Cry Havoc and Let Slip the Cogs of Cyber-War?

by Howard Fienberg
July 9, 2001

Americans were recently warned of a new fallout from the U.S.-China spy plane dispute. Chinese hackers apparently promised cyber-attacks on American web sites throughout the first week of May in retaliation for a wave of American hacks of Chinese sites. CNN told viewers (Apr. 27) to "beware ... That nice picture of your corporate headquarters building on your web page may be replaced by a picture of [Chinese pilot] Wang Wei." In fact, this was "the first effort by American hackers to battle counterparts in another nation over a political conflict," according to the Los Angeles Times (May 2).

Warnings from the Federal Bureau of Investigation and accompanying media coverage posited a gripping story of "yellow peril" suitable for a Tom Clancy novel. Unfortunately, rather than a huge increase in politically-motivated hacking, this story may have been pure media hype. Several government web sites do appear to have been attacked, ranging from the White House to the Road Commission of Oakland County. On May 1, hackers even hit that vital American resource, the Albuquerque office of the Department of Energy. The same day, CERT Coordination Center (CERT/CC) at Carnegie-Mellon University, received 100 more notices of possible hacks than normal. However, the Center manager, Jeffrey Carpenter, conceded to USA Today (May 2) that he "had not seen a significant increase in actual compromises of machines."

This smelled like an irresistible man-bites-dog -- hackers motivated by more than egotism. Clive Thompson wrote in Newsday (May 6) that he was "rather charmed by the new wave of protest." Dr. Dorothy Denning, director of the Georgetown Institute of Information Assurance, told the BBC (Apr. 28) that "Basically, this is a way for young people to express their opinions." Do any of the hackers really deserve the designation "hacktivists?" Brian Martin, who until recently chronicled cyber-vandalism for, pointed out that "Chinese web sites were being defaced before the spy plane incident and with no political agenda." He recalls that the political "slant" to the web site defacements only seemed to emerge after news media started running speculative stories about them. Martin accused the media on April 29 of making "news out of nothing."

Most news reports of the "cyber-war" derived from postings on hacker message boards, brimming over with bluster from both Chinese and American hackers. The "conflict" even earned the moniker of a "world cyber-war" when hackers from other countries seemed to be getting involved on either side. Was it global political intrigue or just ego as usual? Deciphering the true national origin of the average hacker would be a tremendous feat. Other conflicts, such as Israel-Palestine and India-Pakistan, have featured what people assumed to be politically-motivated hacking, but close investigations revealed that many of these hacks originated in the United States. The poor grammar in many of the supposed Chinese hackers' defacements is endemic to all hackers, including native English speakers. It is quite possible the "cyber-war" was not actually a U.S.-China dispute at all.

A more important question remains: what was the impact? William Knowles, senior analyst with a computer security and intelligence site, said, "if this was a true cyber-war, the (Dow Jones) would be tanking into the four-digit range, government systems would be offline, the 747s that planned to land at O'Hare would be landing in my front yard, 911 networks would be in disarray, and a state of emergency would likely be called" (Wired News, May 4).

Of course, the world did not end. The "hacking" that took place was minor: distributed denial of service (DDOS) attacks and web site defacements. DDOS attacks bombard network systems with tons of junk mail. They are low-tech operations designed to cause traffic jams on the Internet, like those that felled and other e-commerce sites last February. All over the Internet, aspiring cyber-hoodlums can find easy-to-implement programming code and software to run a DDOS attack. Web site defacement at least requires skill in order to beat a web site's security, but internal networks and important data are usually (or at least should be) separated from web sites and more secure. While a cyber-vandal has indeed "hacked" in, he or she can usually do minimal damage.

Does vandalism qualify as a threat to national security? If so, we are in trouble. Virus protection company Symantec told the Christian Science Monitor (May 3) that 30 to 50 sites are defaced by hackers every day. They claim hackers defaced about 6,000 sites last year and expect more than 8,000 this year. Geoff Voelker, a computer science professor at the University of California San Diego, told United Press International (UPI) on May 31 that "roughly 4,000 denial of service attacks likely occur on the Internet each week, and cover the range of countries and businesses large and small." Figures from CERT/CC since its establishment in 1998 show a "constant and steady rise in the number of security" problems. CERT/CC admits that this rise is "commensurate with the growth of the use of the Internet."

Editor John O'Sullivan summed up the reality of the supposed "cyber-war" after his UPI site was attacked on April 30: "No great harm seems to have been done on this occasion. It was cyber-nuisance rather than cyber-terror." Unfortunately, by raising hysteria over what seems to have been a minimal "nuisance," we might be encouraging a dangerous copycat effect, inspiring more mischievous individuals to carry out previously rare or non-existent cyber-crimes. To paraphrase some useful advice: Be careful what you warn about -- you might just get it.

Howard Fienberg is research analyst with the Statistical Assessment Service (STATS), a nonprofit nonpartisan think tank in Washington, D.C.

see the original article at

return to Howard Fienberg's page