China worries hackers will strike during Beijing Olympics
While CNN
recently faced distributed denial-of-service attacks from Chinese hackers
angry about the television network's coverage of a recent Chinese crackdown
in Tibet, Chinese security officials remain worried hackers will strike while
the Olympic Games are being held in Beijing.
"Based on historical experience, many hackers seeking to make a name for
themselves view the Olympic Games as a challenge and a target, and the Beijing
Olympics may face attacks from individual hackers, groups, organizations, as
well as other countries and those with all kinds of political motivations, therefore
the network security situation is very grim," China's National Computer
Network Emergency Response Technical Team (CNCERT) said in a report released
earlier this month.
A high-profile attack on Chinese computer systems during the Beijing Olympics
would be a serious blow to organizers and the government, which has worked hard
to position the Games as a celebration of the economic and social strides made
by China since embarking on reforms 30 years ago.
"It's very important for the government to make this successful,"
said Jim Fitzsimmons, a security consultant in Shanghai. "They are taking
this issue very, very seriously."
The urgency of tighter network security for the Olympic Games was highlighted
at a recent conference in the southern city of Shenzhen, jointly organized by
CNCERT, the Internet Association of China, and China's Working Committee on
Information Security, where Xi Guohua, a vice minister at the Ministry of Information
Industry, called on participants to spare no effort to boost network security
in China ahead of the Games.
Among moves the Chinese government has taken to tighten network security during
the Olympics, it created a special response team in Beijing that will monitor
systems for signs of attacks and then respond if one is detected. The response
team's job won't be easy. The prevalence of malware in China means maintaining
network security during the Olympics will be a significant challenge.
Fifty-eight percent of bot-controlled computers -- systems that can be controlled
remotely to launch denial-of-service attacks or send spam -- are based in China,
according to CNCERT's 2007 estimates, which place the total number of bot-controlled
computers in China at 3.6 million, out of an estimated total of 6.2 million.
In addition, computers infected with trojan software, which can give a hacker
back-door access to a computer, are also a growing problem. Last year, random
checks by CNCERT identified 995,000 Chinese computers that had trojan software
installed, compared to 44,717 computers identified in 2006 -- an increase of
2,125 percent.
"China's IT space is really one of the most malware-ridden in the world,"
Fitzsimmons said, attributing the problem to widespread use of pirated software
and a lack of attention to security management, such as applying software patches
that fix vulnerabilities.
"In terms of platforms that people could attack in China, or subvert to
attack something else, there's quite a bit out there," he said.
Apart from hackers looking to use the Olympic Games as a way to make a political
statement or to generate publicity for themselves, Chinese security officials
must also contend with the possibility of reprisals to Chinese attacks on CNN's
Web site or pro-Tibet sites that have been hit. In previous years, politically
motivated attacks by Chinese hackers launched against Web sites in other countries
have provoked responses from other hacker groups.
One such hacker war took place in 2001, after a collision between a Chinese
fighter jet forced a U.S. Navy reconnaissance plane to make an emergency landing
on China's Hainan Island, where the crew was detained. During the hacker war
that followed, Chinese and U.S. hackers attacked and defaced hundreds of Web
sites in both countries.
So far, there has not been a response from foreign hackers to Chinese attacks
against CNN or pro-Tibet Web sites. But hackers may simply be biding their time,
choosing to attack or deface Chinese Web sites during the Olympics, a time when
any such incident would generate the most publicity.
"I honestly believe something is going to happen, but how bad it could
be or what is the scale of it, that's anybody's guess," Fitzsimmons said.
IDG News Service
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
VMware ESX Server in the Enterprise
By Edward L. Haletky
Published Dec 29, 2007 by Prentice Hall.
Enter now! | Official rules | Sample chapter
Green IT
By Toby Velte, Anthony Velte, Robert C. Elsenpeter
To be published Oct. 10, 2008 by McGraw Hill Professional
Enter now! | Official rules | About the book
