Slashdot Mirror
US Responsible For the Majority of Cyber Attacks
Amber G5 writes "SecureWorks published the locations of the computers from which the greatest number of cyber attacks were attempted against its clients in 2008. The United States topped the list with 20.6 million attempted attacks originating from computers within the country, and China ran second with 7.7 million attempted attacks emanating from computers within its borders. This was followed by Brazil with over 166,987 attempted attacks, South Korea with 162,289, Poland with 153,205, Japan with 142,346, Russia with 130,572, Taiwan with 124,997, Germany with 110,493, and Canada with 107,483."
Those bastards hacked my Yahoo mail!
Posts not to be taken literally. Almost everything is sarcasm.
The majority of cyber-attacks(controlled by their Chinese and Russian overlords) originate within the U.S.
Sounds plausible.
No folly is more costly than the folly of intolerant idealism. - Winston Churchill
Formula:
#zombies=#computers * X%
I mean, isn't it that obvious?
"As God is my witness, I thought turkeys could fly." A. Carlson
Of course, hackers always use their home ip, and never bounce off of compromised clients in other countries.
And out of how many computers connected to the Internet? I'm willing to bet China's "per machina" rate is higher.
My blog
Leaving their broadband-connected computers 24-7!
proud caffeine whore
We're #1!
We're #1!
I'm sure the bulk of it is just that we have more computers. I'd have thought Japan would have been higher though, if that were the primary factor, so maybe not.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
A list of their "Clients" might be useful as well as interesting while taking their numbers and the source of the "cyber attacks" into consideration...
It might be that as the US is the greatest English-speaking population with disposable income, the US may be a better target and thus is targeted from within the itself more often??
I guess on the internet axis of evil we are number One!
Many of the attacks originating from China are actually from the US as well. Many US hackers find it easy to compromise chinese machines and use those machines for whatever they need. I'm willing to bet a hand full of Chinese attacks are actually originating from the US as hackers seek to use easily compromised machines that are unlikly to work with the US (politically) if the US asks for connection info from an ISP. As a result, a lot of US originated hack trails stop in china.
Trying to install linux on my microwave, but keep getting a kernel panic...
http://apnews.myway.com/article/20080922/D93C1GC81.html
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
All those AOL users who leave their boxes up 24/7 are infected with cooties that use their machines to haxx0r the rest of the world and steel their megabites, oh n0s!
I will not be pushed, filed, stamped, indexed, briefed, debriefed or numbered. My life is my own.
One day, there will be a time where most cyber attacks originate from China, and people will be like: "where are those good old times where most cyber attacks still came from the US".
If one computer in China is responsible for 30% of all the attacks and another computer is responsible for another 30% of attacks, that only leaves 60%.
As one poster already said, I'm willing to bet that the per machine rate in both countries probably accounts for the other 60%.
Thoughts?
---
With bad karma, what have I got to lose?
Beer is proof that God loves us and wants us to be happy.
At first when someone pointed out to me, that Canada, my home country had the least amount of attacks, he spun it to me in a sad manner. "Aww we have the least amount of hackers :("
To which I responded
"No no young padawan. We have the least amount of hackers who were traced"
GO CANADA!!
Milk in a bag FTW
And this has been another installament of Captain Obvious!
...can we lump the MediaSentry/SafeNet "investigations" in the numbers for these attacks?
Comment removed based on user account deletion
... is to disconnect USA from the Internet, while we are at that, lets close the borders and cancel all posible fligths over the country. Oh and cancel the fucking NAFTA that is only making the rich people richer and the poor people poorer (at least in my country).
Is not that we are loosing anything good anyway.
Mod me as flamebait, I don't care, that's what AC is for.
In my experience, most attacks are coming from China, with U.S. attacks being very rare. This is primarily based on looking at SSH brute-force attacks.
The article does not provide much detail. It would be interesting to see the attacks classified by type.
My mother always said to be polite, so . . . You're welcome($&%^(PH&@
%$$EB^$#$
[CARRIER LOST]
Well, there's spam egg sausage and spam, that's not got much spam in it.
Come on, this is the first bit of upbeat news on the tech sector that the US has had in a while.
The banks might be tanking.
The Hell-desk might be going over seas
But when it comes to Cybercrime the US still leads the way as the Gambinos of the internet.
USA - A OK... come on you know you want to shout it.
China might have a state backed machine, but that is no match for the free market capitalism of corruption and crime that can support a much larger and more effective cybercrime base.
So don't doubt it and say "oooh no we are the good guys, its all China and Russia" like some pinko liberals, embrace the brilliance of US invention in circumventing technological barriers.
Didn't John McCain say that the fundamentals of the US economy were strong as the fundamentals were the ingenuity of the american people? It seems like the old coot is more up to date on technology than any of us thought, he was thinking about cybercrime as being a boom area for Americans.
One citizen, one rootkit. This is a lead that need not be lost.
An Eye for an Eye will make the whole world blind - Gandhi
Comment removed based on user account deletion
That was it, nothing more. Move along people!
Guns are for wimps... Use a crossbow.. this way you can pin them to their chair when you go postal.
Yes, clearly the threat is outside our borders now. We must go to war.
I bet this does not take into account the use of proxy servers.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
2 out of 3 US hackers choose SecureWorks clients. Remember, discerning hackers choose SecureWorks.
Good job on reading the article. You know, the part where every other paragraph other than what was cut for the summary points this out and how to defend against this very thing.
You know, they never draw that conclusion in the article. They just say that some attacks originating from a given country may be initially controlled from a different country. They don't go into ip masking/spoofing or any of that... Why would they want to expose the limits to their services when this article was written in an attempt to sell something?
I am the richest astronaut ever to win the superbowl.
...has so many people with computers, and too much free time?
...the future crusty old bastards are already drinking the Kool-Aid.
All the article says is that someone said it was so. It gave no indication of how the numbers were determined. What was the methodology?
Did it take into account, say, a Chinese hacker compromising a two or three servers in the U.S. and then using THOSE servers to attack many other servers both inside and outside the U.S.?
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
http://www.secureworks.com/media/press_releases/20080922-attacks/
I honestly don't know -- I'm gay.
Only the dumbed-down Faux News drone would be surprised here, or more likely just not care.. those pitiful creatures. With all their hoohah over cyber attacks, they turn out to be the biggest(by far) offenders.
I don't know about the rest of you, but I'm tired of my country's government, it's media, and it's corporations' bullshit. Something needs to be done.
The headline should tell main point of the article, which is that most attacks come from computers that are most likely inside the U.S., not that the US government is launching the attacks, but then again not many people do a good job of writing headlines these days anyway...
B-)
The US certainly takes the cake for number of citizens sitting in front of computer with too much time on their hands. I would like to see a breakdown based on the severity of these attacks, to differentiate between some kid running a port scanner on his local cable loop and a deliberate attack on a .gov address or Randy Newmann or such.
I question whether the 'origin' of the attack can be designated in most cases.
An unattended, unsecured box in a corporate cubicle, zombied by a back-door trojan isn't the 'origin'.
Neither is the mom-and-pop AOL box in the basement.
It's the hacker(s) who control the zombie masses that are the origin, out in that nebulous cloud.
If the attacks could really be traced to their true origins, as in 'first cause', and that inital controlling element is physically present within our borders, would not the zombie nets have been rendered ineffective long since?
just askin'
(T)he (O)ld (M)an
You'll notice pretty much any survey of crime shows:
Violent Crimes per 100,000
Serious Sexual Assaults per 100,000
Murders per 100,000
etc.
They don't just say, "Crimes" because...
Any smart person would choose somewhere with a billion people and 10,000 crimes over a million people with 1,000 crimes. That's why per capita is critical.
Any smart person would also likely choose somewhere with 10,000 littering offences and 1 murder over somewhere with 1000 murders.
It only takes two massive cyber attacks against the entire infrastructure of Georgia and Estonia to make Russia (assuming you don't accept their denials) far more offensive on a global scale than a million spam botnets.
Now which is worse? The country that spams millions of times or the country that cripples the infrastructure of any small nation that dares oppose it? Still care about pure numbers without caring what the numbers actually record?
I'm not claiming the U.S.'s vast numbers of offenses are purely the equivalent of littering, nor that they never do anything worse... Simply that big but meaningless because it's not clarified number A vs. big but meaningless because it's not clarified number B is still... meaningless.
No surprises there
I'm a minority race. Save your vitriol for white people.
where ?
Read radical news here
Do you honestly think anything but the tiniest fraction of port scans are not malicious?
I've done thousands of port scans as part of my job. I've done four today, and I'm not even a networking guy any more. Most reasonably capable computer professionals will do hundreds if not thousands of non-malicious port scans during their careers.
How do you check port security? Ask your (possibly root-kitted) host with netstat? Ask the (possibly incompetent) sysadmins of the systems you're trying to check?
netcat and nmap are commonly used tools found on all competent network professionals' computers, and most sysadmins use nmap, and really top-notch app programmers keep it handy as well.
My bad.
-ZeroCool
Unless you're performing a DoS isn't IP spoofing very counterproductive since you cant get a response?
If the target system's been infected from a webpage or email, you can send commands from a fake IP and receive responses on an anonymous channel such as IRC or an abandoned web forum.
"US" as in slashdot readers?
Surely US clients are more likely to be attacked by CHINESE attackers, not US ones.
Unless you MUST have these proxies operated by the chinese, they could just as well be operated by the US.
You can only use that point to comfort yourself that those dirty foreigners are the bad guys, not you lovely yanks.
Which really IS begging the question.
Agreed. When I was a teen (growing up in Canada), I used to dabble in the dark arts. I can guarantee that no "attacks" ever originated from my IP. Of course, if anyone had been paying attention, they may have noticed 2,500 computers in Korea and China doing some rather strange things, while being logged into an IRC channel called #Canadian_eh. Pretty much all of my friends took similar precautions. Dunno if that's true for all Canadians, but it definitely was for the ones I knew.
Whenever I hear outlandish numbers like these I immediatly assume a case of yet another clueless idiot counting each ping or port scan as an attack. Such nonsense peddlers deserve to be ignored.
People still use AOL?
I've done thousands of port scans as part of my job. I've done four today, and I'm not even a networking guy any more. Most reasonably capable computer professionals will do hundreds if not thousands of non-malicious port scans during their careers.
How many of these port scans did you perform on ips you otherwise had no control over or relationship to?
I see port scans come at my servers all day. Are you seriously trying to suggest that thousands upon thousands of "network professioals", and "top-notch app programmers" around the world are doing them on my servers for some non-malicious purpose? Sure my ISP is behind a couple as part of their legitimate network monitoring, and I've run a few myself, but the 99.99% majority hitting my servers are malicious.
The parent poster was correct.
And "thousands" over a career is somehow not a tiny fraction?
HACK THE PLANET!
Don't rush me, Sonny. You rush a miracle man, you get rotten miracles.
Will you guys cut it out!
Bomb the US. Clearly the US is harbouring Cyber-Terrorists (CTs)within its borders and is not doing anything to stop them from Cyber-Terrorising other countries. If the US won't do anything about this, then the rest of the world have the right to send in attack helicopters and marines into the US or at least lob some cruise missiles at some Cyber-Terroristic Servers.
And "thousands" over a career is somehow not a tiny fraction?
Well, you're not exactly using precise numbers, are you, but I was guessing that I am not the only person capable of portscans who is not actively malicious.
How many people do you think are out there maliciously portscanning? I've met way more normal computer professionals than psycho computer criminals that spend forty hours a week cracking. The few people that I have met who might fit that description are not heavy portscanners anyway, they sure aren't competing with Red Siren's daily (non malicious) portscans.
Red Siren probably hits ten thousand hosts a day, although I'm just guessing. Non-malicious college research projects and net surveys probably hit almost as many.
Perhaps you are using different metrics than me, but (absent real data) I'm betting there are fewer portscanning criminals than portscanning wage slaves on the Intartubes.
How many of these port scans did you perform on ips you otherwise had no control over or relationship to?
That's a very good point. I almost never portscan IPs I don't need to talk to; it's a troubleshooting and investigatory procedure for me.
I see port scans come at my servers all day. Are you seriously trying to suggest that thousands upon thousands of "network professionals", and "top-notch app programmers" around the world are doing them on my servers for some non-malicious purpose? Sure my ISP is behind a couple as part of their legitimate network monitoring, and I've run a few myself, but the 99.99% majority hitting my servers are malicious.
The parent poster was correct.
I see your point, but you've got a pretty broad definition of malicious there. Is gathering information without causing you any harm really malicious? I usually require a greater burden of proof of maliciousness than "they looked at me, and I can't conceive of any other reason than they might want to hurt me".
But as I said, you definitely have a point; you may well even be right, though I don't think either of us has really proved anything.
I always thought AOL was SkyNet version 0.0.1
How many people do you think are out there maliciously portscanning? I've met way more normal computer professionals than psycho computer criminals that spend forty hours a week cracking.
Quite a number of them, and they're not exactly sitting around typing in nmap command lines by hand, you know. They have automated tools to scan large sections of the internet for known vulnerabilities to exploit. They don't run "thousands" of portscans, they run millions.
And the fact that you haven't met many of them might have more to do with you not associating with criminals, hmm?
fucken terrorists....will they now loses the human rights??
Watch me pull a statistic out of my ass.
In all fairness, the Poles would have had a much higher number of attacks if they had remembered to turn on their computers first.
I suppose anyone looking out the window as they drive past your house is "Casing the joint".
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
Wait! Who gave Canada computers??!!
What is the networked computers per Capita in these nations?
Hmmm this might be indicative:
Computer Expenditures Per Capita
Only Switzerland spends more, per capita than the US -- and their population is so small in comparison that it is noise. Russia is way down on the list, and China isn't on the list -- unless you count Hong Kong.
What does this mean? It means that per capita, Russia and China have more hackers than the US -- and if you believe most of the bot-nets originate from those places -- they probably account for a percentage of the US number too.
Lodragan Draoidh
The more you explain it, the more I don't understand it. - Mark Twain
Quite a number of them, and they're not exactly sitting around typing in nmap command lines by hand, you know. They have automated tools to scan large sections of the internet for known vulnerabilities to exploit. They don't run "thousands" of portscans, they run millions.
Ah, there's part of the problem. I think of a portscan as being one invocation of a tool, you are thinking of it as one host being scanned. OK, that's orders of magnitude different, and your definition is likely more useful. Nonetheless, harking back the top posts in this conversation, I still don't see investigation as being inherently malicious; asking questions about bank security is not something that should be automatically cause one to be treated as a murderous bank robber, or even labeled as one.
And the fact that you haven't met many of them might have more to do with you not associating with criminals, hmm?
Well, my employer does send me to Defcon as part of my job. Most of the people I meet there are more curious than malicious. But it's true I don't spend all my time trawling the seamy underbelly of the Eastern European cracker scene.
Nobody said that investigation was "inherently malicious". All that was said that if you are a server on the internet, and somebody portscans you, the odds are overwhelmingly in favour of that person being malicious.