Chinese Hackers Targeting NYPD Computers

Mike writes "A network of hackers, most based in China, have been making up to 70,000 attempts a day to break into the NYPD's computer system, the city's Commissioner, Raymond Kelly, revealed Wednesday. Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking 'in much the way the Pentagon has been.' The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files. China's foreign ministry spokesman Qin Gang denied involvement in computer espionage. 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies,' he said last month. The obvious question is, why are the Chinese so interested in the NYPD computer network?"

Track an IP?

[x_IamSpartacus_x]

Someone should create a GUI interface using Visual-Basic to track an IP!

Re:Track an IP?

[TheRealMindChild]

Don't hate! Visual Basic has always been great for creating GUIs. Just there are people who decided to write their code in it too

Re:Track an IP?

[fisticuffs]

Someone should create a GUI interface using Visual-Basic

Get with the times, man. Haven't you seen CSI? They make 'em with Flash now.

Re:Track an IP?

I thought that was a direct quote from CSI....

Re:Track an IP?

[x_IamSpartacus_x]

No... I'm pretty sure they still use visual basic

Re:Track an IP?

[plover]

Qin Gang denied involvement in computer espionage. 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies,'

"So-called Chinese computer spies"? Let's just shut off the routers involved and see exactly which country complains.

It probably won't be China doing the complaining, because China will be cut off from the net about that time.

Re:Track an IP?

[Plekto]

This probably will eventually happen.

"Sorry, until you clean up and police your own users' bad behavior, we cannot allow them access to (country/region)"

Make the "Great Firewall" a reality and see how fast they comply.

Re:Track an IP?

[timeOday]

Wait a minute, you want to ban the world's most populus nation from the Internet until they get rid of botnets? No country on earth has done that. So I don't see how you can attribute the attacks to China. For that matter, we already know there are compromised computers everywhere, so why would somebody originate attacks from their own land? Or am I not giving network forensics enough credit here - can they actually tell where an attack ultimately originates? I doubt it.

Re:Track an IP?

No they can't. There have been many stories in the news lately about "Chinese hackers", the F-35 espionage, blah blah - all over the place. I don't get it. Isn't public perception of china bad enough? They are basically crawling out of an industrial era, and in the next ten years their economy is going to double. My advice to anyone reading this: drop that functional language you're learning and learn mandarin instead, over a billion people speak it, and there are a ton of online resources to help.

Re:Track an IP?

[JWSmythe]

    No shit.... I cringe every time I see one of these stories. Not only are they stupid, but whoever is giving the statements shouldn't be doing computer forensics. My humble opinion, since I don't work for any of the places reporting this crap, is that they overheard an IT guy saying "Someone in China is trying to get in. That IP belongs to a provider [insert city in China]". I've actually made that mistake. Saying it, not believe it, that is. I see a brute force attempt, and someone asks, "who does that IP belong to?" "oh, it resolves to some place in China." Suddenly it's the Chinese attacking. A 5 second conversation usually takes 30+ minutes to explain, even though it took less than 10 seconds to set a firewall rule against their block by hand.

    I see these "oh my gosh, the Chinese are attacking" attacks every day. Well, not just China. They come from all over the freakin' world. But hey, China is the evil Communist nation bent on destroying the American economy by providing substandard underpriced merchandise. Oh ya, and they have nukes to kill us off when they're done.

    It's "the reds are coming" cold war US vs Soviets game all over again, except this time we have IP's, and we can even see where the block is.

    You know, from my own logs, the Americans are coming too. As are ... well ... just about every country that has a freakin' netblock. But with the population of China, they come in just above the United States, mostly because Americans will eventually take their POS computer to the store and ask why it's going so slow. Or more like they'll buy a second one and a hub, so they can have both online and transfer things from one to the other over the next year or two, and never consider that the "old" one is doing malicious things.

    The biggest ones I notice are brute force attempts against SSH (one of the few services I leave public). Next would be SQL injection attempts via HTTP. whoowhoo, it's obviously a foreign government conspiracy. If they can just crack my little web server, they'll have the secrets to .... well .... not too damned much. Anything interesting is already up on my sites. :)

Re:Track an IP?

[JWSmythe]

  You know, I've only ever seen a couple episodes of that stupid show, with good reason.

  This just makes me want to cry.

  user@mybox~$ nslookup

So here's my real world example from just now.  They were actually caught and automagically blocked for spamming, so I don't mind posting their info. :)

user@mybox~$ nslookup 212.80.95.26
Server:         x.x.x.x
Address:        x.x.x.x#53

** server can't find 26.95.80.212.in-addr.arpa.: NXDOMAIN

user@mybox~$ whois 212.80.95.26
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html

% Note: This output has been filtered.
%       To receive output for a database update, use the "-B" flag

% Information related to '212.80.95.0 - 212.80.95.63'

inetnum:      212.80.95.0 - 212.80.95.63
netname:      EL-CHA
descr:        EL-CHA, s.r.o.
descr:        Spojovaci 19
descr:        250 65 Boranovice
country:      CZ
admin-c:      TC562-RIPE
tech-c:       TC562-RIPE
status:       ASSIGNED PA
mnt-by:       TRANSGASNET-MNT
source:       RIPE # Filtered

person:       Tomas Charvat
address:      Ivan Charvat, EL-CHA
address:      Spojovaci 19
address:      250 65 Boranovice
address:      Czech Republic
e-mail:       tc@el-cha.cz
phone:        +420283981167
fax-no:       +420241404772
nic-hdl:      TC562-RIPE
source:       RIPE # Filtered

% Information related to '212.80.64.0/19AS29208'

route:          212.80.64.0/19
descr:          Dial Telecom, a.s.
origin:         AS29208
mnt-by:         TRANSGASNET-MNT
mnt-by:         DIAL-MNT
source:         RIPE # Filtered

Ok, call Tomas at +420283981167, and find out who was on that IP.  Maybe it doesn't look so realistic when I can get you close to the problem child in one line in a shell.  If only I could write in VB, then I could make the GUI, and maybe have it control the trigger on a gun pointed at my own head, so I never have to see any more crap like this ever again.

Re:Track an IP?

[OrangeTide]

most of the bots in a botnet are compromised computers in the US. So we should isolate the US from the rest of the world until they can manage to secure their own systems. And until US companies and reduce the number of insecure OS releases they produce.

Re:Track an IP?

[24-bit+Voxel]

Yes, but do they do it ... in REAL TIME?!?

Re:Track an IP?

[ThomasCharvat]

No need to call, I'm right here. What do you want?

TC

Re:Track an IP?

[Ex-MislTech]

Well it is more than Botnets.

http://www.redorbit.com/news/technology/1661861/cyberspies_hack_computers_in_103_countries/

Some respected ppl in Canada have seen things
that make it appears its not as minor as one
might think.

To make matters worse counterfeit chips were
made to put into Cisco gear and used to
penetrate the pentagon among other places.

http://it.slashdot.org/article.pl?sid=06/10/24/1819200

So any one piece looks mildly nefarious, but
when you dig deeper than what I have here
you start to see a pattern for concern.

Just my 2 cents.

Re:Track an IP?

[theelectron]

Good points. It is also easy to see what information the hackers are gathering and see who that information is most relevant to, especially when these attacks are as systemic as they are. The US intelligence committee are pretty experienced in the field of intelligence. If they really these actions are coming from Chine, chances are really really good that they are.

Re:Track an IP?

[JWSmythe]

    Actually, I'll argue both cases.

    People tend to feel they were personally violated by a widespread matter. I've heard people ask "why would someone want to steal my banking information? I only have $10 in there. I'm poor. Shouldn't they be going after people with money?"

    It's not about the person. It's about what they can get into. More like, it's about how many things can they get into. So a government/political agency/group got malware. It most likely wasn't a specific target, but rather the fact that their security wasn't as good as it should have been, and someone (could have been anyone) got in.

    Say I was Mr. Bad Guy Malware Author (tm). I'd write it. I'd get it out in the wild. If it collected information which was worth something, then it could be sold to interested parties. Are they really going after very specific state secrets that may exist on a handful of machines, or are they going after anything they can, and the worth while bits are being taken advantage of? Probably the later.

    Now, for the Pentagon being infiltrated by counterfeit networking gear, that's another completely conspiracy view. There was no way for the manufacturer in China to know that their counterfeit equipment would go through the supply chains and end up at the Pentagon. Hell, if I sell 100 routers, I don't know where they'll be once FedEx drops them at the destination. The counterfeit equipment is exactly that. It's someone who's figured out how to reproduce an expensive item for much less, and still sell it at the real item's cost (or probably slightly cheaper). They're making a buck. The items were slipped into the regular supply chains. That's not an impossible task to do, and it's really what you'd want to do, to move your counterfeit equipment. Any one of those pieces could have landed in a CCIE test rack, a crappy ISP, a small office selling cut rate widgets, or in this case, the Pentagon. The bigger question would be, why aren't they buying from Cisco directly, rather than through 3rd parties.

    But, was any privileged data released? The secure network should be (ummm) secure. I would assume not only just firewalled off from the real world, but actually physically disconnected. If that was so, how would the evil counterfeiter who snuck their counterfeit wares into the Pentagon, ever get any data back out? Oh ya, they wouldn't.

    The only downside to counterfeit parts is that they may not work as well. But sometimes they do. I've wondered about some of the parts I've bought before. Why does a new $1000 part cost $100, and is brand new? I don't ask. Maybe it was bundled and the bundle was seperated, so I'm just buying the surplus. Maybe it's counterfeit. Maybe it was a stolen shipment. Either way, I'm buying a part, and it works. It's not my job to research their supply lines, and I don't have the authority to do that, nor any power to do anything if I were to find irregularities. It would be like calling CDW up, and demanding they prove that the cut rate laptop that you are about to buy was actually purchased from the manufacturer. Their word isn't enough, you have to see receipts. Really, they'd just hang up on you, or laugh you out the door.

 

Why so interested?

[Jonah+Bomber]

Practice makes perfect.

Re:Why so interested?

[snowraver1]

I was thinking that knowledge is power. You never know when some piece of information can be useful.

Re:Why so interested?

[castoridae]

I don't know if there's anything specific to China, but NYPD has been doing some international "outreach". For example, as per the article below, I think Mumbai is outside of their jurisdiction...

http://www.newsweek.com/id/182526

Re:Why so interested?

[c_forq]

I wouldn't call this "outreach". It is research, with any aid they give just so they can get access to information they want. New York is a prime target for terrorists, as such it is in their interest to know as much as they can of events in other cities and how to prevent them.

Why?

[Locke2005]

why are the Chinese so interested in the NYPD computer network? Perhaps hey've been watching too much US "Law And Order" style television programming?

Re:Why?

[clarkkent09]

Looking at my logs there are 1000s of "attempts to break in" as well, almost all from IPs located in China where apparently most botnet computers are - the botnet masters themselves may or may not be in China. The thing is, the sites are completely free and there is no reason to break in at all. It's just scripts trying out known vulnerabilities on a large numbers of sites. Maybe the same thing is happening with NYPD sites and someone panicked when they saw that it is coming from China.

Re:Why?

[offrdbandit]

Sounds like the making of another Die Hard to me.

Re:Why?

[stretch0611]

They are trying to "fix" their parking tickets that their ambassadors have received at the UN.

Re:Why?

[Jabbrwokk]

y1p33 k1 y@y m0t||34fu(k3r

Re:Why?

Pentagon needs an enemy. Now it's chinamen coming through cyberspace. And we get thousands upon thousands of news items like this. All blaming random port scans on chinese with no proof or basis in reality to lay it on them than anybody else.

More likely it's Pentagon or CIA goons themselves trying to get a defence budget raise through chinese zombie machines they've captured with the help of Microsoft Windows and Cisco.

Re:Why?

[rtb61]

Police computer networks can provide lots of useful information. Individuals susceptible to blackmail, individuals susceptible to bribery, access details for known criminals and of course ongoing investigation activities. All autocratic governments are well know for their criminal activities and major organised crime activities in those countries can only exist with the support of corrupt government officials and this extends into overseas operations.

It would be expected that most countries are now involved in computer network espionage activities and, for the Government of China to so childishly deny that activity just makes them look guiltier and more to the point makes those Chinese Officials who are directly involved in those activities look like they are attempting to further their own private interests at the expense of the Government Of China and the childish 'not me, somebody else did it" are self defeating attempts to hide their own guilt.

Where it maybe difficult to obtain a criminal conviction there is nothing stopping various police departments and investigation agencies from pursuing civil suits and inflicting major fiscal penalties via another route and of course facilitate a legal opening up of a range possible investigation targets.

Foreign Ministry Spokesman

[Toonol]

I like how the summary quotes the minister Qin Gang as denying any involvement, and then immediately goes on to ask "The obvious question is, why are the Chinese so interested in the NYPD computer network?".

Hey, I'm sure he's lying too...

Re:Foreign Ministry Spokesman

[Sean]

Maybe they should have asked a chinese guy who actually knows something about computer security instead of asking a PR guy if he's stopped beating his wife yet.

Chinese organized crime?

[MacColossus]

Human trafficking? Drugs? Two obvious ones off the top of my head.

Re:Chinese organized crime?

[t33jster]

Human trafficking? Drugs? Two obvious ones off the top of my head.

Exactly. This isn't necessarily the Chinese government, but perhaps some criminal enterprise that has an ajenda with the NYPD. We know the Great Firewall of China is relatively effective of keeping unwholsome content out of China, but what about the reverse? It is not so inconcevable that there are a bunch of pirated Win2k machines in internet cafes around the country that are members of some huge botnet.

Re:Chinese organized crime?

[pmarini]

I agree with bugi here, they learned those from the British slave trade and the American drug cartels...
nothing to see here, moving on...

Re:Chinese organized crime?

[daveime]

Or even an agenda ?

It's not that I'm a grammar nazi as such, but come on ... you usually learn to stop spelling things as they are pronounced when you are six-and-a-half.

They're not...

[Thelasko]

The obvious question is, why are the Chinese so interested in the NYPD computer network?

They're not. The bot herder is probably in New York, and controlling the bots by tunneling so it looks like he/she is in China.

Haven't you seen the movie Hackers?

Re:They're not...

[Red+Flayer]

Oh, come one, that's just what they want you to believe.

It's actually the Chinese pretending to be a New Yorker pretending to be the Chinese business mafia.

It all comes down to logic. Are they the kind of criminals that would initiate the attacks from someone else's IP address block, or have they deduced that we would see through the ruse and would therefore host the attacks from their own IP address block?

It appears we have made one of the classic blunders, which is never get involved in a technical war in asia.

My guess is it's probably someone looking for inside information on investigations of financial companies in New York. That's where there are hundreds of millions to be made.

Re:They're not...

[pmarini]

the ping roundtrip decay should have given that away...

the real reason why there were so many

[TheGratefulNet]

is that once they hacked the computer systems, an hour later they needed to hack it again!

/sorry

Re:the real reason why there were so many

[daveime]

The trick is to bulk up on prawn crackers and fried rice, so there's no way you can finish the beef in oyster sauce in one sitting.

Actually, you know the irony ? ... I moved from UK to Asia about 12 years ago, and the Chinese food STILL tastes better when served in silver foil containers at 3am in Manchester.

God I miss pineapple rings in batter with golden syrup ... you simply can't get it here :-(

Re:the real reason why there were so many

[ponzio]

Henny? Is that you?

I just block most countries

[rackserverdeals]

They should do what I, and others do. Just block all traffic from certain countries.

With most of my sites, I'm not interested in international traffic and all I get is spammers and content scrapers. I cam across this tip on blocking spammers and scrapers using IPFilter on Solaris and just update my ipf.conf file from time to time if I notice anything strange coming in, which I check from time to time. I also grab lists of ip ranges to add as well.

While it bothers me a bit to limit access to sites in principle, I really don't get any benefit from international traffic that outweighs the nuisance of the few that ruin it for everyone else.

Re:I just block most countries

[Tablizer]

They should do what I, and others do. Just block all traffic from certain countries.

I imagine they do or could use mostly use zombie PC's within *this* country.
   

Re:I just block most countries

[rackserverdeals]

From the article

Sources said Internet Protocol addresses of computers attempting to breach the NYPD's files have been tracked to China, the Netherlands and the Ukraine.

Re:I just block most countries

[Tablizer]

Yes, but it's difficult to know if what is at the "end of the chain" is a human or a bot, or if you've really traced it back to the end of the chain. The only way to really know for sure is to peek in the window and see if the commands you see on the sniffer are the same ones the user sittin' at the desk is actually typing/mousing in.

As an analogy, the Matrix managers may also be in another Matrix which has control over their world and not even know it. One of my fav Trek episodes is when the crew was stuck in the Holodeck and thought they got out, but were really in a different simulation that looked like reality without knowing it. Only strings of subtle clues eventually gave it away, right before they were about to give away some secret to the holo-hacker.

Re:I just block most countries

[dave1791]

>I'm not interested in international traffic and all I get is spammers and content scrapers.

Why do I get an urge to do a facepalm? As an American expat who has lived in both Europe and Asia, I have nothing good to say about my experiences with geolocation.

Re:I just block most countries

[__aajoqa250]

Dealing with what appears to be to the best of my knowledge, tcp sockstress attacks on one of my machines initially connecting to the net and the three way handshake receiving 4 syn packs from ip addresses from within china, I can tell you that it would be much more comforting if the large majority of slashdotters where trying to be a little less funny (I would like to see the "funny" moderation eliminated from slashdot because it seems everybody wants to quit their day job) so that some people within this community would realize the significance of these security breaches and the possible implications they have with security around the world and change their priorities to help solve them. Tcp is up against a real threat from people who have known of its vulnerabilities from before the turn of the century. It is the exploit that will at some point in time bring down many critical systems around the world.

Am I the only one who wonders about the untimely death of Jack C. Louis who was working on the definitive vulnerabilities of the TCP/IP Sockstress?

Obvious questoin

[Spazmania]

The obvious question is, why are the Chinese so interested in the NYPD computer network?

No, the obvious question is why are the NYPD's computer people so dumb that they're reporting the generic, worm-generated port, web and ssh scans that everybody sees from China and everywhere else as an out-of-the-ordinary hacking attempt?

Re:Obvious questoin

[loftwyr]

What? Do you mean that the NYPD aren't the most special more sought after police in the world that makes the Chinese so envious that only the NYPD are being attacked?!? how dare you be realistic in the face of terror!

Re:Obvious questoin

[Albanach]

This was my first thought too.

Seriously, if I look at the logs for a couple of servers I can see hundreds of brute force ssh attempts a day. Add to that a scan of the apache logs to see all the attempts there and I could get close to a thousand attempts on a bad day on a single server.

Now you can possibly ignore the SSH attempts by only having public key logins, and ignore anything in the apache log that relates to IIS, or other web apps you're not actually running.

If, however, you're looking for a budget increase, it sure sounds good to say you thwart thousands of hacking attempts per day.

It's a bit like the old days when web page popularity was measured in 'hits' and therefore the site with the most 1 pixel transparent gifs was the de facto winner.

Re:Obvious questoin

[wsanders]

Because they can get Homeland Security funding to protect them from the Red Terrorist Menace?

Really, if you have a server on them big tubes and you're not getting 70,000 login failures a day, you need to improve your page rankings.

Re:Obvious questoin

[fishbowl]

There is no reason that a NYPD network should even open a socket for a connection originating in Asia. "Hacking attempts" should not even reach the first gateway.

It's a little more complicated for my network, because we do a lot of business in China and Thailand, but we still are no more vulnerable to port/web/ssh scans than a well-configured Cisco 7300, which is to say "not at all vulnerable, I'll bet your life or stake my reputation on it as long as nobody but me has the enable password."

Re:Obvious questoin

[Spazmania]

There is no reason that a NYPD network should even open a socket for a connection originating in Asia.

A Japanese traveler about to visit New York on business decides to check the crime stats at http://www.nyc.gov/html/nypd/html/crime_prevention/crime_statistics.shtml to get a perspective on what to watch out for with respect to crime in New York.

A US soldier stationed in Korea is about to end his tour of duty and wants to check out the job openings at http://www.nyc.gov/html/nypd/html/careers/careers.shtml

Re:Obvious questoin

[M.+Baranczak]

A gangster who fled to the Philippines wants to check if he made the NYPD's Most Wanted List: http://a056-crimestoppers.nyc.gov/crimestoppers/public/publicMWGallery.cfm

Re:Obvious questoin

[JWSmythe]

    Oh, we have our ways. In the end, most of you will be happy telling us your passwords. the rest of you will be your little parts we cut, burnt, and ripped off to "encourage" you to talk.

    But don't worry, we've started using waterboarding to clean your wounds. Don't mind the fact that it's salt water. Or was that sulfuric acid? Oh, I can never remember, I disavow any knowledge of what the screams are in the next room.

   

Re:Obvious questoin

[citizenr]

No, the obvious question is why are the NYPD's computer people so dumb that they're reporting the generic, worm-generated port, web and ssh scans that everybody sees from China and everywhere else as an out-of-the-ordinary hacking attempt?

thats easy, Clippy^^^^^ZoneAlarm pop-up says they are being hacked, it cant be wrong, can it?

Re:Obvious questoin

[Marchday]

It's absurd to get a conclusion only from the sources of ip address.

Re:Obvious questoin

[cuban321]

Really, if you have a server on them big tubes and you're not getting 70,000 login failures a day, you need to improve your page rankings.

Really, if you have a server on them "big tubes" and leave ssh open to the world, you need to keep your day job.

Re:Obvious questoin

[fishbowl]

If either of those web properties is on the same network as critical/confidential police business, it should not be.

The city of New York can't afford me, so this is all the free IT consulting they're gonna get from me.

Yeah that seems REAL LIKELY

[phantomcircuit]

Right people in China are attacking the NYPD computer systems.

That seems way more likely than people in NY using proxies in china.

Re:Yeah that seems REAL LIKELY

[khallow]

Well, China does have their country-wide firewall. Seems a bit chancy to me to hack through that when most of the rest of the world is far less secure.

Re:Yeah that seems REAL LIKELY

[DNS-and-BIND]

How so, exactly? Have there been incidents in the past that anyone can point to? As someone who's lived in the PRC for the last few years, I can tell you it is THE WORST place on the planet for internet connectivity. Seriously, proxying yourself through China is just stupid on its face. I just now loaded the Slashdot front page, and it took 10 seconds to load. That's actually quite good! A long time ago, I got in the habit of loading pages in the background (Opera middle click) and coming back to them later.

I think the slowness is due to the GFW - I can't believe that a country could have such crappy internet access in this day and age - it must be intentionally slowed or degraded. From here to my box in Texas is around 300ms ping with 3% packet loss, consistently, day after day. Contrast this to sites inside China, which load lightning-fast and have no trouble whatsoever. On the other hand, hacking groups and military have access to special lines which bypass the GFW and aren't slowed down at all.

So, in conclusion, I'm going to have to see some evidence of people in NYC using proxies in China. Because I think it's about the stupidest idea you could have. You'd do it for about 3 days, then get frustrated with the round-trip speeds and get a new proxy in Romania or something.

Re:Yeah that seems REAL LIKELY

[aaaantoine]

Considering the rate of software piracy in China, and the resulting lack of Windows security updates, why would it be improbable that a large number of Chinese computers have been hijacked by an outside nation? Granted, they could just as easily have been taken over by the Chinese government, but still.

Re:Yeah that seems REAL LIKELY

[phantomcircuit]

The internet connections for government servers are often very fast and ridiculously un-secure.

Often you'll find Chinese education institutions in public proxy lists.

And once better nobody in the west is ever going to see the logs from any of those servers, not come hell nor high water.

Shows how vulnerable computer systems are

[forgoil]

Time to actually use the US "hackers" to teach important US computer users something about security, and demand more of it from the manufacturers.

Or start using OpenVMS for all important stuff. That OS is nice:)

Re:Shows how vulnerable computer systems are

[paazin]

Or start using OpenVMS for all important stuff. That OS is nice:)

Great idea! Cheap hardware, too - just go to your local junkyard and grab a VAX sold 10 years ago for scrap :P

Re:Shows how vulnerable computer systems are

[pentalive]

Or buy a normal machine and run SIMH

http://simh.trailing-edge.com/

on it.

Re:Shows how vulnerable computer systems are

[Nefarious+Wheel]

Great idea! Cheap hardware, too - just go to your local junkyard and grab a VAX sold 10 years ago for scrap :P

You can't have it! Mine, or I will help you not.

I love DCL, but you know what I miss the most? That KESU architecture. Kernel, Exec, Super, User. The fact that Dave Cutler (architect of VMS and WNT) didn't have the hardware to back that when he developed NT for the Intel processor is, I believe, the ultimate source of the endless Windows server security grief.

WNT:='F$ROT1("VMS") (yes, I know it's a bogus lexical on your system...=)

The Secret Stash!

[tnk1]

The Chinese are trying to find out where the best and tastiest donuts in the NYC area are located.

Unfortunately for them, I happen to know the information they seek is loaded on an air gapped mainframe in the heart of Police HQ which is guarded by automatic defense systems and can only be accessed by the Chief of Police and Rudy Guiliani.

Yeah, they forgot to update who the mayor is... this is the police here, not the NSA, okay?

Re:The Secret Stash!

[rackserverdeals]

You really have an outdated, stereotypical view of the NYPD.

They are very helpful and compassionate and willing to share with the community.

Go up to any officer and just ask. "I'm jonesing for some fresh donuts, I hear you guys know all the best spots all over the city."

He (or she) will probably be kind enough to invite you to the station house to share some of their private stash.

Re:The Secret Stash!

[Whorhay]

I've only ever been to NYC once and I was lucky enough to have Amy's Bread recommended to me. I had a couple confections from their, but the best by far was the Cherry Fritter. It's been a few years since I was there and I still haven't eaten anything quite as aswesome. http://www.amysbread.com/

Re:The Secret Stash!

[HTH+NE1]

You really have an outdated, stereotypical view of the NYPD.

I can't speak for the GP, but I have been waiting forever for the next Duke Nukem game... oh, wait, they were the LAPD. Nevermind.

Assumed Chinese Government Involvement?

[twidarkling]

It seems rather irresponsible to simply assume "The Chinese" are interested in the NYPD at all. It could just be a few random people, some of which are Chinese. Why assume the government has any knowledge at all? Do people automatically assume a US-based hacker ring has the blessings of the US government? It's probably easier to operate in China currently. With massive population densities in some areas, you can fade in to the background, and with the areas where there's no one, a generator and satcom connection make it a real PITA to find you.

WTF???

[Bearhouse]

"The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files."

So, can someone explain why NY's finest have "various unsecured portals" which give access to their files?

Please tell me it's just sloppy editing, (again)...

I thought that everybody serious these days, (CIA, FBI...) had at least two internet portals - a 'public face' for external users and wannabee hackers and a private one protected by *very* state of the art stuff. Of course, most of the real stuff would be on secure intranet.

OK, OK, just me being naÃve again...

Like the Chineese can handle the truth!!

[arizwebfoot]

"Qin Gang denied involvement in computer espionage."

. And the Chinese gymnasts in diapers are still 16.

It's the Triads!

[GPLDAN]

It's criminal overlord Mandarin, controlling his gang of Triads from an underground bunker that can only be accessed via secret door in the base of the Statue of Liberty.

It will take an epic alliance of Tony Stark and Peter Parker to put aside their past differences, fighting over the woman they both loved, and both lost, to put a stop to this criminal masterplot to end the world as we know it.

Starring: Jackie Chan as the Mandarin
Zac Efron as Peter Parker
and Robert Downey Jr. returns as Tony Stark.

Re:It's the Triads!

[Red+Flayer]

No, no, Jackie Chan can't be the Mandarin. He's got to be a quirky good guy, maybe we can fit him in. And Zac Efron? Puh-lease...

Revised cast list:

The Mandarin: Chow Yun-Fat
Peter Parker: Jake Gyllenhaal
Mary Jane (option 1): Maggie Gyllenhaal (for some Luke-Leia weirdness)
Mary Jane (option 2): the cross-dressed resurrected corpse of Heath Ledger for some Brokeback Mandarin action
Tony Stark: Robert Downey Jr, but in his most drug-addled condition.
Jim Rhodes: Jackie Chan in blackface

Only then would we give the Triads true justice.

Re:It's the Triads!

[daveime]

Nah, gotta be Jet Li ... even his smile is sinister as fuck !

Re:It's the Triads!

[adavies42]

the important thing is fitting lucy liu in somehow

Re:It's the Triads!

[daveime]

the important thing is fitting inside lucy liu somehow

There, fixed that for you !

NY SHield

[josephtd]

Go check out the NY Shield threat warning/reporting program.

That's so cute!

[jtownatpunk.net]

Awwww. The NYPD thinks they're special. :rolleyes:

I must be special, too, because I log tons of probes. Hundreds, sometimes thousands a day.

Re:That's so cute!

[mcrbids]

I must be special, too, because I log tons of probes. Hundreds, sometimes thousands a day.

That was my first thought, too. I got so sick of looking at the log entries for my faux SSH daemon (on port 22) that I quit logging it. Sure, it's fun for a while, 'till you realize that you aren't frustrating anybody, just occupying 0.02% of cpu time on a hacked bot.

Hundreds/thousands of "hack attempts" per day when you include obvious overrun attempts (8k of "xxxxx" in the apache logs) attempts at accessing Windows sharing (connections to ports 137-139) dictionary hacks on port 22, (none of my stuff allows passwords anyway, and don't work on port 22) and so on.

Yawn. Welcome to the wild, wooly Intarnets!

Re:That's so cute!

[Sycraft-fu]

Ya no shit. The number of scan bots out there is staggering, and they are very tenacious. They don't seem to have checks to say "This system isn't vulnerable, leave it alone."

For example I host some servers on my home connection, since I have a nice business class line. One of my friends had a server there that had a broken mail server. Basically he'd been messing with some mail filtering tool, don't remember what, and decided to stop playing with it. The end result was port 25 was open, but wouldn't do anything. If you connected to it you just got an error and got disconnected. You couldn't send any mail, since there wasn't actually an SMTP server there.

However, some spam bots found it and once they did, they never quit. There were 6 IPs, all from China, that would hammer that port all day and night. They probably tried about 5-6 times per hour each. I found out about this when I was playing with my network firewall and was looking at logging. Port 25 was filtered, of course, since the server wasn't using it and I was using default deny rules. Despite the filtering, they never stopped. This was apparently now in their "Open relay IP," and they weren't going to quit. They are probably still hammering it to this day, I dunno I've changed ISPs since then.

the NYPD ain't special

[Lord+Ender]

Any company with ssh or, really, any common password-protection scheme exposed to the net is going to see thousands of brute-force attempts per day. The majority of the botnet may be in China or Eastern Europe, but that does not indicate that the actual hackers are either Chinese or Russian. It just means those countries have crap IT security overall.

There is nothing special to see here. The NYPD is inflating its importance, probably for more funding.

Why?

[whathappenedtomonday]

Just a wild guess.
Who trusts IPs, though?

Just drop China

[DnemoniX]

If I were the IT Director for the NYPD I would be hard pressed not to just drop all traffic from China. Or for that matter half a dozen other popular sources of malicious activity. If you really must have the website for the NYPD open to these other countries then put it on a standalone network segregated from anything important. I mean duh...

Secret Chinese government DOS technique

[Dishwasha]

Post a web link to http://www.nyc.gov/ and hope that 0.0000526% of your citizens click on it.

System tracing

[oldhack]

Serious question. How concrete are the info on these cyber warfare news? It seems almost always Chinese or Russian being reported as the perps, followed by posts claiming we* do the same to them, etc. With botnet and other multiple indirections involved, how credible are the tracing info?

* "We" as in the most baddest, most awesomest country in the world. I won't insult your intelligence with further elaboration.

Re:System tracing

[jofny]

They're not credible. None of these reports has any concrete evidence as to who, what, where, why, or even always how. Mostly they get the "when" :) But even then, not always.

The attribution in these articles is like saying because someone made a threatening call to you from a payphone in chicago that the city of chicago was threatening you specifically. It COULD be, but it could also be someone who lives there but is just a guy with no affiliation with the city. It could also be someone who doesn't live there but is passing through. They could also be rerouting the call. And whichever of those actors it might be may be targeting you specifically, or they could just be randomly dialing numbers.

It's dumb FUD spreading.

Re:System tracing

[jofny]

I have to add: I'm not saying bad stuff isn't happening - it is and has been. Just the attribution to state actors is ridiculous speculation.

brute force attempts *yawn*

[oneiros27]

I've gotten a hell of a lot more than that in a single day. Coming from a botnet, so rate limiting by IP didn't work. They tried about 5 times per common english name as a login in mostly alphabetical order, hitting machines that had SSH open to the world.

It used to happen every couple of weeks, with thousands of attempts per machine. They'd probably still be trying if the security folks hadn't decided to outlaw us being so promiscuous.

Mafia?

I'd think NY mafia would be more interested in this activity.

Re:Mafia?

[grumpyman]

Ah... they outsourced the Chinese hackers to do it, just like WoW.

Re:The Real Reason?

[Icegryphon]

Don't knock my chinese coder, he does alot of good work.
Now if I could just figure out why I my credit card keep having KFC purchases on it.

Has anyone else gotten this error?

[Hurricane78]

To me, the summary looks like this:

"A network of hackers, most based in China, a href="http://www.nydailynews.com/news/2009/04/22/2009-04-22_international_hackers_lauching

I really, really, really Wondered, how this went trough all of the firehose, the Slashdot "editors" and everything... Maybe all people at /., are already dead and replaced by very small shell scripts. And the comment submitters are programs too... ...because, that would explain A LOT!

(Oh, and the preview is broken too. The layout has huge free space in them, and the line breaks are missing.)

Re:Has anyone else gotten this error?

[drinkypoo]

I really, really, really Wondered, how this went trough all of the firehose, the Slashdot "editors" and everything...

Yes, the firehose is quite a trough. I personally just figured that the hackers tried to take the story down, but only managed to fuck up the summary. YOU CAN'T STOP SLASHDOT, BABY. Let's show them who's boss, and slashdot China.

But anyway, you put "editors" in "quotation marks" so "obviously" you "get it".

wouldn't be nice if...

there was a way to monetize the incoming traffic from zombies and autoprobes?
lol

Re:plausible deniability

[John+Hasler]

> They took master lessons from the last US President's administration.

That's odd. I thought they were fairly good at it.

I don't know that I'd block based on country

[Sycraft-fu]

Just based on ISP. Some ISPs are just massive trouble spots. They don't care what their users do and don't respond to complaints. Now, that will mean blocking some countries, like China, since their state ISP is a problem spot.

I really think that we need to start just shutting off people who won't play nice on the Internet. I'm not talking demanding perfection, but there are massive differences in ISPs. I work for an ISP, effectively, working for a large university. When we receive a complaint about a computer doing bad shit, the appropriate person gets notified and if the problem isn't cleared up, the connection is shut down. We also take some proactive steps to watch the network and see if someone is doing something bad. That's all I'm asking for is ISPs that will respond when they get contacted by someone saying "Hey you've got a system doing bad shit."

However many providers don't. You contact them and they ignore you, or lie. The Chinese ISP is one of the liars. They say "That IP isn't ours," even though APNIC shows it is, to any complaint.

So we need to just start blocking these people. If enough sites/networks do that, well then maybe they'll start playing well with others.

Re:I don't know that I'd block based on country

[rackserverdeals]

I was getting bad activity from a server with ServerBeach. I used their abuse email to send them my logs of the activity and they were very responsive and took the server offline. They kept me informed, without giving me personal information about who was running the server. Others seem to have had similar experieces with them.

Other places, like ThePlanet, I don't even bother reporting stuff anymore. Nothing happens. I just check ARIN to see if they added any more ip address blocks that I might need to block.

Looks like they got /.

[Dynamoo]

Looks like they got /. judging by the broken A HREF tag. Did yah use use Preview Button? Did yah? Did yah?!

Mod Parent Informative

[mpapet]

Parent is 100% right. This is a non-story.

Anyone who goes to the trouble of checking their logs for nearly all Internet-facing services would be very, very familiar with this.

easy to fix

[teknosapien]

route add 222.32.0.0/11 127.0.0.1

It's not a fear thing...

[tjstork]

You can mod this down. But its not a fear thing, its an awe thing. I mean seriously, look at how much more the USA can do than a European nation, and that is how much more the Chinese should be able to do. It's just an awesome thing.

Re:The Real Reason?

[Red+Flayer]

Because Korporate AmeriKa hasn't offshored ALL the jobs to China yet

KAK ALL?

What exactly are you trying to spell? I don't understand.

Oh... you're trying to make a reference that corporate America is like the Soviet Union. Which makes absolutely no sense. If you're going to use the Russki "K" reference, at least make sure that it's in reference to some kind of fascism, otherwise it's just plain out of context.

Geez.
Let me give you a hint: if you want to troll, at least be a *good* troll. You know, add something to the slashdot experience, instead of making no sense. You've been on slashdot long enough that you should have graduated past simple trolls like that. Why not challenge yourself to be the best troll you can be?

Maybe one day you may just find that you've had an original thought.

Marketing Opportunity

[AlHunt]

>have been making up to 70,000 attempts a day

Myself, I set up a targeted marketing campaign and feed them 70,000 ads a day.

Re:plausible deniability

[bugi]

You're right. Bush's administration had such a soft target in the senate and house at that time, that the tremendous success they enjoyed can't be counted as them being good at it.

Really?

[sillivalley]

Really? Are they being targeted, or are they seeing the same crap everyone else does?

I track probes coming into my home router. I usually see hundreds of probes per day with IP addresses in China banging on the usual ports (7212, 9090, 1026, 1027) as well as the ports do jour (55657). Some of these Chinese IP addresses I've been seeing for a year or more. Go to a site like http:..isc.sans.org/ and look at the stats for the 221.208.x.x block. 221.192.x.x seems to be popular these days as well.

Depending on what kind of outward facing net presence they have, 70k probes per day doesn't seem to be out of the ordinary based on the usual network scanning that goes on.

The Great Firewall of China

[Nom+du+Keyboard]

Given the Great Firewall of China and their survelance of all Internet traffic, Chinese denials of these hacking attempts ring hollow.

Re:The Great Firewall of China

[Culture20]

Given the Great Firewall of China and their survelance of all Internet traffic, Chinese denials of these hacking attempts ring hollow.

The Great Firewall of China doesn't keep out the packets of the Mongol Hordes, it keeps the packets of the Chinese citizens _in_ (but only on port 80).

Don't fell so special

[luizd]

"why are the Chinese so interested in the NYPD computer network?" It is not specific to NYPD. They even try to crack my home computer! It's more like a broadcast attack.

International area?

[cstdenis]

Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking

WTF is the NYPD reaching into the international arena? That's not their job. They shouldn't be doing anything outside of NY.

Re:International area?

[nycguy]

I don't know, genius, but maybe the fact that UN headquarters and a ton of foreign consulates are in NYC has something to do with it. How about hacking to get the itineraries and NYPD protection details for foreign heads of state and other dignitaries? What about getting the plans for coordinating with federal and state agencies in the event of a terrorist attack or other emergency? So maybe it's the international arena reaching into NYC, but either way the NYPD doesn't have to do anything outside of NYC to have international implications.

fixing traffic tickets for their UN diplomats

[swschrad]

that's what the Chinese are up to, ya sure ya betcha then. Sven.

doesn't NYPD patrol the docks? sounds like China wants their lead and mercury exports to look like baby toys and prime beef.

All your....

[purpleraison]

All you base are belong to us!!

The Nigerians are looking for the gold

[oDDmON+oUT]

They read about it on the Interwebs, and co-opted their spam partners to do the dirty work.

Really. Scouts honor.

Nothing new...

[Zarluk]

One other obvious question might be why is NYPD so interesting in a "China connection"?

Election time for The Mighty Giuliani (or one of he's pupils, perhaps)?

Before I switch the default port of ssh to other less obvious I was getting a (failed) login attempt every second... most of them from China, yes. But that gives a ratio of 86400 attemps per day per computer!

My first approach was to block the whole subnet of the attacker(s). Two weeks later I gave up and switched the ssh port ;-)

Well... as my computer, certainly, is not in the the list of political hackers, as is a private one and I don't work for the (any) govern, but... I have a fix IP :)

That might mean that they have a Linux server directly connected to the Internet through the default port.

Its Obvious

[Mr.+Lwanga]

They need access to NYPD personnel records to find the only one who can stop their plans.

John McClane has an unlisted number.

what about that other trapped in a computer movie?

[imhennessy]

The Thirteenth Floor.

Here's an experiment Hollywood does every year:

make the same movie twice, then see which version the public loves.

It came out at the same time as the Matrix, but was a lot more interesting, but with fewer really awesome fights.

Quick! Call Jack Bauer!

[Zhe+Mappel]

Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking 'in much the way the Pentagon has been.'

OK, let's address this calmly. Who has to be tortured to make things right here?

Revenge

[darth+dickinson]

They're still pissed about Jack Bauer raiding the Consulate and killing their Consul.

Re:what about that other trapped in a computer mov

[rackserverdeals]

make the same movie twice,

Put a superstar and other known actors in one, and a bunch of guys people would say "hey isn't that the guy from that thing?" in the other

then see which version the public loves.

TOR ?

[daveime]

The other day I saw a comment in an article that said most TOR exit nodes seem to come out in China. Now we see "most hack attempts come from China" ... well duh ...

Any unsecure proxy is going to get spidered in 24 hours, and then it'll be the source of all attacks until such time as the server admin realises and shuts it down.

IP addresses are a useless guide to *who* is actually using the connection, regardless of the country it is located in.

Re:TOR ?

[TheCarp]

Of course the scary part about that is.... well... why so many tor exit nodes in china?

If you control enough exit nodes, some attacks start to become pretty simple, especially given that default tor setups don't really enforce any sort of control over where entry and exit nodes are. A "bad guy" running rogue nodes isn't going to list his node family, so whats to stop your client from picking one of his nodes for entry, and one for exit?

Of course, if you keep a local list of allowed entry nodes, that could help, but... most tor clients are just wide open and at best select nodes that are "registered". All a person would really need is one unique email address per node to register with.

I hope its because there are so many people in china, that there are enough people who care about privacy and run nodes. However, its entirely possible this is also an attack on tor. Though, whose to say the NSA doesn't run half the US nodes?

-Steve

Just remember

[starblazer]

take out their barracks and mow down the field of those little bastards next to it.

"Nobody will know that their money is missing!"

New Slogon for Department of Defense

[microbee]

Closed Gates, Open Windows!

You know it's bad when its secretary has a name "Gates"...

Take the easy out...

[Phizzle]

Ban China! Maybe they don't know about proxies! Wait, what if they do?! Wait, if they knew about proxies, then attacks would not be coming from China! Unless, they knew about proxies, and they knew that NYPD knew that they knew, so NYPD would think that there is no way in hell Chinese hackers would not mask their trail from China and they didn't use proxies at all! Bugger... OK so ban China, oh and ban Canada too, I think they know about proxies also.

So do I

[digitalgimpus]

I'm starting to think these reports are just agencies who want to feel special. Is getting your ports probed anything special? My home network constantly has traffic from viruses and bots trying to propagate over the internet. Servers constantly having some script kiddie trying to get in via ssh. Does that mean I (and every other /. member) is as important as the DoD and NYPD?

Re:No it just means

[Lord+Ender]

I have no doubt that's part of it. If I made $0.75/hr I could not afford a retail copy of Vista, so I would pirate. But I wouldn't visit their update site, cause their "genuine advantage" crap might lock me out of my system. Result: tons of unpatched systems in the third world.

Microsoft feeds the botnet operators with their policies.

Re:what about that other trapped in a computer mov

[adavies42]

or three times, even

The NYPD might do something about it.

[Animats]

The NYPD might be able to do something about this. They have a sizable anti-terrorism operation, over a thousand people. David Cohen, the NYPD's Deputy Commissioner for Intelligence, used to head Clandestine Services at the CIA. Sooner or later, many of the world's conflicts spill over into New York City, and the NYPD has to deal with it. So the NYPD has more capability to deal with external threats than most departments. They're also bigger than the FBI.

The NYPD is well-connected with infrastructure organizations. They're generally thought of as better organized than U.S. Homeland Security in that area. Homeland Security tends to be political. The NYPD, for better or for worse, is just cops. They also have a large number of people with good connections outside the US and good foreign language skills. The NYPD has liaison officers with key police departments around the the world, and they're willing to put somebody on a plane to go somewhere when necessary.

Most computer intrusions, once the attacker has been localized, yield to ordinary cop work. Now the attackers have the full attention of the NYPD.

Re:plausible deniability

[The+Master+Control+P]

Finding places to put a few hundred people from one prison versus America's five decade military, economic and social entanglement in the Middle East: Bullshit equivocation is bullshit.

Kind of a misleading statistic

[SkOink]

I have a bone to pick with the phrasing of this and other articles like it.

When people first read it, they go ZOMFG 70000 WTF, which is clearly the article's intent. However, it's not like there are 70,000 Chinese people sitting in a room all trying to hack the gibson or whatever. I'd bet this is the work of maybe 10 people at the very most. Another thing to keep in mind is that a login 'attempt' is not really a very big deal in of itself. It's much more accurate to say there is one attempt to hack into the network, and the method being used is brute force.

Re:Kind of a misleading statistic

[tedgyz]

Duh! It's a botnet. Nobody is saying there are 70K Chinese people doing this.

And YES, every login attempt is serious. Especially if they are using methodical attacks. It's not like they are trying to login as c00ldude 70K times. They are trying 70K possibilities, which eventually might find a match.

I feel the pain

[tedgyz]

We have spent the last 2 weeks fending off Chinese hackers. They started with a legit login, extracting valuable data from our subscription-only site. Once we locked that down, the attacks started with methodical login attempts. We've blocked IPs, but they have jumped around, apparently using a botnet.

Thanks to the prevalence of stolen Microsoft operating systems in China, unpatched copies of windows abound, leaving them open to botnet slavery.

Crash Override called...

[sydbarrett74]

...he wants his handle back.

Chinese Liars

[wshwe]

I think it's the Chinese government that are lying.

Red China's Goal: F*ck The World

[zunipus]

Major DUH factor that the China foreign ministry LIED: 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies.'

The paid hacker arm of the Chinese government, called "The Red Hacker Alliance" has been documented since 1998.

The fact that Red China declared 'Technological War' on the USA has been known for years.

And Red China still has US 'Most Favored Nation' status because why? Are we out of our minds?!

Great business model

[LostMyBeaver]

if you can find a way into the NYPD network, I'm sure you also have at least limited access to police radio, warrants as they're issued, patrol car locations, officer records (including where their families live) and even FBI databases. Thanks to Guilliani making the NYPD one of the biggest police departments in history, there are SO many computers that intrusion detection would be difficult on that scale. NYPD is probably the best target in the U.S. for access to records all over the place.

An organized crime group located in NY would be able to strengthen their defenses against the NYPD 100 fold easily if they had this kind of access.

So, if you were a hacker able to build a botnet by targeting PCs on an international scale, produce a series of backdoors in the NYPD network and obtain this information, then you could sell these services for millions and move to a sunny island somewhere.

China just happens to have probably the most unprotected consumer PCs on the planet and is an excellent target for botnet drones.

Manhattan DA is tracking Chinese criminals...

[siculars]

The NYPD is one of the absolute best police departments in the world. Their resources rival the FBI and probably eclipse the military of smaller nations. NYC, being the financial capital of the world, has jurisdiction of all dollar denominated currency transactions. they occur in Manhattan via peering relationships through intermediary banks.

here is a recent example of the long arm of the manhattan da:

http://manhattanda.org/whatsnew/press/2009-04-07.shtml

Nationality an issue here?

[Grismar]

I fail to see why it's relevant to suggest that the hackers in question were mostly Chinese. It's not like there is any proof they were put up to it by the Chinese government, so it seems to matter little - if anything - whether they're based in China, Russia, the Netherlands (where I happen to live) or the US even.

This is just politics and Slashdot merrily joins the choir that sings the anti-Chinese song. Excellent journalism, as usual.

The only issue here is that China seems to be doing little to fight this type of crime within it's borders on the net. Asking (or even forcing) China to do better is certainly fair, suggesting that its "the Chinese" doing the hacking isn't.

Propaganda alert

[jandersen]

It is good to see the many responses here on /. that show people don't just swallow this kind of propaganda anymore.

A network of hackers, most based in China, have been making up to 70,000 attempts a day to break into the NYPD's computer system, the city's Commissioner, Raymond Kelly, revealed Wednesday.

This wording clearly states that "We know that we are dealing with Chinese Hackers" - but how do they know? One of the many features of the internet has traditionally been that there was no actual way of knowing with any certainty where an IP address is, geographically. Even today, AFAIK, there is still only a rather loose arrangement for which IP addresses are used in which country, and there is any number of way to appear to be from another region. My own son in Denmark routinely watches South Park, which I understand should only be watchable to users in the US. What, if anything, did these guys do to verify that the alleged hackers really were from China? Nothing, I'm sure, since 70,000 is quite a large number to go through per day. And what about the Great Firewall of China, that we hear is impenetrable to anything and everything, even to the extent that it catches people speaking about "democracy", that terribly dangerous word?

And of course, if they are clever enough to hack into a foreign nation's computer systems, why aren't they clever enough to employ the well known tricks of disguise that everybody, even on /. know all about?

The obvious question is, why are the Chinese so interested in the NYPD computer network?

No, the question is "Why should they be interested?" - and the answer is most likely: "They aren't". We don't need to even ask a Chinese official; the NYPD is a local police force, of little interest to the Chinese government or the Chinese people in general, except in cases where they cooperate on fighting international crime, or in connection with security operations, in which case they shouldn't have to resort to hacking anyway.

The REAL obvious question here is: "Who is it that has an interest in spreading this nonsense?" - and it is not difficult to come up with plausible answers. Under the previous administration it could easily have been "sources close to government (ie. Rumsfeld or Cheney)", but I give Obama more credit than that. America is infested with wild-eyed anal-retentives, who are all too willing to believe that everybody in other countries are communists or muslim terrorists out to take away their guns and money - they are more than likely both the source and the target audience for this kind of drivel.

Another good question is: How did it make its way onto Slashdot? I mean, OK, this is not a top-notch high-brow news-outlet, but still.

well everybody knows

[nimbius]

all they have to do is make sure they dont start hacking ALL the NYPD webs...and that can be prevented by shutting down the internets of course. die hard made it very clear.

How about...

[hesaigo999ca]

How about following in the military's and FBI's footsteps and not placing those networked systems available to the internet. Seems to me if it does not touch the internet , it must be safe....
another one is have a special made ethernet card that needs special software to operate, and kill
all other types of network connections to the computers (in case someone slips in a usb wifi key)

Seriously, we should be sending this right back at them...DDoS them and make them see ...we won't go down without a fight.

network of hackers?

[ShOOf]

bots brute forcing logins != hackers

All they have to do is walk a few blocks....

[xjerky]

One Police Plaza is just south of Chinatown.

China Town shops

[ehiris]

Have you ever been to China Town? I can see how the Chinese would want information about NYPD raids and known names related to knock-off dealing.

Never Assume

[sgt_doom]

Let me give you a hint, junior douchebag, never assume as your assumptions are probably as wrong as this one. And I no longer bother attempting to explain myself to the lowbrows - and will you EVER learn the correct definition of troll?

The NYPD protects the UN building in many situati.

[cowcabobism]

The NYPD protects the UN building when heightened security is needed, the NYPD has contact with many diplomats in NY while carrying out their patrols. Also the NYPD currently has hundreds of officers overseas thru the UN training local police forces in places like formerly UN mandated Kosovo. https://cranberry.cc.columbia.edu/cs/ContentServer?childpagename=Bronxbeat%2FJRN_Content_C%2FBBArticleDetail&c=JRN_Content_C&p=1165270050524&pagename=JRN%2FBBWrapper&cid=1175372074098