I always appreciate how the US are able to pin every network compromise directly back to China. And not just China but the Chinese government in particular.
Almost like VPNs, proxies, TOR, compromised machines, botnets, or similar do not exist in this arena and that a reverse DNS lookup will tell them 1337.mss.gov.cn.
When the US talk about cybersecurity/"cyber wars" in general they're talking about something more akin to a Hollywood movie than anything you see on the ground on either side of the "fight."
I'm extremely sceptical every time they claim Chinese responsibility. I am sceptical not because China wouldn't have the skills or motivation to do so (they do/would) but because they jump to these conclusions unrealistically quickly and if their adversary covered their tracks even modestly pointing fingers like that would be quite hard (e.g. send it through Russia).
There are many details left out that could reasonably pin the attacks on the Chinese. While communication back to the source may be obfuscated and hard to pin on any particular actors the exploits, shellcode, and malware they use can possibly be tied to other breaches. Like regular programmers, hackers tend to reuse modules, code blocks, techniques, etc. from attack to attack. So whereas the NOAA breach may not conclusively point to China something found during the incident response and forensics phases may connect it to the USPS breach, Lockheed Martin breach, or others. A good example of this technique would be how researchers were able to tie Stuxnet, Flame, DuQu, and Guass to the same actors (probably the US and Israel).
That doesn't mean that it's actually Chinese users doing anything though. China has a lot of software piracy in their culture, where piracy is, malware and botnets are rife.
I find that debatable, they are still guilty to some extent because of their inaction to do anything (effective) against these botnets. whether 'action' would refer to users installing a decent anti-virus, or an ips blocking and isolating obviously infected hosts.
Of course, this is a whole different level of culpability than if they were actually condoning large scale attacks on other countries infrastructure.
The fact remains that if I were to plot the amount of ip's that come knocking at my non-production server you'd see over 50% coming from china.
17.18% of all desktop OS-es connected to the internet are Windows XP, the version for which Microsoft doesn't publish updates. Most of these computers are in China. Also "in 2009, approximately 80% of software sold in China was pirated."
The average weekly income of a Chinese worker is around 100 USD. He is not going to buy new software even if it costs the same as in the US. It typically costs even more.
Don't be surprised bots have easier targets there.
I find it very hard to believe myself, because when you can obtain for free, why not go for the latest, shiniest version? But the reality is, most of Chinese computers are still stuck with XP, whatever the reason is.
XP was made for much weaker machines, older hardware. When you earn 100 USD per week you don't upgrade hardware as long as you can. Just as an example from another part of the world, I live in Europe and I've used a Sony notebook from 2002 until the last year, when the hardware started to fail. I guarantee you that Windows 7 can't be installed on it. Even the newer Ubuntu versions weren't installable from one point on.
Ever heard of PPStream or PPTV? Well, good news is that both software open some sort of transparent http proxy listening on 0.0.0.0, obviously it's for helping the p2p.
I share that skeptical feeling. It's always been a common technique to bounce an attack on US servers through servers in a foreign country that doesn't speak English much and doesn't have the best relationship with the US. China is the ideal one for this, and generally has the best supply of vulnerable servers to do this through.
Having hacked Google, Juniper, Symantic, Morgan Stanley and countless USGOV sites - why not hack NOAA? Its not as if there will be any USGOV response. No sanctions. No demarche of which I'm aware. No counter-attack that has been publicized by China. Turning the other check is not a valid strategy in a prolonged conflict.
Turning the other cheek is an OK strategy when the damages are not terribly high and the political and economic costs of any reaction would be worse than that of the attacks. In fact, improving defensive security and not responding to cyber-warfare except in cases that imminently endanger human lives or defense capabilities would probably be the sounder policy. That said, that's far from what the U.S. government is doing, the U.S. government engages in espionage and arguable cyber-warfare against nations it's not in conflict with (including China) with alarming regularity. The Snowden leaks give us an idea of how a fraction of those operations looked more than 6 years ago...
If it were me, I'd just issue a formal letter thanking the Chinese government and their people for spending their own taxpayer's money pen-testing U.S. infrastructure and ensuring security best practices are followed ;p (yes, I am being tongue-in-cheek, speaking of cheeks...)
Done. Tepid feeling of unease was experienced that could be also be attributable to the grocery store sushi I had for lunch. To help put your mind at rest, USGOV bureaucrats oscillate across an ass-covering wave of incident driven threat detection peaks, and valleys of privacy right restrictions on their abilities. China, singling out just one state actor, operates unmodulated. There is a difference of level, accountability and transparency that makes your comparison invalid.
These articles always make me wish I could see the Chinese equivalent. Are the newspapers in Beijing just full of stories about US "cyber attacks" on Chinese infrastructure?
No. There are plenty of articles in China about how an evil empire the US is, but mostly on how it misuses its military, financial and cultural power, how it instigates unrest in other countries, how its democracy is a fake one, etc. Seldom if any mentions US hacking.
The "one POV" thing is not about how interconnected the world is; it's about language barrier. An English site will always be dominated by people whose native language is English.
Someone I know who grew up in mainland China told me he was raised and taught in school to believe the Tianenmen square massacre was just U.S. fabricated propaganda.
Rest assured, they have better methods of attribution than a reverse DNS lookup. It's difficult to attribute a specific attack, but relatively easy to attribute large campaigns.
I also appreciate how the public unquestioningly believes that the Mars rover was in fact really on Mars. Especially, if one is to ask "qui bono", the answer that you'll get is that the administration is trying to direct attention from its police surveillance of Someone1234. I'm not saying that the Mars rover landing was faked, I'm just asking questions.
Almost like VPNs, proxies, TOR, compromised machines, botnets, or similar do not exist in this arena and that a reverse DNS lookup will tell them 1337.mss.gov.cn.
When the US talk about cybersecurity/"cyber wars" in general they're talking about something more akin to a Hollywood movie than anything you see on the ground on either side of the "fight."
I'm extremely sceptical every time they claim Chinese responsibility. I am sceptical not because China wouldn't have the skills or motivation to do so (they do/would) but because they jump to these conclusions unrealistically quickly and if their adversary covered their tracks even modestly pointing fingers like that would be quite hard (e.g. send it through Russia).