Pittsburgh News - Tuesday, May 15, 2001

Hackers disrupt county site

By Brian Nearing TRIBUNE-REVIEW

A cyberwar between U.S. and Chinese computer hackers, sparked by the spy plane controversy, could keep the results of Allegheny County's primary off the Internet, county officials said Monday.

FBI agents took two county computer servers as evidence after Chinese hackers damaged electronic files, including those to be used for posting today's election results on the county's Web site, said Norman Mekkelsen, county General Services director.

The county posts results after the polls close at 8 p.m. and updates them as returns come in. Mekkelsen's office put out a memo Friday warning that the election Web site might not work today.

County computer experts worked over the weekend to repair the damage, restore the software for the election Web site and place it on other computer servers, he added.

"Everything should work fine now," Mekkelsen said. "Of course, that is as of today (Monday)."

County servers had been attacked three times since May 1, and Mekkelsen said the FBI told him they traced the attacks to China.

The county is the second local agency to report such hacking attacks apparently linked to fallout from the April 1 mid-air collision between a U.S. spy plane and a Chinese jet fighter.

The Chinese pilot died in the collision, and two dozen U.S. military personnel were held hostage in China for 11 days when their plane made an emergency landing. The Chinese had demanded an apology and released the Americans after the U.S. government expressed remorse over the pilot's death.

The plane has not been returned to the United States.

Hackers - people who use the Internet to break into computer systems and change or destroy data - have been busy since the April 1 collision.

According to a recent report by the Reuters news agency, an American group of hackers that calls itself PoizonBOx had begun defacing Chinese Web sites after the spy plane incident.

In retaliation, a group calling itself the Honker Union of China promised a blitz beginning May 1 to "strike back with utmost force after such provocation by American hackers." Honker is a word derived from the Chinese word for "red hacker," according to the Reuters report.

On May 3, the Avonworth School District's Web site was hacked into and an obscene message left where the April 23 school board notes should have been.

That message, which cursed the "USA Government" and PoizonBOx, was in the district's red lettering on a black background. An e-mail address for the Canadian system administration of Yahoo was signed underneath.

At least a half-dozen high-profile U.S. Web sites have been defaced by Chinese hackers, according to published reports. Defacing has included posting the Chinese flag, a picture of the dead Chinese pilot and pro-China messages.

Targets included computers at the U.S. Departments of Labor and Health and Human Services, the United Press International news agency, a White House historical association and the U.S. House of Representatives. No serious damage has been reported.

Mekkelsen said county computers were first attacked May 1, again last week and most recently on Friday.

"We have no idea why we became such a popular site," Mekkelsen said. "There was no particular focus to the attacks, but some files were being corrupted, making them difficult to find, or destroyed."

Mekkelsen would not specify which files had been tampered with.

The county Computer Crimes Task Force - which includes the FBI and various federal, state and local police agencies - helped investigate the incident, said FBI spokesman William Crowley.

Assistance also came from the Computer Emergency Response Team at Carnegie Mellon University. Crowley and CERT spokesman Bill Pollock declined comment, citing security concerns.

The infiltrated servers store information that county workers need every day to do their jobs. Mekkelsen would not specify what other files had been damaged.

A computer server is a large-capacity computer that stores data, which can be retrieved upon request from another computer. A hacker is like the low-tech equivalent of someone who breaks into a locked filing cabinet and riffles through the files inside.

The cyber attack also was timed to commemorate the second anniversary of an accidental U.S. air attack on the Chinese embassy in Kosovo.

Tensions between China and the United States increased last week after U.S. approval of the biggest arms sale to Taiwan in a decade and remarks by President Bush on defending Taiwan.

Brian Nearing can be reached at bnearing@tribweb.com or (412) 391-0927.

http://www.triblive.com/live/news/news_story.html?rkey=126380+sid=21e478cd61ab34a195305111f4cd3d44+cat=news-pittsburgh+template=news1.html

-- Martin Thompson (mthom1927@aol.com), May 15, 2001

Answers

Tuesday, May 15, 2001 - 12:00 a.m. Pacific

Hacker leaves Chinese marks on state Web site

By Frank Vinluan Seattle Times staff reporter

Hackers broke into a public-access portion of the state Legislature's Web site over the weekend, marking the page with Chinese characters.

It was thought to be the latest attack on a government Web site in a cyber war that escalated since a Whidbey Island-based reconnaissance plane and a Chinese fighter collided off the coast of China last month.

"We're at this point assuming it's Chinese hackers. But since we don't know Chinese characters, we don't know exactly who it is," said Cathy Munson, director of the Legislative Service Center in Olympia.

A systems administrator discovered the breach just after 6:30 Saturday morning and repaired it shortly afterward. The service center, which administers the site, was working with Microsoft technicians yesterday to patch the site and prevent further attacks. The site uses Microsoft software.

After the plane collision April 1, hackers thought to be Chinese have broken into numerous Web sites nationwide, marking the pages with anti-American messages.

A picture of Wang Wei, the Chinese pilot killed, was posted on the Web site of the U.S. Department of Labor on April 28. And earlier this month, hackers left a message on the site of Online Engineering Services in Bothell reading, "This Website was hacked by ChinaEagle for beating down all the hegemonism of USA."

The Los Angeles Times has reported that U.S. hackers, in turn, have placed anti-Chinese comments on Chinese sites or otherwise disrupted them.

The attack on the Washington Legislature's site is believed to have happened shortly after the last system check at midnight Friday, Munson said.

The legislative page provides information about the state House and the Senate and allows access to bill information. Since the page is accessible to the public, it does not have the same firewall protections as the state's internal computer systems, which are handled separately.

No information was lost in the attack and no permanent damage was done, Munson said.

Munson said she did not know of other state government Web sites affected by the attack. She said this was the first time hackers had hit the Legislature's Web site.

Frank Vinluan can be reached at 206-464-2291 or fvinluan@seattletimes.com.

http://seattletimes.nwsource.com/html/localnews/134295578_hack15m.html

-- Martin Thompson (mthom1927@aol.com), May 15, 2001.