Feeds

back to article China: Online predator or hapless host?

The People’s Republic of China has been singled out in increasingly unequivocal language by the US and its allies as one of, if not the greatest, source of online attacks, be they perpetrated by criminals or the Chinese state itself. But amid all the anti-Beijing bluster, has China been given an unfairly bad rep? At first sight …

COMMENTS

This topic is closed for new posts.
Silver badge

Oh yes?

It is more accurately an indication that within that country exist a large number of vulnerable machines and perhaps inadequate law enforcement or industry regulation

"inadequate law enforcement" - in China? Yeah, riiiiight........

2
1
Silver badge
Meh

Re: Oh yes?

Without the authority and the go ahead of those in charge this wouldn't happen. Someone allows it to happen, whether directly or in turning a blind eye...

1
0
Silver badge

Re: Oh yes?

How many computers have pirated copies of Windows, with Windows Update disabled to stop Microsoft from deactivating them? That is where the inadequate law enforcement is.

6
0
Anonymous Coward

Re: Oh yes?

As if the UK isn't hacking other countries networks....

I would be shocked if there isn't some black-op team breaking into the systems of other states...

Before the world of IT we had agents in different countries, double agents even in friendly nations... now I expect we will be hacking friend & enemy systems......

As close a friend as the USA is, I would not trust the US gov as far as I could throw an average american.....

When your 'closest ally' runs an illegal detention center where they detain people without trial and still refuses to release one of your citizens, it makes everyone else look good in comparison...

4
0
Anonymous Coward

Re: Oh yes?

"As if the UK isn't hacking other countries networks....I would be shocked if there isn't some black-op team breaking into the systems of other states..."

You obviously see the UK security services as James Bond. I see them as more in the mould of Johnny English, and would be most surprised if they had any skill in this area, and even more surprised if our politicians would let them do such a thing.

0
4
Black Helicopters

Re: Oh yes?

Hacking state systems only really benefits the ones who are "behind" in any specific criteria.

Once China has Stealth tech, nanotech, pharmatech, biotech, insertothertech that is superior to "ours", then there will be strategic advantage for us to hack them.

Until then, it will be surface surveillance only and a generous helping of plausible deniability.

0
0
Anonymous Coward

Cui bono ?

The catspaw argument might be more compelling if the attacks were mostly scams. As it is, a disturbingly large number aren't after money or ID, they're after industrial secrets. My money says this is state sponsored and it's too sophisticated for a US false flag.

7
0
Silver badge

Whatever.

I know how to reduce my customer's expenses.

The ability to block mainland-china, in it's entirety, is a valuable tool.

0
3
Silver badge

Re: Whatever.

Is your blocking based on the source IP address of incoming packets?

0
0
Silver badge

Re: Whatever.

> blocking based on the source IP address

That's what I do.

My main home machine runs Linux and I used to find my logs showed several attacks - mainly against SSH - daily. These were generally trivial attempts to guess passwords (none of which ever worked). Over a period of time I logged the IP address of the attacker and made a list of 23 */8 address blocks that seemed to account for pretty much all the unwanted attention. A cursory check showed that these were all located in the far east, not just China.

Adding lines in to /etc/hosts.deny, of the form ALL:58. ... seems to have cured the problem almost entirely.

1
0
g e
Silver badge

Re: Whatever.

Same here, I block all /16's and larger from China based on maxmind's geoip DB, plus a few Romanian and Kuwaiti networks.

/24's? There's plenty of them but I really couldn't be arsed going that far ;o)

0
0
Bronze badge

...has China been given an unfairly bad rep?

No.

3
0

China has amazing levels of Internet border control (thanks to Cisco).

If someone's inside the walls and hacking someone outside, it's because China wants them to.

0
0
Bronze badge

Have to laugh at some of the armchair security people here

"The People’s Republic of China has been singled out in increasingly unequivocal language by the US"

Because we can trust a word they say?

We can't trust ANY of them US China or our own Govt. On one hand they are crying that China are a bunch of spies, on the other hand they are disabling foreign nuclear power stations with viruses.

The US was unequivocal in its use of language when we all went to war to stop the various counties with large deposits of oil, fissionable and opium, yet that turned out to be a steaming pile of crap, why should them covering their own tracks by pointing the figure at someone else be any different?

China is an easy target, but not doing anything that the rest of the words self serving administrations are not also doing.

10
0
Anonymous Coward

Re: Have to laugh at some of the armchair security people here

Agree wholeheartedly, but it's naive to think there isn't a complete difference in the scale of government sponsored hacking in the US and China. US tend to go for small scale, directed attacks (like Stuxnet and Flame) whereas China goes for 'Quantity over Quality' style attacks, bombarding all and sundry with low level attacks, I believe this 'volume' is what the article is referring to.

No doubt though that the vast amount of pirated copies of Windows are responsible for Chinese PCs being such a target for hacking for other countries. Maybe that's why they've been on such a drive to clear up piracy in the Middle Kingdom recently.

1
0
Silver badge
Joke

Re: Have to laugh at some of the armchair security people here

You are wrong! After invading our intelligence was validated: Some did in fact have opium and some had oil.

6
0
g e
Silver badge
Holmes

Perfect false flag system

Cyber attack 'emanating from within your borders'. Right..

Doesn't mean the payloads were originally created there, though. Not that China isn't indeed very naughty but it's the Kettle to the USA's Pot.

And I don't mean the MaryJ kind, either.

3
0
Bronze badge

It’s difficult to feel much sympathy with Beijing given the apparent volume and persistence of state-sanctioned attacks originating from within the Great Firewall. But it’s also worth remembering that activity of this kind is certainly being carried out to a lesser or greater extent by all major global powers.

*cough*NSA*cough*Utah*cough*

Life's a lot easier isn't it when you don't have to hack the PCs and the telcos just roll over and play nice?

2
0
Anonymous Coward

soam..

Most of the attempts to use my email server to send spam come from a couple of Chinese providers. The number of different pcs attempting it suggest either total complacency or apathy by the isp or they are a willing partner in the whole thing. Firewalling China and Korea frankly would seem to be a logical step forward.

0
0

Re: soam..

Actually not a bad idea. Lets encourage BT et al to block all IPs originating from China. I cant say I've ever seen a legitimate request come from China to our servers. First thing I do on every new server is block all known Chinese IPs. How much friendlier would this be if BT etc provided a tick box on their user admin pages to say, please block these countries for me at the network level... How do we start a campaign?

1
0
Bronze badge

Re: soam.. @George 8

That's probably a better idea than you realise...

http://www.theregister.co.uk/2009/03/30/huawei_threat/

0
0
Silver badge
Happy

Re: soam..

But that's where everything gets weird. The Chinese will never believe that companies are blocking them of their own volition, they'll think the Govt is behind it. I'm sure the Chinese have conspiracy fans too, like the 'Utah' comment up there. It would end up causing a big mess I'm afraid.

1
0

This post has been deleted by its author

Silver badge
Thumb Down

Re: soam..

I know of a small business that gets a significant percentage of its trade from China. It's not the business of BT to decide which countries its customers are allowed to receive connection attempts from. It's the business of each business to decide what firewall rules and other data security to impose on itself. the only sensible approach is to assume that ALL internet addresses are potentially hostile. It may have been your best customer until yesterday, but how do you know who is in the driving seat of today's connection attempt?

1
0
Anonymous Coward

That was quite clear from the beginning of the whole IT security budget raising China bashing campain. Software piracy is wide-spread in developing countries, including China. A copy of Windows, MS Office, etc. costs ca. 2 dollars in such countries, and PCs are often sold with non-genuine Windows, etc. copies pre-installed, because they are cheaper and there is virtually no intelectual property problems to be feared. Windows update on those copies does not work, as the OS is detected by MS as not genuine. Combined with the very little security awareness of a common PC user (all over the world, not just developing countries - people are happy if the PC just works at the moment), that leads to a huge number of vulnerable PCs, which can be very easily compromised. And China has most of them due to its sheer population size.

0
0
Anonymous Coward

A few more thoughts on this: The public China bashing in "West" is the result of mainly US (and riding the wave also other western) military simply trying to keep and extend its budget in times of cuts (and the bashing recepients respond with the same in their own countries, of course, as we all are the same animal walking this small planet). With obvious publicity support by companies selling IT security tools and services.

Microsoft could improve the situation drastically by abandaning their "genuine advantage" policy and allowing non-genuine copies of their products to update themselves. But they can't be blamed, as they are a commercial enterprise after all, trying to sell their products. So, what they do instead are the purely cosmetic but well-publicised "hacker ring crackdowns" for marketing purposes.

The US (whose jurisdiction MS is based in) wouldn't force MS to abandon "genuine advantage" even if they could, as rising the general IT security of potencial adversaries is not in their interests.

Governments of developing countries don't crack down on the raging software piracy, as it is currently not in their interests to increase average computing costs, thereby slowing the rate of economic development. But I guess they are going to start doing that when the average living standard increases so that more people will be able to afford genuine software, and costs of being compromized (identity theft, etc.) start outweighing computing costs (right now they are just used in botnets).

0
1
This topic is closed for new posts.