Pity it’s just commercial cyber espionage. We could use a respite
I do computer and network security for a medium sized US university. For the last 10 years we have tried to document and respond to all network based attack. Currently, about 1/2 of all the attack arriving at our border appears to be fostered by the Chinese government.
What does count as an attack? Targeted scan of machines for open ports? DDoS? Running exploits? Or even the common weather of worm-based vulnerability scans (which according to my experiences would significantly pad the stats)?
What’s the approximate rough breakdown of attack types?
I’m not into the whole security world thing but I’ve known people who were and they told me you could always tell it was the Chinese because of the hours they kept. If the attacks were Monday through friday 9am to 5pm and then dropped off at all other times, it was because the office was closed at nights and weekends.
Aaaaah, union work. I’d kill for shifts like that…
If you’d kill on shift, I think there are a number of golden opportunities in the world of international, industrial espionage just waiting for you to dominate.
I find it very, very hard to imagine either side negotiating in good faith here.
Though treaties like SALT 1 were successful - but it’s easier to keep track of silos and mobile missile launchers.
So long as it’s 9 to 5, with a union & pension, and it’s not too far to walk to score for some decent cheap lunch, well, okay. Who I gotta kill? You got a list, or what?
Well, first I’m gonna need to incorporate for the immunity but I’m sure I can come up with something.
It’s crazy how it sounds like kind of a good deal though… “uhhh… what’s the pension scheme like?”
the deal represented a “massive” concession by China
See, Obama will settle for just “massive”. He’s clearly not good enough to get the really “yuge” concessions.
You have a point. I probably would have been cynical then too, had I been old enough to spell cynical.
Please understand that I can’t speak for the attack environment of anybody else. I only know what I have tracked hitting my university.
If you wish to defeat the compromise cycle, you have to count each step of the process as part of the attack. You can’t blind yourself to part of the cycle and say it doesn’t count. So, we consider reconnaissance, probing, assessment, exploit, privilege enhancement, attaining persistence, ex-filtration, and lateral movement as attack. In dealing with government level attackers, you have to also add decoy, distraction, and saturation behaviors to the list.
So far, we have limited experience with DoS attacks. The Chinese government appears to treat us like a milk cow. They have little interest in destroying us. Instead, they regularly come by and harvest what they can get.
During the last 5 years, our attack community has shifted from dominated by immediate economic gain to dominated by governments interests. Here is a breakdown during that time: Many of the Chinese scans documented back in 2012 persist to this day. Every so often they change from one Chinese IP to another. But they continue to hit the same ports at about the same time of day. They also exhibit favorable QOS. And they take Chinese holidays off.
The transition to government hacking revealed itself in several ways:
Many attack behaviors shifted away from immediate gain. Several times, one of these attacks has gained a foothold and bypassed easily resale-able resources to grab research results. Here is another example.
Some attacks were pure research and development. For example, we saw many attempts to perfect sneaky scanning. We documented some of them here.
Many attacks demonstrated favorable QOS. You can see this for yourself in the scan captured 3 min and 30 sec into a YouTube video I posted years ago.
Many attacks invest large amounts of resources to gain info, and do not immediately cash it out.
Then there are the attacks that invest huge amounts of resources to attain a non-economic goal. In this example, they used a large botnet to monitor the state of the Z39.50 protocol (used by many many large libraries.)
Wow, how fucking cynical is this.
Since China denies doing or having ever done anything like this it’s about as close to a null statement as you can get. It’s like getting Tom Brady to sign an agreement not to cheat.
And the US aren’t angels either, the NSA will keep spying on China and selectively feeding their findings to ‘strategic’ US corporations like GE.
Am I going to be the only one to say “well done” for getting China to agree to prevent cyberattacks to avoid sanctions? For standing up to China?
Very well then: well done.
I wonder whether the US will hold China to its signature in the same way that it holds itself to its signature on the Geneva Convention…
Somewhat related, there’s an interesting analysis of the Geopolitics of the TransPacific Treaty over at the American Prospect,
Our Incoherent China Policy
This topic was automatically closed after 5 days. New replies are no longer allowed.