Growing tensions between the United States and China and an increase in attacks on Chinese Web sites may lead to backlash from Chinese hackers this week, the FBI warned U.S. online businesses.
Chinese hackers are reportedly planning a strike between April 30 and May 7, coinciding with the Chinese holidays of International Workers' Day and Youth Day, according to the FBI's National Infrastructure Protection Center, which issued the warning. Chinese hackers have openly discussed stepping up their attacks on U.S. sites, the NIPC said.
May 7 is also the second anniversary of the accidental bombing of the Chinese embassy in Belgrade, Yugoslavia, during NATO strikes against Serbia in 1999. NIPC urged network administrators to monitor their Web sites and mail servers closely this week for possible intrusions.
The attacks may take the form of Web site defacements and denial-of-service attacks. In defacements, hackers break into Web sites and replace the main pages with their own scrawl, much like graffiti. Denial-of-service attacks are attempts to flood Web sites with information to cause service disruptions.
Chinese hackers also may be incensed over a flurry of defacements against Chinese Web sites since the April 1 collision of a U.S. spy plane and a Chinese jet that has escalated tensions in U.S.-Sino relations. More than 100 Chinese sites have been the targets of defacements in April, up from 33 in March, according to Attrition.org, a Web site that maintains an archive of Web site defacements.
Recently, many defacements against Chinese sites archived on Attrition.org have featured anti-Chinese invective and expressed anger over the Chinese detention of the U.S. spy plane and its crew.
Chinese hackers also have defaced a number of U.S. Web sites, according to the NIPC. The identities of the defaced sites were not disclosed. Defaced Web sites' main pages were replaced with pro-Chinese or anti-U.S. rhetoric, according to the NIPC.
In addition, the NIPC has discovered that an Internet “worm” — a type of program that can copy itself and flood a network — that is circulating on the Internet has a Chinese connection. Dubbed “Lion,” the worm infects computers, then installs denial-of-service programs on them and e-mails the victim site's passwords to an address in China, the NIPC said.