The document analyzes the 2001 cyber attacks between the United States and China following a collision between a U.S. plane and Chinese fighter jet. Chinese hackers began attacking U.S. websites in protest, and U.S. hackers retaliated, launching a 7-day cyber battle. The attacks involved web defacement, viruses, and DDoS attacks targeting government websites. Both sides were motivated by patriotism and tensions between the countries. The U.S. responded defensively while China took a more offensive approach. The attacks exposed vulnerabilities in how each country approached cyber defense and deterrence at the time.
1. CASE STUDY ANALYSIS OF U.S. & CHINA HISTORIC CYBER ATTACK
UNITED STATES AND CHINA 2001: PATRIOTIC
HACKING
Lillian Ekwosi-Egbulem
University of Maryland University College, 2011
2. CASE STUDY ANALYSIS OF U.S. & CHINA HISTORIC CYBER ATTACK 2
United States and China 2001: Patriotic hacking
INTRODUCTION:
As recorded in Cyberspace and the Changing Nature of Warfare, “practically everything
that happens in the real world is mirrored in cyberspace (Geers, 2008, p.1). On April 1, 2001, a
U.S. navy plane collided with a Chinese fighter jet killing the Chinese Pilot. The U.S. plane
made an emergency landing in Hainan Island and the crew were detained (Schnell, 2001, p.1).
China demanded an apology from the Bush administration but got none. While the diplomatic
resolution of the tension was being negotiated, hackers from China, in protest for domineering
action of America started attacking the US websites. The U.S. hackers on the other hand,
retaliated and thus began the seven day digital battle between the two countries. As expected,
both pro US and Chinese hackers joined the cyberwar until Chinese hackers called the truce.
Cyberspace is a realm where no one can claim superiority and has become the means for
cyberterrorism and cyberwar. Basically, Cyberterrorism is the convergence of terrorism and
cyberspace that results in violence against persons or property, or at least cause enough harm to
generate fear. Cyber war on the other hand is more of government activities (Denning, 2007), or
other types of computer abuse such as (computer crimes, economic espionage, information
warfare, propaganda). The purpose of this paper therefore is to analyze the U.S. & China 2001:
patriotic hacking, delving into the motivation of the attackers, the attack methods used and the
response of the defenders. Finally, it will analyze the vulnerability, hacking techniques and
countermeasure, basic concept of cyberterrorism and how to limit the exposure.
MOTIVATION:
For long now, China has been at the forefront of cyber warfare and other forms of
cyberterrorism. During the U.S. and China 2001: Patriotic hacking, Honkers, the Chinese active
3. CASE STUDY ANALYSIS OF U.S. & CHINA HISTORIC CYBER ATTACK 3
hacker group claim they are not hackers but politically motivated patriots driven by the passion
to defend the integrity of their sovereignty. They simple use the cyberspace to get their message
across (Tang, 2001)
Another motivation for the attack is the yearning of the hackers to “increase the honker‟s
influence, strengthen cohesion and promote honker culture and its development” This they plan
to achieve by suggesting that the word honk-ke be standardized and accepted in English as
honker. (Min, 2005)
Yet, another apparent source of motivation is the U.S. “claimed” support that the hackers
received from Chinese government. According to CNN.com, the concentrated attack…and its
great coordination made the United States believe that the Chinese government supported the
attacks. (Tang, 2001). The article further states that the Chinese hackers have their principles
and the government has been recruiting prominent hackers to form an „Internet Army‟ in case
there is a cyber war.
THE ATTACK METHODS:
From all indications, the Chinese attackers take the offensive side. Typically, the attacks
are daily occurrence of web defacements, viruses, worms and Distributed-Denial-of-Service-
attack. (DDoS).“While the impact of those attacks can be serious, they are generally not
regarded as acts of terrorism (Dennigs, 2007). They targeted mainly the U.S. government
organization networks to drive home their message. As reported in Is this World Cyber War 1,
hacker Jia En Zhue of China claims that “It is the U.S. governments that we hate, not the
people." (Delio, 2001). Apparently, their aim is to deface the target homepage and not the
system (CNN.com, 2001).
4. CASE STUDY ANALYSIS OF U.S. & CHINA HISTORIC CYBER ATTACK 4
Another method employed by the Chinese hackers is “human-wave” tactics, the same
war tactics used during the Korean War against the United States (Delio, 2001). The article goes
on to explain that this tactics requires building up a huge cyber-attack resource base drawn
from the military, hackers, private companies and Chinese netizens. Interestingly, these people
have a common bond, which is Patriotism. This works in favor of China because of their huge
number of Internet bars also, most of their recreational places are equipped with computers and
the internet.
THE RESPONSE OF THE DEFENDERS:
U.S. hackers in retaliation defaced the Chinese websites and some of them claimed this is
the first time they have hacked with political motivations (Delio, 2001). In contrast to their
counterpart, they limited their attack on web defacement and called for more attackers to defend
the country network by scanning for vulnerability and reporting it to network administrators.
Their tactics was more of “let‟s see which way the Chinese go, then we retaliate”. The United
States by nature does not take an offensive side in times of war. With laws and polices guiding
their every action, it is no surprise that they played a defensive role during this cyber attack. As
recorded in Virtual Defense, the U.S. concept of security has not caught up to the new threat of
computer warfare (James, 2001). It is a given that U.S. military prowess cannot be matched but it
can be taken down in the area of digital warfare.
ASSESSING THE VULNERABILITY:
In assessing the vulnerability of the U.S. government agency against cyber terrorism or
cyberwar, it is obvious that there is no strategy for deterrence or legal regime for retaliation
against cyber-attacks. Consequently, countries like China often battle the U.S. with impunity
(James, 2001). This is because the thinking of the U.S. decision makers is still stuck in the
5. CASE STUDY ANALYSIS OF U.S. & CHINA HISTORIC CYBER ATTACK 5
cold war, pre-Internet era which stresses more of deterrence strategy.
Though there are speculations by the U.S. government that the Chinese government
supported the hackers, however, one cannot ascertain that fact. Therefore the attack looks more
like an asymmetric warfare where the U.S. and China have different capabilities to wage attacks
against each other. China, viewed as a weaker group with unequal military resources, uses
unconventional weapons and tactics and with little efforts to execute attacks of great potential
effect, full of uncertainly and unpredictability
No formal war was declared between China and the U.S. The attackers are simply a
group of people motivated by some ideologies. As a result, the current defense plans and the
concept of national security available to the U.S. policymakers can only allow them to apply one
of the two approaches to cyberterrorism and cyber warfare namely; deterrence by denial. The
use of deterrence by punishment which is the other approach is currently under debate and
meanwhile, it is really hard to determine at what point a counter attack against a cyber terror
attack becomes an act of war.
LIMITING THE EXPOSURE:
Defense is the best offense and the U.S. has a level of responsibility as far as the
protection of their critical infrastructures is concerned or otherwise will be held accountable for
any successful attacks where they fell to exercise “due diligence” to deter threat agents.
Training and awareness is another way to limit the exposure. Knowing how to use the tools is not
just enough but a combination of good tool, awareness and training is a good defense. Likewise,
information sharing should be limited especially those related to the security of critical
infrastructures. The Internet encourages information sharing and some of the information on the
6. CASE STUDY ANALYSIS OF U.S. & CHINA HISTORIC CYBER ATTACK 6
technological advancement that the U.S. puts out there can be very useful to the attacker in
figuring out how the U.S. defends its network.
HCKING TECHNIQUES AND COUNTEMEASURES:
The techniques the attackers used were network scanning which detects vulnerabilities.
Chinese attackers exploited known weaknesses" in Unix networks and Sun Microsystems'
Remote Procedure Call (RPC), a protocol that allows services across a network to communicate
with one another (Delio, 2001). Other hacking techniques include password cracking and
structured query language (SQL) which hinges on an attacker entering an SQL database query
into a dynamic webpage leading to webpage defacement. They also employed Distributed-
Denial-of-Service attack which involves using multiple computers turned into “zombies” to
perform denial of service attack.
Some of the Countermeasures to secure the networks include proper installation and
configuration of firewall to filter traffics between trusted and untrusted networks. Network
Intrusion Detection system (IDS) monitors the network for malicious activity, while the Network
Intrusion Prevention System (IPS) both recognizes and responds to potential threats. Also,
vulnerability management in form of assessment and testing is critical for network defense.
In conclusion, Cyber attack is like a knife, if you use it to cut meat, then it‟s a kitchen
knife, if you use it to chop up people, then it‟ a killer weapon (Tang, 2001). Consequently, it
comes necessary for the U.S. to review its policies that will make it clear when a cyber attack
justifies deterrence by punishment as the best option. Finally, those policies must take into
consideration and keep pace with the changing nature of the digital technology, otherwise the
U.S. will be playing catch up to China and the rest world in general.
References
7. CASE STUDY ANALYSIS OF U.S. & CHINA HISTORIC CYBER ATTACK 7
Adams, J. (2001). Virtual defense. Foreign Affairs, 80(3), 98-112. Retrieved from EBSCOhost.
Tang, R. (2001). China-US. Cyber war escalates. Retrieved from
http://archives.cnn.com/2001/WORLD/asiapcf/east/04/27/china.hackers/
Delio, M. (2001) Is this World Cyber War 1. Retrieved fromhttp://www.wired.com/politics/law
/news/2001/05/43443?currentPage=all
Denning, D. (2007). A view of cyberterrorism five years later. Retrieved from
http://faculty.nps.edu/dedennin/publications/Cyberterror 2006.pdf
Geers, K. (2008, August 27). Cyberspace and the changing nature of warfare. Retrieved from
http://www.scmagazineus.com/cyberspace-and-the-changing-nature-of-warfare/
article/115929/
Min, D. (2005). The Passionate Time of Chinese Hackers. Chinascope, 14-25. Retrieved from
EBSCOhost.
Schnell, J. 2011). The Cross-Cultural Rhetoric of Diplomacy in the Case of the U.S. Surveillance
Plane Landing on Hainan Island, China in April, 2001. China Media Research, 7(2), 77-
80. Retrieved from EBSCOhost.