SINGAPORE – While CNN recently faced distributed denial-of-service attacks from Chinese hackers angry about the television network’s coverage of a recent Chinese crackdown in Tibet, Chinese security officials remain worried hackers will strike their country while the Olympic Games are being held in Beijing.
“Based on historical experience, many hackers seeking to make a name for themselves view the Olympic Games as a challenge and a target, and the Beijing Olympics may face attacks from individual hackers, groups, organizations, as well as other countries and those with all kinds of political motivations, therefore the network security situation is very grim,” China’s National Computer Network Emergency Response Technical Team (CNCERT) said in a report released earlier this month.
A high-profile attack on Chinese computer systems during the Beijing Olympics would be a serious blow to organizers and the government, which has worked hard to position the Games as a celebration of the economic and social strides made by China since embarking on reforms 30 years ago.
“It’s very important for the government to make this successful,” said Jim Fitzsimmons, a security consultant in Shanghai. “They are taking this issue very, very seriously.”
The urgency of tighter network security for the Olympic Games was highlighted at a recent conference in the southern city of Shenzhen, jointly organized by CNCERT, the Internet Association of China, and China’s Working Committee on Information Security, where Xi Guohua, a vice minister at the Ministry of Information Industry, called on participants to spare no effort to boost network security in China ahead of the Games.
Among moves the Chinese government has taken to tighten network security during the Olympics, it created a special response team in Beijing that will monitor systems for signs of attacks and then respond if one is detected. The response team’s job won’t be easy. The prevalence of malware in China means maintaining network security during the Olympics will be a significant challenge.
Fifty-eight per cent of bot-controlled computers — systems that can be controlled remotely to launch denial-of-service attacks or send spam — are based in China, according to CNCERT’s 2007 estimates, which place the total number of bot-controlled computers in China at 3.6 million, out of an estimated total of 6.2 million.
In addition, computers infected with trojan software, which can give a hacker back-door access to a computer, are also a growing problem. Last year, random checks by CNCERT identified 995,000 Chinese computers that had trojan software installed, compared to 44,717 computers identified in 2006 — an increase of 2,125 per cent.
“China’s IT space is really one of the most malware-ridden in the world,” Fitzsimmons said, attributing the problem to widespread use of pirated software and a lack of attention to security management, such as applying software patches that fix vulnerabilities.
“In terms of platforms that people could attack in China, or subvert to attack something else, there’s quite a bit out there,” he said.
Apart from hackers looking to use the Olympic Games as a way to make a political statement or to generate publicity for themselves, Chinese security officials must also contend with the possibility of reprisals to Chinese attacks on CNN’s Web site or pro-Tibet sites that have been hit. In previous years, politically motivated attacks by Chinese hackers launched against Web sites in other countries have provoked responses from other hacker groups.
One such hacker war took place in 2001, after a collision between a Chinese fighter jet forced a U.S. Navy reconnaissance plane to make an emergency landing on China’s Hainan Island, where the crew was detained. During the hacker war that followed, Chinese and U.S. hackers attacked and defaced hundreds of Web sites in both countries.
So far, there has not been a response from foreign hackers to Chinese attacks against CNN or pro-Tibet Web sites. But hackers may simply be biding their time, choosing to attack or deface Chinese Web sites during the Olympics, a time when any such incident would generate the most publicity. “I honestly believe something is going to happen, but how bad it could be or what is the scale of it, that’s anybody’s guess,” Fitzsimmons said.