Site Network: | | Jongsma & Jongsma

Innovation in Information Security

Coverage of important Information Security and Information Technology news and events from the research team at S?nnet Beskerming.

Username: | Password: Contact us to request an account

Public Attention Defeats hack Attempt and Forces Group to Disband

Following an article on Friday's about calls from Chinese hackers to carry out a distributed Denial of Service attack against the CNN website comes news that the attack has been called off for now, due to media coverage about the planned attack. Following the short timeline between the article being published and the call for the attack to be postponed, it can be inferred that what led to the postponement was Friday's article. Scott Henderson (the administrator at The Dark Visitor, the site that first uncovered the call to attack, and also the suspension of the attack) believes that the article was the key action that led to the attack's postponement and provided the following observation about the incident - "It is much harder to carry out a crime if everyone is aware of when and where that crime will take place.".

It is strange that an online action that was designed to draw public attention to a political viewpoint would suddenly be suspended when public attention is focussed on the action, but it shows that scrutiny and awareness can be enough to deny hackers the opportunity to carry out an attack, even if nothing has changed from a technical perspective.

Although CNN did not acknowledge the efforts of Scott to contact them and forewarn them of the impending attack, they did take preventative measures to limit any damage that would be suffered as a result of any attack. In an ironic outcome, CNN's website suffered more from these preventative measures than it did from any attack that surfaced. CNN claimed that they "[did] not know who is responsible [for the attack], nor ... where it came from", but the timing of the report and the fact that it was limited to specific but unnamed areas of Asia points to a small scale attack that may have been an offshoot of the main attack attempt. The late call-off of the attack lends weight to this theory.

Even if there will be no attack against CNN that corresponds to what was being planned, CNN did release a statement that reinforced their approach to generating and reporting news ""CNN's reputation is based on reporting global news accurately and impartially, while our coverage through the use of words, images or video always reflects a wide range of opinions and points of view on every story."

Through Scott's work, he has associated the initial call for attack, and subsequent postponement, to a group known as 'Revenge of the Flame'. From translated statements attributed to the group that Scott has posted on The Dark Visitor, the attack was planned for nationalistic reasons. What the statements show is that, despite having been written in a different language, they read like any other young hacker's missive. The full statement of the postponement, as translated by The Dark Visitor, is as follows:

"In just three short days, our organization, the Revenge of the Flame, has grown large. First, I want to thank everyone for their strong sense of nationalistic responsibility. However, maybe we were too impetuous. We love our country! We will resist all anti-Chinese influences! However, we must choose the right way to come to the defense of our country, families and ourselves!!! After some core internal discussions, we have decided to temporarily cancel the 19th attack plan! The Revenge of the Flame organization still exists! Later we can be a computer discussion organization, we will study together for the day our country needs us! Our government and military will all mobilize! At that time, we will let those so-called foreign net-forces see! No matter where, China will never lose to them! We also have our net-forces! Perhaps at that time, our Revenge of the Flame will be the main strength! We all love our country! But, we must use sensible methods to defend our honor!

ATTENTION: Our original plan for 19 April has been canceled because too many people are aware of it and the situation is chaotic. At an unspecified date in the near future, we will launch the attack. We ask that everyone remain ready. I will repeat it again. At an unspecified date in the near future, we will launch the attack. We are only at present cancelling the attack. We could send out a notice on the day of the attack and have it completed in one day. The attack hasn???t been cancelled; it will be carried out on an unspecified day in the near future. I think everyone understands what we mean.

We hope that even more people with the Chinese national blood will join our actions. Only in unity is there strength. We are not individuals, we are a collective, and we are Chinese.

17 April 2008
Hackwolf" (original here)

According to Scott, while there may be some doubts about the technical capability of a section of the rank and file members of Revenge of the Flame, the leadership is believed to be comprised of very technically adept individuals. Scott believes that the leadership are fully aware of the limitations of their members and so have provided the necessary toolkits (some as simple as point and click) and leadership to provide a coherent attack and give themselves the greatest chance at success. This included breaking the attack into seven elements, each with an appointed leader that would direct the activity of their element.

Despite the current hold on activity, Revenge of the Flame are still moving forward with their attack plans, though the group has since announced that they are disbanding.

22 April 2008

Social bookmark this page at eKstreme.
Alternatively, Bookmark or Share via AddThis

Do you like how we cover Information Security news? How about checking out our company services, delivered the same way our news is.

Let our Free OS X Screen Saver deliver the latest security alerts and commentary to your desktop when you're not at your system.

Comments will soon be available for registered users.