CNN Faces Cyberattack Over Tibet Coverage

Security experts and researchers are mixed on whether the attacks, reportedly scheduled around 8 p.m. on April 19, Beijing time, will happen.

Thomas Claburn, Editor at Large, Enterprise Mobility

April 18, 2008

4 Min Read

Hackers sympathetic to China appear to have launched a minor denial-of-service attack on CNN's Web site, possibly as a prelude to a more significant cyberattack on that is supposed to materialize around 8 p.m. on April 19, Beijing time.

"Looking at our data, I see evidence of a few dozen DDoS attacks against one of the CNN Web site IPs in the past day," said Jose Nazario, CTO of Arbor Networks, in a blog post. "These attacks were very small, they barely registered, so it's hard to say that they're the massive onslaught that we may see this weekend. It's possible this is entirely unrelated -- a lot of hackers try to bring down major Web sites like this every day."

A spokesperson for CNN confirmed that the site had experienced a denial of service attack on Thursday.

"CNN took preventative measures to filter traffic in response to attempts to disrupt our website," the network said in an e-mailed statement. "A small percentage of users in Asia are impacted. We are working to restore access as quickly as possible."

CNN has posted its own account of the attack.

In a phone interview, Nazario indicated that the network activity his group was tracking was almost indistinguishable from low-level daily attacks. He said he was looking for signs that someone might have started the planned attack ahead of schedule. "Somebody always jumps the gun, and starts the party early," he said.

Scott J. Henderson, who runs The Dark Visitor, a blog that follows Chinese hackers, warns on his site that Chinese hackers have posted calls for people willing to participate in a DDoS attack on CNN to punish the network for its coverage of the Chinese crackdown in Tibet. He has listed the URLs for seven sites seeking hackers willing to participate in the attack.

According to Henderson's translation of a post on a Guilin University of Electronic Technology bulletin board, the attack is support to start in earnest at 8 p.m. on April 19 in Beijing, which would be 8 a.m. Saturday in New York.

In an e-mail, Henderson explained that attacks on CNN are being driven by recent reporting that depicts China in an unfavorable light and to coincide with protests in Europe that are planned for April 19. "Some of the Chinese hackers want to relive the glory days of the Sino-U.S. cyberconflict," he said.

With CNN prepared for such an event and growing publicity, it's far from clear that a serious attack will materialize. Some rumored cyberattacks, such as the Nov. 11, 2007, al Qaeda attack that was supposed to affect Western, Jewish, Israeli, Muslim apostate, and Shiite Web sites, never occur.

In fact, as this story was being filed, Henderson called to say that the organizer of this attack now wants to call it off because of the publicity surrounding it. He said it's not clear whether the call to stand down will be observed.

China on Thursday called for a "sincere apology" from CNN for remarks made by network commentator Jack Cafferty, who earlier this month called Chinese leaders "goons and thugs," a move likely to amplify CNN's disrepute among Chinese nationalists.

Such sentiment is readily apparent in the emergence of a site like, which was registered through a Chinese domain registry in March, when the protests in Tibet erupted.

Henderson said he couldn't predict whether the attack would actually take place or be effective. "However, the Chinese hackers do have quite a bit of experience at this and if they can get the numbers together I imagine they could be highly effective," he said. "Do they have the numbers? Oh, yes, without including botnets they have on hand, the Red Hacker Alliance is made up of well over 300,000 members."

Hacking attacks in support of Chinese nationalism have risen in conjunction with unrest in Tibet. McAfee last week reported that some visitors to pro-Tibet Web sites have had their computers infected with the Fribet Trojan, which allows the attacker to alter files, install additional malware, or monitor input. About a month ago, F-Secure said that pro-Tibet-themed e-mail messages were sent out containing links leading to sites that launched malware attacks. Also in March, Sophos documented infected images related to Tibet.

That same month, the FBI began looking into reports from the Save Darfur Coalition, which has been critical of China, that its e-mail accounts had been compromised by hackers.

About the Author(s)

Thomas Claburn

Editor at Large, Enterprise Mobility

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful master's degree in film production. He wrote the original treatment for 3DO's Killing Time, a short story that appeared in On Spec, and the screenplay for an independent film called The Hanged Man, which he would later direct. He's the author of a science fiction novel, Reflecting Fires, and a sadly neglected blog, Lot 49. His iPhone game, Blocfall, is available through the iTunes App Store. His wife is a talented jazz singer; he does not sing, which is for the best.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like

More Insights