We’re at war. No, not that one, we’re at war with China. Didn’t you know?
I have to admit that I wasn’t aware of this until a very large Web site I manage was attacked recently. I won’t go into details about this site, but it’s a large one with around half a million pages, and we recently noticed that the transactions on the site were dropping.
When we looked at it we found the site had almost literally ground to a halt, at least at times. I would try to load a page, and the server would churn and churn. It might take two or three minutes to load the page. Then things would speed up and pages would load quickly – then they would slow dramatically again.
Up and down the site would go. One moment it was effectively dead, the next moment it was moving along reasonably quickly. I called our server administrator, and we began digging around and trying to figure out what was happening. It didn’t take long to discover that we were getting a huge amount of traffic from China, of all places.
China is not a target for this site’s business, and rarely do we see traffic in the logs from there. The majority of the traffic comes from the United States; a couple of percentage points are from Canada, and a little comes from Asia – by then we are down to fractions of a percent.
Yet on this day, we saw an enormous increase in traffic from China – three-quarters of all our traffic was coming from that nation, which of course means someone in China, for some reason, was quadrupling our traffic. For every page request we would expect on that day, someone in China was requesting three additional pages.
It became clear that we were under attack by someone in China. This is known as a DOS (Denial Of Service) attack – the attacker doesn’t “hack in” to your site and break things, he just “requests” so much information that he pulls your site down. Your server isn’t expecting so much traffic, so it just grinds to a halt under the onslaught.
Why would someone in China dislike this site so much he felt he had to attack it? We still don’t know, but we have a few ideas.
As I did a little research, I discovered we had been at war with China for a little while. “It’s (Cyber) War: China vs. U.S.” claimed a headline on the Wired.com Web site late in April. “The first shots in a planned week-long cyberwar between Chinese and American hackers were fired early Monday, with Chinese hackers claiming credit for defacing a dozen U.S Web sites,´ said the article.
“General: China taking on U.S. in cyber arms race” was the headline we found on CNN.
“China’s People’s Liberation Army has established information warfare units to develop viruses to attack enemy computer systems and networks,” the Pentagon said.
General Robert Elder went on to claim that the Chinese were already using its skills to undertake “cyber-operations as industrial espionage aimed at stealing trade secrets,” adding that “criminals, hackers and ‘nation-state’ forces” were involved in such campaigns.
In a story on StrategyPage.com, I found claims that “thousands of Chinese student hackers can’t stop chattering (and bragging) on the net about what a formidable cyberwar power China is becoming.” This is a problem, the writer states, because these hackers are a recruiting pool for China’s cyberwar units, and although the hackers who have been recruited know enough to keep quiet, many of these as-yet-unrecruited kids don’t, and thus these young hackers have become “a major source of intelligence on Chinese cyberwar plans.”
So what was this all about? Why were we attacked?
Perhaps we got caught up in this hackers’ war because the site contained some information about the recent pet food recall – which, you’ll recall, was due to tainted food from China – we became a handy target.
Perhaps the people attacking us were simply playing around, learning the skills they need to a cyberwar job with the People’s Liberation Army … or maybe they were demonstrating the skills they’ve already learned. Attacking Web sites has become a hobby for many people in many ways, in both the East and West, though in China it has become more – it’s a way to find a job.
I’ve been fortunate in my online experience and have never been a target for any significant attacks. Stories about cyberwar were just that, stories. It’s a shock when this sort thing hit home, and you discover it’s for real.
Peter Kent is an e-commerce consultant in Denver. He can be reached at www.PeterKentConsulting.com/ or GeekNews@PeterKentConsulting.com