"Looking at our data, I see evidence of a few dozen DDoS attacks against one of the CNN Web site IPs in the past day," said Jose Nazario, CTO of Arbor Networks, in a blog post. "These attacks were very small, they barely registered, so it's hard to say that they're the massive onslaught that we may see this weekend. It's possible this is entirely unrelated -- a lot of hackers try to bring down major Web sites like this every day."
A spokesperson for CNN confirmed that the site had experienced a denial of service attack on Thursday.
"CNN took preventative measures to filter traffic in response to attempts to disrupt our website," the network said in an e-mailed statement. "A small percentage of CNN.com users in Asia are impacted. We are working to restore access as quickly as possible."
CNN has posted its own account of the attack.
In a phone interview, Nazario indicated that the network activity his group was tracking was almost indistinguishable from low-level daily attacks. He said he was looking for signs that someone might have started the planned attack ahead of schedule. "Somebody always jumps the gun, and starts the party early," he said.
Scott J. Henderson, who runs The Dark Visitor, a blog that follows Chinese hackers, warns on his site that Chinese hackers have posted calls for people willing to participate in a DDoS attack on CNN to punish the network for its coverage of the Chinese crackdown in Tibet. He has listed the URLs for seven sites seeking hackers willing to participate in the attack.
According to Henderson's translation of a post on a Guilin University of Electronic Technology bulletin board, the attack is support to start in earnest at 8 p.m. on April 19 in Beijing, which would be 8 a.m. Saturday in New York.
In an e-mail, Henderson explained that attacks on CNN are being driven by recent reporting that depicts China in an unfavorable light and to coincide with protests in Europe that are planned for April 19. "Some of the Chinese hackers want to relive the glory days of the Sino-U.S. cyberconflict," he said.
With CNN prepared for such an event and growing publicity, it's far from clear that a serious attack will materialize. Some rumored cyberattacks, such as the Nov. 11, 2007, al Qaeda attack that was supposed to affect Western, Jewish, Israeli, Muslim apostate, and Shiite Web sites, never occur.
In fact, as this story was being filed, Henderson called to say that the organizer of this attack now wants to call it off because of the publicity surrounding it. He said it's not clear whether the call to stand down will be observed.
China on Thursday called for a "sincere apology" from CNN for remarks made by network commentator Jack Cafferty, who earlier this month called Chinese leaders "goons and thugs," a move likely to amplify CNN's disrepute among Chinese nationalists.
Such sentiment is readily apparent in the emergence of a site like anti-cnn.com, which was registered through a Chinese domain registry in March, when the protests in Tibet erupted.
Henderson said he couldn't predict whether the attack would actually take place or be effective. "However, the Chinese hackers do have quite a bit of experience at this and if they can get the numbers together I imagine they could be highly effective," he said. "Do they have the numbers? Oh, yes, without including botnets they have on hand, the Red Hacker Alliance is made up of well over 300,000 members."
Hacking attacks in support of Chinese nationalism have risen in conjunction with unrest in Tibet. McAfee last week reported that some visitors to pro-Tibet Web sites have had their computers infected with the Fribet Trojan, which allows the attacker to alter files, install additional malware, or monitor input. About a month ago, F-Secure said that pro-Tibet-themed e-mail messages were sent out containing links leading to sites that launched malware attacks. Also in March, Sophos documented infected images related to Tibet.
That same month, the FBI began looking into reports from the Save Darfur Coalition, which has been critical of China, that its e-mail accounts had been compromised by hackers.