderson, who runs The Dark Visitor, a blog that follows Chinese hackers, warns on his site that Chinese hackers have posted calls for people willing to participate in a DDoS attack on CNN to punish the network for its coverage of the Chinese crackdown in Tibet. He has listed the URLs for seven sites seeking hackers willing to participate in the attack.

According to Henderson's translation of a post on a Guilin University of Electronic Technology bulletin board, the attack is support to start in earnest at 8 p.m. on April 19 in Beijing, which would be 8 a.m. Saturday in New York.

In an e-mail, Henderson explained that attacks on CNN are being driven by recent reporting that depicts China in an unfavorable light and to coincide with protests in Europe that are planned for April 19. "Some of the Chinese hackers want to relive the glory days of the Sino-U.S. cyberconflict," he said.

With CNN prepared for such an event and growing publicity, it's far from clear that a serious attack will materialize. Some rumored cyberattacks, such as the Nov. 11, 2007, al Qaeda attack that was supposed to affect Western, Jewish, Israeli, Muslim apostate, and Shiite Web sites, never occur.

In fact, as this story was being filed, Henderson called to say that the organizer of this attack now wants to call it off because of the publicity surrounding it. He said it's not clear whether the call to stand down will be observed.

China on Thursday called for a "sincere apology" from CNN for remarks made by network commentator Jack Cafferty, who earlier this month called Chinese leaders "goons and thugs," a move likely to amplify CNN's disrepute among Chinese nationalists.

Such sentiment is readily apparent in the emergence of a site like anti-cnn.com, which was registered through a Chinese domain registry in March, when the protests in Tibet erupted.

Henderson said he couldn't predict whether the attack would actually take place or be effective. "However, the Chinese hackers do have quite a bit of experience at this and if they can get the numbers together I imagine they could be highly effective," he said. "Do they have the numbers? Oh, yes, without including botnets they have on hand, the Red Hacker Alliance is made up of well over 300,000 members."

Hacking attacks in support of Chinese nationalism have risen in conjunction with unrest in Tibet. McAfee last week reported that some visitors to pro-Tibet Web sites have had their computers infected with the Fribet Trojan, which allows the attacker to alter files, install additional malware, or monitor input. About a month ago, F-Secure said that pro-Tibet-themed e-mail messages were sent out containing links leading to sites that launched malware attacks. Also in March, Sophos documented infected images related to Tibet.

That same month, the FBI began looking into reports from the Save Darfur Coalition, which has been critical of China, that its e-mail accounts had been compromised by hackers.

Comment  | 
Print  | 
More Insights
Cyber Security Standards for Major Infrastructure
Cyber Security Standards for Major Infrastructure
The Presidential Executive Order from February established a framework and clear set of security standards to be applied across critical infrastructure. Now the real work begins.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.