Pity itās just commercial cyber espionage. We could use a respite 
I do computer and network security for a medium sized US university. For the last 10 years we have tried to document and respond to all network based attack. Currently, about 1/2 of all the attack arriving at our border appears to be fostered by the Chinese government.
What does count as an attack? Targeted scan of machines for open ports? DDoS? Running exploits? Or even the common weather of worm-based vulnerability scans (which according to my experiences would significantly pad the stats)?
Whatās the approximate rough breakdown of attack types?
Iām not into the whole security world thing but Iāve known people who were and they told me you could always tell it was the Chinese because of the hours they kept. If the attacks were Monday through friday 9am to 5pm and then dropped off at all other times, it was because the office was closed at nights and weekends.
Aaaaah, union work. Iād kill for shifts like thatā¦
If youād kill on shift, I think there are a number of golden opportunities in the world of international, industrial espionage just waiting for you to dominate.
I find it very, very hard to imagine either side negotiating in good faith here.
Though treaties like SALT 1 were successful - but itās easier to keep track of silos and mobile missile launchers.
So long as itās 9 to 5, with a union & pension, and itās not too far to walk to score for some decent cheap lunch, well, okay. Who I gotta kill? You got a list, or what?
Well, first Iām gonna need to incorporate for the immunity but Iām sure I can come up with something.
Itās crazy how it sounds like kind of a good deal thoughā¦ āuhhhā¦ whatās the pension scheme like?ā
the deal represented a āmassiveā concession by China
See, Obama will settle for just āmassiveā. Heās clearly not good enough to get the really āyugeā concessions.
You have a point. I probably would have been cynical then too, had I been old enough to spell cynical.
Please understand that I canāt speak for the attack environment of anybody else. I only know what I have tracked hitting my university.
If you wish to defeat the compromise cycle, you have to count each step of the process as part of the attack. You canāt blind yourself to part of the cycle and say it doesnāt count. So, we consider reconnaissance, probing, assessment, exploit, privilege enhancement, attaining persistence, ex-filtration, and lateral movement as attack. In dealing with government level attackers, you have to also add decoy, distraction, and saturation behaviors to the list.
So far, we have limited experience with DoS attacks. The Chinese government appears to treat us like a milk cow. They have little interest in destroying us. Instead, they regularly come by and harvest what they can get.
During the last 5 years, our attack community has shifted from dominated by immediate economic gain to dominated by governments interests. Here is a breakdown during that time: Many of the Chinese scans documented back in 2012 persist to this day. Every so often they change from one Chinese IP to another. But they continue to hit the same ports at about the same time of day. They also exhibit favorable QOS. And they take Chinese holidays off.
The transition to government hacking revealed itself in several ways:
-
Many attack behaviors shifted away from immediate gain. Several times, one of these attacks has gained a foothold and bypassed easily resale-able resources to grab research results. Here is another example.
-
Some attacks were pure research and development. For example, we saw many attempts to perfect sneaky scanning. We documented some of them here.
-
Many attacks demonstrated favorable QOS. You can see this for yourself in the scan captured 3 min and 30 sec into a YouTube video I posted years ago.
-
Many attacks invest large amounts of resources to gain info, and do not immediately cash it out.
-
Then there are the attacks that invest huge amounts of resources to attain a non-economic goal. In this example, they used a large botnet to monitor the state of the Z39.50 protocol (used by many many large libraries.)
Wow, how fucking cynical is this.
Since China denies doing or having ever done anything like this itās about as close to a null statement as you can get. Itās like getting Tom Brady to sign an agreement not to cheat.
And the US arenāt angels either, the NSA will keep spying on China and selectively feeding their findings to āstrategicā US corporations like GE.
Am I going to be the only one to say āwell doneā for getting China to agree to prevent cyberattacks to avoid sanctions? For standing up to China?
Very well then: well done.
I wonder whether the US will hold China to its signature in the same way that it holds itself to its signature on the Geneva Conventionā¦
Somewhat related, thereās an interesting analysis of the Geopolitics of the TransPacific Treaty over at the American Prospect,
Our Incoherent China Policy
This topic was automatically closed after 5 days. New replies are no longer allowed.
