Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chinese Hackers Targeting NYPD Computers

Posted by timothy on from the everyone-wants-a-bite-of-the-apple dept.

Mike writes "A network of hackers, most based in China, have been making up to 70,000 attempts a day to break into the NYPD's computer system, the city's Commissioner, Raymond Kelly, revealed Wednesday. Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking 'in much the way the Pentagon has been.' The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files. China's foreign ministry spokesman Qin Gang denied involvement in computer espionage. 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies,' he said last month. The obvious question is, why are the Chinese so interested in the NYPD computer network?"

44 of 212 comments (clear)

  1. Track an IP? by x_IamSpartacus_x · · Score: 5, Funny

    Someone should create a GUI interface using Visual-Basic to track an IP!

    1. Re:Track an IP? by TheRealMindChild · · Score: 5, Funny

      Don't hate! Visual Basic has always been great for creating GUIs. Just there are people who decided to write their code in it too

      --

      "When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
    2. Re:Track an IP? by fisticuffs · · Score: 2, Funny

      Someone should create a GUI interface using Visual-Basic

      Get with the times, man. Haven't you seen CSI? They make 'em with Flash now.

    3. Re:Track an IP? by x_IamSpartacus_x · · Score: 3, Informative

      No... I'm pretty sure they still use visual basic

    4. Re:Track an IP? by timeOday · · Score: 4, Insightful

      Wait a minute, you want to ban the world's most populus nation from the Internet until they get rid of botnets? No country on earth has done that. So I don't see how you can attribute the attacks to China. For that matter, we already know there are compromised computers everywhere, so why would somebody originate attacks from their own land? Or am I not giving network forensics enough credit here - can they actually tell where an attack ultimately originates? I doubt it.

    5. Re:Track an IP? by JWSmythe · · Score: 2, Insightful

          No shit.... I cringe every time I see one of these stories. Not only are they stupid, but whoever is giving the statements shouldn't be doing computer forensics. My humble opinion, since I don't work for any of the places reporting this crap, is that they overheard an IT guy saying "Someone in China is trying to get in. That IP belongs to a provider [insert city in China]". I've actually made that mistake. Saying it, not believe it, that is. I see a brute force attempt, and someone asks, "who does that IP belong to?" "oh, it resolves to some place in China." Suddenly it's the Chinese attacking. A 5 second conversation usually takes 30+ minutes to explain, even though it took less than 10 seconds to set a firewall rule against their block by hand.

          I see these "oh my gosh, the Chinese are attacking" attacks every day. Well, not just China. They come from all over the freakin' world. But hey, China is the evil Communist nation bent on destroying the American economy by providing substandard underpriced merchandise. Oh ya, and they have nukes to kill us off when they're done.

          It's "the reds are coming" cold war US vs Soviets game all over again, except this time we have IP's, and we can even see where the block is.

          You know, from my own logs, the Americans are coming too. As are ... well ... just about every country that has a freakin' netblock. But with the population of China, they come in just above the United States, mostly because Americans will eventually take their POS computer to the store and ask why it's going so slow. Or more like they'll buy a second one and a hub, so they can have both online and transfer things from one to the other over the next year or two, and never consider that the "old" one is doing malicious things.

          The biggest ones I notice are brute force attempts against SSH (one of the few services I leave public). Next would be SQL injection attempts via HTTP. whoowhoo, it's obviously a foreign government conspiracy. If they can just crack my little web server, they'll have the secrets to .... well .... not too damned much. Anything interesting is already up on my sites. :)

      --
      Serious? Seriousness is well above my pay grade.
    6. Re:Track an IP? by Ex-MislTech · · Score: 2, Interesting

      Well it is more than Botnets.

      http://www.redorbit.com/news/technology/1661861/cyberspies_hack_computers_in_103_countries/

      Some respected ppl in Canada have seen things
      that make it appears its not as minor as one
      might think.

      To make matters worse counterfeit chips were
      made to put into Cisco gear and used to
      penetrate the pentagon among other places.

      http://it.slashdot.org/article.pl?sid=06/10/24/1819200

      So any one piece looks mildly nefarious, but
      when you dig deeper than what I have here
      you start to see a pattern for concern.

      Just my 2 cents.

      --
      google "32 trillion offshore needs IRS attention"
  2. Why so interested? by Jonah+Bomber · · Score: 3, Funny

    Practice makes perfect.

  3. Why? by Locke2005 · · Score: 3, Interesting

    why are the Chinese so interested in the NYPD computer network? Perhaps hey've been watching too much US "Law And Order" style television programming?

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
    1. Re:Why? by clarkkent09 · · Score: 4, Insightful

      Looking at my logs there are 1000s of "attempts to break in" as well, almost all from IPs located in China where apparently most botnet computers are - the botnet masters themselves may or may not be in China. The thing is, the sites are completely free and there is no reason to break in at all. It's just scripts trying out known vulnerabilities on a large numbers of sites. Maybe the same thing is happening with NYPD sites and someone panicked when they saw that it is coming from China.

      --
      Negative moral value of force outweighs the positive value of good intentions.
    2. Re:Why? by stretch0611 · · Score: 3, Funny

      They are trying to "fix" their parking tickets that their ambassadors have received at the UN.

      --
      Looking for a job?
      Want your resume written professionally?
      DON'T USE TUNAREZ!!!
    3. Re:Why? by Anonymous Coward · · Score: 2, Interesting

      Pentagon needs an enemy. Now it's chinamen coming through cyberspace. And we get thousands upon thousands of news items like this. All blaming random port scans on chinese with no proof or basis in reality to lay it on them than anybody else.

      More likely it's Pentagon or CIA goons themselves trying to get a defence budget raise through chinese zombie machines they've captured with the help of Microsoft Windows and Cisco.

  4. Foreign Ministry Spokesman by Toonol · · Score: 4, Insightful

    I like how the summary quotes the minister Qin Gang as denying any involvement, and then immediately goes on to ask "The obvious question is, why are the Chinese so interested in the NYPD computer network?".

    Hey, I'm sure he's lying too...

  5. They're not... by Thelasko · · Score: 5, Insightful

    The obvious question is, why are the Chinese so interested in the NYPD computer network?

    They're not. The bot herder is probably in New York, and controlling the bots by tunneling so it looks like he/she is in China.

    Haven't you seen the movie Hackers?

    --
    One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
    1. Re:They're not... by Red+Flayer · · Score: 4, Funny

      Oh, come one, that's just what they want you to believe.

      It's actually the Chinese pretending to be a New Yorker pretending to be the Chinese business mafia.

      It all comes down to logic. Are they the kind of criminals that would initiate the attacks from someone else's IP address block, or have they deduced that we would see through the ruse and would therefore host the attacks from their own IP address block?

      It appears we have made one of the classic blunders, which is never get involved in a technical war in asia.

      My guess is it's probably someone looking for inside information on investigations of financial companies in New York. That's where there are hundreds of millions to be made.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  6. the real reason why there were so many by TheGratefulNet · · Score: 4, Funny

    is that once they hacked the computer systems, an hour later they needed to hack it again!

    /sorry

    --

    --
    "It is now safe to switch off your computer."
  7. I just block most countries by rackserverdeals · · Score: 4, Informative

    They should do what I, and others do. Just block all traffic from certain countries.

    With most of my sites, I'm not interested in international traffic and all I get is spammers and content scrapers. I cam across this tip on blocking spammers and scrapers using IPFilter on Solaris and just update my ipf.conf file from time to time if I notice anything strange coming in, which I check from time to time. I also grab lists of ip ranges to add as well.

    While it bothers me a bit to limit access to sites in principle, I really don't get any benefit from international traffic that outweighs the nuisance of the few that ruin it for everyone else.

    --
    Dual Opteron < $600
    1. Re:I just block most countries by Tablizer · · Score: 3, Insightful

      They should do what I, and others do. Just block all traffic from certain countries.

      I imagine they do or could use mostly use zombie PC's within *this* country.
         

      --
      Table-ized A.I.
  8. Obvious questoin by Spazmania · · Score: 5, Insightful

    The obvious question is, why are the Chinese so interested in the NYPD computer network?

    No, the obvious question is why are the NYPD's computer people so dumb that they're reporting the generic, worm-generated port, web and ssh scans that everybody sees from China and everywhere else as an out-of-the-ordinary hacking attempt?

    --
    Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
    1. Re:Obvious questoin by Albanach · · Score: 3, Insightful

      This was my first thought too.

      Seriously, if I look at the logs for a couple of servers I can see hundreds of brute force ssh attempts a day. Add to that a scan of the apache logs to see all the attempts there and I could get close to a thousand attempts on a bad day on a single server.

      Now you can possibly ignore the SSH attempts by only having public key logins, and ignore anything in the apache log that relates to IIS, or other web apps you're not actually running.

      If, however, you're looking for a budget increase, it sure sounds good to say you thwart thousands of hacking attempts per day.

      It's a bit like the old days when web page popularity was measured in 'hits' and therefore the site with the most 1 pixel transparent gifs was the de facto winner.

    2. Re:Obvious questoin by wsanders · · Score: 3, Insightful

      Because they can get Homeland Security funding to protect them from the Red Terrorist Menace?

      Really, if you have a server on them big tubes and you're not getting 70,000 login failures a day, you need to improve your page rankings.

      --
      Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
    3. Re:Obvious questoin by Spazmania · · Score: 2, Insightful

      There is no reason that a NYPD network should even open a socket for a connection originating in Asia.

      A Japanese traveler about to visit New York on business decides to check the crime stats at http://www.nyc.gov/html/nypd/html/crime_prevention/crime_statistics.shtml to get a perspective on what to watch out for with respect to crime in New York.

      A US soldier stationed in Korea is about to end his tour of duty and wants to check out the job openings at http://www.nyc.gov/html/nypd/html/careers/careers.shtml

      --
      Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
  9. Yeah that seems REAL LIKELY by phantomcircuit · · Score: 4, Insightful

    Right people in China are attacking the NYPD computer systems.

    That seems way more likely than people in NY using proxies in china.

  10. Shows how vulnerable computer systems are by forgoil · · Score: 2, Insightful

    Time to actually use the US "hackers" to teach important US computer users something about security, and demand more of it from the manufacturers.

    Or start using OpenVMS for all important stuff. That OS is nice:)

  11. The Secret Stash! by tnk1 · · Score: 4, Funny

    The Chinese are trying to find out where the best and tastiest donuts in the NYC area are located.

    Unfortunately for them, I happen to know the information they seek is loaded on an air gapped mainframe in the heart of Police HQ which is guarded by automatic defense systems and can only be accessed by the Chief of Police and Rudy Guiliani.

    Yeah, they forgot to update who the mayor is... this is the police here, not the NSA, okay?

  12. WTF??? by Bearhouse · · Score: 3, Insightful

    "The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files."

    So, can someone explain why NY's finest have "various unsecured portals" which give access to their files?

    Please tell me it's just sloppy editing, (again)...

    I thought that everybody serious these days, (CIA, FBI...) had at least two internet portals - a 'public face' for external users and wannabee hackers and a private one protected by *very* state of the art stuff. Of course, most of the real stuff would be on secure intranet.

    OK, OK, just me being naÃve again...

  13. Like the Chineese can handle the truth!! by arizwebfoot · · Score: 2, Insightful

    "Qin Gang denied involvement in computer espionage."

    . And the Chinese gymnasts in diapers are still 16.

    --
    Beer is proof that God loves us and wants us to be happy.
  14. It's the Triads! by GPLDAN · · Score: 5, Funny

    It's criminal overlord Mandarin, controlling his gang of Triads from an underground bunker that can only be accessed via secret door in the base of the Statue of Liberty.

    It will take an epic alliance of Tony Stark and Peter Parker to put aside their past differences, fighting over the woman they both loved, and both lost, to put a stop to this criminal masterplot to end the world as we know it.

    Starring: Jackie Chan as the Mandarin
    Zac Efron as Peter Parker
    and Robert Downey Jr. returns as Tony Stark.

  15. That's so cute! by jtownatpunk.net · · Score: 5, Interesting

    Awwww. The NYPD thinks they're special. :rolleyes:

    I must be special, too, because I log tons of probes. Hundreds, sometimes thousands a day.

    1. Re:That's so cute! by mcrbids · · Score: 3, Informative

      I must be special, too, because I log tons of probes. Hundreds, sometimes thousands a day.

      That was my first thought, too. I got so sick of looking at the log entries for my faux SSH daemon (on port 22) that I quit logging it. Sure, it's fun for a while, 'till you realize that you aren't frustrating anybody, just occupying 0.02% of cpu time on a hacked bot.

      Hundreds/thousands of "hack attempts" per day when you include obvious overrun attempts (8k of "xxxxx" in the apache logs) attempts at accessing Windows sharing (connections to ports 137-139) dictionary hacks on port 22, (none of my stuff allows passwords anyway, and don't work on port 22) and so on.

      Yawn. Welcome to the wild, wooly Intarnets!

      --
      I have no problem with your religion until you decide it's reason to deprive others of the truth.
  16. the NYPD ain't special by Lord+Ender · · Score: 5, Insightful

    Any company with ssh or, really, any common password-protection scheme exposed to the net is going to see thousands of brute-force attempts per day. The majority of the botnet may be in China or Eastern Europe, but that does not indicate that the actual hackers are either Chinese or Russian. It just means those countries have crap IT security overall.

    There is nothing special to see here. The NYPD is inflating its importance, probably for more funding.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
  17. Re:Chinese organized crime? by t33jster · · Score: 2, Interesting

    Human trafficking? Drugs? Two obvious ones off the top of my head.

    Exactly. This isn't necessarily the Chinese government, but perhaps some criminal enterprise that has an ajenda with the NYPD. We know the Great Firewall of China is relatively effective of keeping unwholsome content out of China, but what about the reverse? It is not so inconcevable that there are a bunch of pirated Win2k machines in internet cafes around the country that are members of some huge botnet.

    --
    Take off every 'sig' for great justice.
  18. Why? by whathappenedtomonday · · Score: 3, Interesting

    Just a wild guess.
    Who trusts IPs, though?

    --
    I hope I didn't brain my damage.
  19. Just drop China by DnemoniX · · Score: 2, Insightful

    If I were the IT Director for the NYPD I would be hard pressed not to just drop all traffic from China. Or for that matter half a dozen other popular sources of malicious activity. If you really must have the website for the NYPD open to these other countries then put it on a standalone network segregated from anything important. I mean duh...

  20. System tracing by oldhack · · Score: 3, Insightful

    Serious question. How concrete are the info on these cyber warfare news? It seems almost always Chinese or Russian being reported as the perps, followed by posts claiming we* do the same to them, etc. With botnet and other multiple indirections involved, how credible are the tracing info?

    * "We" as in the most baddest, most awesomest country in the world. I won't insult your intelligence with further elaboration.

    --
    Fuck systemd. Fuck Redhat. Fuck Soylent, too. Wait, scratch the last one.
    1. Re:System tracing by jofny · · Score: 2, Insightful

      They're not credible. None of these reports has any concrete evidence as to who, what, where, why, or even always how. Mostly they get the "when" :) But even then, not always.

      The attribution in these articles is like saying because someone made a threatening call to you from a payphone in chicago that the city of chicago was threatening you specifically. It COULD be, but it could also be someone who lives there but is just a guy with no affiliation with the city. It could also be someone who doesn't live there but is passing through. They could also be rerouting the call. And whichever of those actors it might be may be targeting you specifically, or they could just be randomly dialing numbers.

      It's dumb FUD spreading.

  21. Mafia? by Anonymous Coward · · Score: 2, Insightful

    I'd think NY mafia would be more interested in this activity.

  22. Has anyone else gotten this error? by Hurricane78 · · Score: 2

    To me, the summary looks like this:

    "A network of hackers, most based in China, a href="http://www.nydailynews.com/news/2009/04/22/2009-04-22_international_hackers_lauching

    I really, really, really Wondered, how this went trough all of the firehose, the Slashdot "editors" and everything... Maybe all people at /., are already dead and replaced by very small shell scripts. And the comment submitters are programs too... ...because, that would explain A LOT!

    (Oh, and the preview is broken too. The layout has huge free space in them, and the line breaks are missing.)

    --
    Any sufficiently advanced intelligence is indistinguishable from stupidity.
  23. I don't know that I'd block based on country by Sycraft-fu · · Score: 4, Insightful

    Just based on ISP. Some ISPs are just massive trouble spots. They don't care what their users do and don't respond to complaints. Now, that will mean blocking some countries, like China, since their state ISP is a problem spot.

    I really think that we need to start just shutting off people who won't play nice on the Internet. I'm not talking demanding perfection, but there are massive differences in ISPs. I work for an ISP, effectively, working for a large university. When we receive a complaint about a computer doing bad shit, the appropriate person gets notified and if the problem isn't cleared up, the connection is shut down. We also take some proactive steps to watch the network and see if someone is doing something bad. That's all I'm asking for is ISPs that will respond when they get contacted by someone saying "Hey you've got a system doing bad shit."

    However many providers don't. You contact them and they ignore you, or lie. The Chinese ISP is one of the liars. They say "That IP isn't ours," even though APNIC shows it is, to any complaint.

    So we need to just start blocking these people. If enough sites/networks do that, well then maybe they'll start playing well with others.

  24. Re:The Real Reason? by Red+Flayer · · Score: 2

    Because Korporate AmeriKa hasn't offshored ALL the jobs to China yet

    KAK ALL?

    What exactly are you trying to spell? I don't understand.

    Oh... you're trying to make a reference that corporate America is like the Soviet Union. Which makes absolutely no sense. If you're going to use the Russki "K" reference, at least make sure that it's in reference to some kind of fascism, otherwise it's just plain out of context.

    Geez.
    Let me give you a hint: if you want to troll, at least be a *good* troll. You know, add something to the slashdot experience, instead of making no sense. You've been on slashdot long enough that you should have graduated past simple trolls like that. Why not challenge yourself to be the best troll you can be?

    Maybe one day you may just find that you've had an original thought.

    --
    "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  25. International area? by cstdenis · · Score: 2, Interesting

    Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking

    WTF is the NYPD reaching into the international arena? That's not their job. They shouldn't be doing anything outside of NY.

    --
    1984 was not supposed to be an instruction manual.
    1. Re:International area? by nycguy · · Score: 2, Insightful

      I don't know, genius, but maybe the fact that UN headquarters and a ton of foreign consulates are in NYC has something to do with it. How about hacking to get the itineraries and NYPD protection details for foreign heads of state and other dignitaries? What about getting the plans for coordinating with federal and state agencies in the event of a terrorist attack or other emergency? So maybe it's the international arena reaching into NYC, but either way the NYPD doesn't have to do anything outside of NYC to have international implications.

  26. what about that other trapped in a computer movie? by imhennessy · · Score: 2, Informative

    The Thirteenth Floor.

    Here's an experiment Hollywood does every year:

    make the same movie twice, then see which version the public loves.

    It came out at the same time as the Matrix, but was a lot more interesting, but with fewer really awesome fights.

    --
    Like to brew? Want to talk about it? Brattlebrew: groups.yahoo.com/group/brattlebrew
  27. network of hackers? by ShOOf · · Score: 2, Informative

    bots brute forcing logins != hackers