China’s hacking problem: more sinned against than sinning?Posted: May 20, 2013 Filed under: Uncategorized | Tags: APT1, botnets, bulletproof hosting, china, communist party, cyber security, DDoS, HKCERT, infosecurity, mandiant, PLA, zombies Leave a comment
Last week I finished off an analysis of the China/cyber espionage stories that have been flying around in recent months, with a surprising conclusion – in many circumstances the country may well be as much a victim of attack as a perpetrator.
We are unlikely to ever find out the extent of state-sponsored cyber attacks on the US and its allies, although thanks to several high profile reports which name and shame Beijing it’s clear that the tip of the iceberg is well and truly showing.
However, we can be more clear about how secure or otherwise China’s IP address space is and make some general observations.
I spoke to several information security experts about this and they were all in agreement that China is a particularly attractive place to launch attacks from, simply because there are so many compromised PCs as well as enough bulletproof hosting firms there to use with impunity.
HKCERT senior consultant, SC Leung, explained to me how compromised computers, of bots, in China are helping cyber criminals from outside the country.
“The zombie computer, or bot, steals the data (using its IP address) and sends it back to the attacker. When tracing the compromise police can only find the bot computer IP address. The attacker can further command the bot to send the data to Dropbox or a third party forum, and then retrieved it directly or indirectly. This long chain of investigation of different servers (probably in different jurisdictions) hampers the investigation.”
It’s also worth mentioning that not all attacks are being carried out by external forces to compromise Chinese IP addresses which are then used as a staging point to attack other countries. China has a massive internal problem with home-grown cyber crims targeting their own – stealing data, IP, bank credentials and even blackmailing by DDoS or other means.
It’s interesting to note that a week or so after I published this story, the FT ran an interesting piece which reached the same conclusions, claiming that the government is failing to provide coherent oversight on information security matters and that the forensics industry is virtually non-existent in China.
Apart from changing these two problems, there needs to be greater user education and awareness to ensure fewer PCs are vulnerable to outside attack, and a crack down on bulletproof hosters.
At the moment, the Party seems to be happy to close down porn sites in high profile raids, willfully censor its citizens and hit out at any US accusations of cyber subterfuge, but not to get its own house in order.
Cleaning up its address space first would would surely improve China’s standing internationally and may even help foster more cross-border co-operation, rather than the relentless mud-slinging of late.