Is China Creating the World's Largest Botnet Army?

← Back to Stories (view on slashdot.org)

Is China Creating the World's Largest Botnet Army?

Posted by timothy on Thursday June 11, 2009 @07:22AM from the economies-of-scale dept.

david_a_eaves writes "The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army." Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."

4 of 195 comments (clear)

Min score:

Reason:

Sort:

Correct me if I am wrong... by Lead+Butthead · 2009-06-11 07:24 · Score: 4, Insightful

Would it be easier to just sever the undersea fibre cable to China if it's really such a grave threat?

--
ELOI, ELOI, LAMA SABACHTHANI!?
1. Re:Correct me if I am wrong... by phantomcircuit · 2009-06-11 07:40 · Score: 4, Insightful
  
  This is economic warfare. The question is which is worth more economically to the US, a connection to China which opens Chinese citizens to the world's press or severing the connection and avoiding any potential complications.
  So the question is which one is worth more? Personally im willing to bet that being connected to them is worth more to the US than it is to China.
Or just block their IP space by Sycraft-fu · 2009-06-11 07:42 · Score: 5, Insightful

The only reason botnets are so effective is they are distributed. When they come from all over the place, you have to do a ton of individual blocks. If they are all from the same IP space, ok just black hole China's space and that's it. Wouldn't take a block from very many top level providers and they'd be doing nothing at all.
Re:It is a problem by Shakrai · 2009-06-11 07:52 · Score: 5, Insightful

To be able to block, at the very least the packet header has to be examined. If remote attacker can generate packets faster than you can examine and drop them, you've just been DoS'ed.
You also have to look at the packet header in the course of regular routing decisions. Would it really take more CPU to look at the packet header and drop it into /dev/null than it does to look at the packet header and send it out a different network interface?

--
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.