The Secret China-U.S. Hacking War?

bored-at-IETF-ntp-session writes "In an article at eWeek Larry Seltzer examines the supposed hacking war between the US and China. He surmises 'Even if you can't prove that the government was involved ... it still bears some responsibility'. He quotes Gadi Evron who advised the Estonians during the Russian attacks. 'I can confirm targeted attacks with sophisticated technologies have been launched against obvious enemies of China ... Who is behind these attacks can't be easily said, but it can be an American cyber-criminal, a Nigerian spammer or the Chinese themselves.' Seltzer concluded 'It's just another espionage tool, and no more or less moral than others we've used in the past.'" This a subject we've also previously discussed.

Re:Not suprised

[JustAnObserver]

...we get port sweeps every day coming from china. Probably so, but I'd guess that you're also getting port sweeps from Russia, Korea, various others, and from within the US - Am I right? Hardly. In my university (top 50), well over 90% of such attack attempts (and port scans are just a small fraction of those, mind you) come from China. Connection attempts from Russia happen much, much less often, and those from other sources are extremely rare exceptions.

Yes I understand your scepticism. I used to think along same lines until having had looked at Snort logs.

How do we know it's the Chinese?

[element-o.p.]

Not to play devil's advocate, but do we know it is the Chinese hacking the U.S.'s data networks?

One of the comments above mentioned that "just mentioning the words 'network security' in China can land you a lot of jail time." If this is correct, then it seems to me that there are probably a lot of unsecured networks and hosts in China. If that is the case, then how do we know that it is really the Chinese who are trying to hack DoD and business networks rather than some thirteen year old script kiddie in Hackensack who just happened to find a way into a computer in some backwater school in China?

Just because you are seeing hits from Chinese IP addresses doesn't mean the Chinese are behind it. The real question is "how deep does the rabbit hole go?" Unfortunately, there isn't really any way to know unless you hack the originating IP(s) yourself.