May 12, 1999 Web posted at: 2:01 p.m. EDT (1801 GMT) by Ellen Messmer

From...

ALSO:    Insurgency on the Internet    Sign up for the Computer Connection email service    For more computing stories

(IDG) -- The war in Kosovo has intensified as hackers on either side of the conflict try to take over or block Web servers around the world.

The federal government said today that Chinese hackers have joined the online war, targeting U.S. government sites over the accidental bombing of the Chinese embassy in Belgrade last Friday.

Web sites at the departments of Energy and the Interior and the National Park Service were hijacked on Sunday by intruders claiming to be from mainland China. The Department of Energy (DOE) has sent an alert to other federal agencies and defense contractor warning them of possible mailbombing attacks from China.

Meanwhile, the White House shut down www.whitehouse.gov for three days because of security concerns stemming from a non-stop denial-of-service attack. The site only came back up this morning.

White House spokesman Barry Toiv was evasive about whether the White House Web site had actually been hacked or not.

But a couple of hacker-oriented Web sites that record hacker exploits posted claims by a group calling itself Hong Kong Danger Duo saying it had, indeed, taken down www.whitehouse.gov on Monday. According to the hacker posting, Hong Kong Daner Duo, and perhaps others, scribbled "Stop all war. Consintrate [stet] on your problems. Nothing was damaged, but we are not telling how we got in."

Secret Service spokeswoman Shaun Yount said there is an ongoing investigation into an attempted hacking of the White House Web site, but until the investigation was more complete, she couldn't offer further detail.

The Energy and Interior home pages were replaced by pages expressing fury over NATO's accidental bombing of the Chinese embassy in Belgrade.

"Protest USA's Nazi action! Protest NATO's brutal action!" was the message left on the hijacked Web servers. Officials say the Interior break-in has been definitely traced back to China.

"We are Chinese hackers who take no care about politics," said the message signed by "Rocky." But with three Chinese nationals left dead after the embassy bombing, the hackers were wrathful: "You have owed Chinese people a bloody debt which you must pay for! We will not stop attacking until the war stops!"

While Interior quickly restored its Web server to its original state, DOE decided not to go back online until it figured out exactly how the hackers got into www.doe.gov. Department security experts determined that the system administrator's user ID and password files were modified on the agency's Unix-based Apache Web server.

MORE COMPUTING INTELLIGENCE
	IDG.net home page
Network World Fusion home page
Free Network World Fusion newsletters
Reviews & in-depth info at IDG.net
		IDG.net's bridges & routers page
		IDG.net's hubs & switches page
		IDG.net's network operating systems page
		IDG.net's network management software page
Year 2000 World
Questions about computers? Let IDG.net's editors help you
Subscribe to IDG.net's free daily newsletter for network experts
Search IDG.net in 12 languages
News Radio
	Fusion audio primers
	Computerworld Minute

In a memo to government agencies , Sandy Spark, a manager at DOE's Computer Incident Advisory Capability (CIAC), warned that a Chinese tidal wave of e-mail with unresolvable IP addresses is being sent to U.S. government servers in an attempt to overload them.

Government administrators are being advised to apply anti-spam measures to block all e-mail from China's .cn domain if necessary.

The Chinese-related incidents are just the latest in what has become a string of Web hijackings by hackers apparently inflamed over the war in Kosovo.

Just a few weeks ago, the Holland-based hacker group called "Dutchthreat" blasted their way into a Yugoslavian Web server after two of the group's members got angry about a Web posting on a Yugoslavian ISP that called NATO a bunch of Nazis.

The Dutch hackers - using the names Xoloth1 and Meestervervalser - replaced the anti-NATO page with a pro-NATO "Help Kosovo" page of their own.

The Dutch hacker posting said "NATO does not rape innocent women" and "NATO is not out for blood, but for peace." What prompted the action?

Xoloth1 said he got mad when a "Serbian guy" in a chat room started calling NATO and the U.S. a bunch of criminals and Nazis He also resented that one of the main Yugoslavian ISPs had set up an anti-NATO Web page with the domain name pentagon.co.yu.

"The enemy shouldn't have a domain name like pentagon.co.yu, this is a weapon," argues Xolothl. This Dutch hackers,who says he's 17 years old, discovered security to be weak at the Yugoslavian ISP. So he decided to take out the offending page, while sparing the ISP's mail server.

Surprisingly, Dutchthreat's leader, named Acos, says he thinks most of the Kosovo-inspired hacking going on is not motivated by genuine political concerns, but is simply a way of getting attention. But Acos adds he, too, doesn't care to hear NATO called fascist.

Back in the U.S., American hackers are on a political binge, breaking into Web sites to leave what amounts to anti-war graffiti.

One Web site, recreation.gov, was hijacked April 30 and didn't get restored until May 2. The perpetrators, part of a hacker group called 'Team spl0it,' signed their names as f0bic, nostalgic, cellbl0ck and jay. Their message was: "Kosovo (stop the war)."

Noting that Serbia has been bombed for over a month now, the hackers suggested the air war had not accomplished its goals and that "NATO has screwed up." The hackers also had harsh words for Serb president Slobodan Milosevic. "He doesn't give a damn about his people. He couldn't care less if they're dead or alive."

Team spl0it left a similar anti-war message on the City of Los Angeles site they recently hacked.