Hackers Deface Web Sites; FBI Issues DDoS Warning

Web page defacement attacks by hackers have escalated dramatically in the
last 24 hours, with technology news site CNET, Webex
and game developer Blizzard.com among those hit this morning.

At 2:00 p.m today, 153 defacements were reported by
Alldas.de a site which archives posts mirrors of
hacking attacks around the world.

Executives at Web-based meeting center, WebEx say they can’t explain the defacement of their home page Monday.

“We have no idea why anyone would be interested in attacking us,” says one WebEx executive who asked not to be identified.

Visitors to the site were greeted to a black page with bold red letters slamming both the U.S. government and another group of cybervandals.

“f*** USA Government – f*** PoizonBOx,” read the message along with an email contact to a Chineese Yahoo! e-mail account.

The San Jose-based company runs an online service that lets you run real-time meetings right through your Internet browser.

As to why a separate hacking group would be named during a defacement, Attrition spokesperson Modify could only give these thoughts.

“Because he/she/they have been defacing .tw sites (Taiwan),” says Modify.

In March, the British government launched an investigation into PoizonBOx after a chain of UK government Web sites had their information replaced with graffiti showing a self-styled logo.

Web Attacks On Upswing

Today’s defacement barrage comes just days after a hacking group calling
itself “Prime Suspectz” hit three Microsoft sites. The latest round of
attacks also include pro-Chinese slogans and seemed to be targeting U.S
commercial and government Web sites.

Last week, the Federal Bureau of Investigations (FBI) issued a warning that
U.S sites faced hacking attacks from pro-Chinese groups. The FBI said
Chinese hacker groups planned to retaliate against U.S attacks on Chinese
government-owned sites.

This week’s attacks coincided with the recent political standoff between the
two countries and the second anniversary of the NATO bombing of a Chinese
embassy in Belgrade, according to the FBI.

In the recent round of attacks, Web pages owned by the Inter-American
Defense Board, The U.S Fish and Wildlife Service, the Department of Health
and Human Services and several universities in Washington, D.C were hit with
defacements.

Explicit anti-American messages were posted and defacements included the
flags of Russia and China.

Separately, the FBI warned there would be ongoing attempts to disrupt Web
access to several sites. The National Infrastructure Protection Center
(NIPC), which acts as the FBI’s cybercrime unit, said hackers planned to use
distributed denial-of-service (DDoS) attacks to cripple targeted Web sites.

Denial-of-service attacks typically flood Web sites with excess traffic,
effectively slowing or blocking access to targeted sites.

“The activity has been seen from several networks, and consists entirely of
fragmented large UDP packets directed at port 80. Analysis indicates that
this activity may be intended to bypass standard port/protocol blocking
techniques, as certain major routing equipment manufacturer’s products will
block the first fragment of a large UDP packet, but may not block subsequent
packets, thereby permitting the denial of service to continue,” the NIPC
said in a warning issued over the weekend.

The unit advised systems and network administrators to inspect their
facilities (firewall logs) for the presence of fragmented UDP packets
directed at port 80.

“Inbound packets of this type indicate that a denial of service to the
network in question may be underway. Outbound packets of this type indicate
that there is a high likelihood that system(s) on the network in question
are compromised and that DDOS tools are installed. Attempting to block this
traffic at the IP-only level (as opposed to protocol-specific level like
UDP) may have improved effectiveness,” it said.

To determine if a computer system has been infected with a DDoS agent, the
NIPC has posted a “Find DDoS” tool on its Web site. The tool may be
downloaded from the NIPC
site
.

The FBI has also called on targeted sites to report computer intrusions to
their local FBI office.

Incidents may also be reported online or by dialing
202-323-3204/3205/3206.

News Around the Web