Slashdot Mirror

← Back to Stories (view on slashdot.org)

Inside Look At Eastern European Vs. East Asian Hackers

Posted by Unknown on from the starring-jackie-chan-and-chris-rockalovsky dept.

wiredmikey writes with a snippet from Security Week: "Much of the talk about cybercrime remains focused on East Asia. But according to a new report, it is hackers in Eastern Europe that have actually emerged as more sophisticated. In a report entitled 'Peter the Great vs. Sun Tzu' ... compared hackers from the two regions. His conclusion — the Eastern Europeans are far more insidious and strategic. While East Asian groups tend to work for other organizations interested in their skills, hackers from Eastern Europe generally operate in small, independent units, and are focused on profit. Their infrastructure tends to be developed by them specifically for their own use in attacks. 'They [Eastern European groups] tend to want to be in control of their entire infrastructure and will routinely set up their own servers for use in attacks, develop their own DNS servers to route traffic and create sophisticated traffic directional systems used in their attacks,' according to the report. 'If they do go outside, they will carefully select bulletproof hosts to support their infrastructure. It is their hallmark to maintain control of the whole stack similar to the business models pioneered by Apple.'"

63 comments

  1. Makes sense to me by Anonymous Coward · · Score: 4, Insightful

    If the east Asian hackers are anything like the Indian and Chinese programmers I've worked with in the past, that sounds about right. They more often produce lazy, sloppy, jerry-rigged code--and work purely as guns for hire, in-and-out (usually leaving the rest of us to clean up the mess after some company realizes that their great money-saving outsourcing initiative just left them with unusable shit code). Give me a conscientious western programmer any day over that. At least the average American/European programmer can follow basic instructions and won't play dumb and ask for more money when you point out his code doesn't even work.

    1. Re:Makes sense to me by phil_aychio · · Score: 2, Informative

      Sounds about right...I haven't been attacked by any Europeans (that I know of) (yet), but the Chinese hackers have got to be the laziest. Sometimes it works for them, only because the target everyone and exploit those systems that are administered by someone just as lazy or lazier. I have an FTP log full of IP's originating in China that try to brute-force their way in. I could set the auto-ban to 1 million failed attempts and the lazy bastards will still get banned. FTP log usually looks like this: login: administrator password: 1111 login: administrator password: 2222 login: administrator password: 3333 etc...

      --
      obvious redundancy is obvious
    2. Re:Makes sense to me by Arancaytar · · Score: 2

      That scheme is going to catch more hosts than you might think. They don't care if you have a secure password; most others don't.

      Though this article indicates they'd be better off trying 1234 first (and possibly "password" after that).

    3. Re:Makes sense to me by Anonymous Coward · · Score: 0

      Your FTP passwords are in clear text in the logs?

    4. Re:Makes sense to me by Anonymous Coward · · Score: 0

      Sounds about right...I haven't been attacked by any Europeans (that I know of) (yet), but the Chinese hackers have got to be the laziest.

      There is a bit of a difference between the motives there. A lot of the Chinese "hackers" are just script kiddies that are trying to find something they can use as a proxy to get past the great firewall, they aren't going to put much effort into it. Set up a virtual machine for them to "hack" and see what kind of porn they like.

    5. Re:Makes sense to me by phil_aychio · · Score: 1

      not mine, no. their password attempts are. did I forget to mention that the FTP server's DNS entry has the word 'honeypot' in it?

      --
      obvious redundancy is obvious
  2. Apple really? by Anonymous Coward · · Score: 0

    I am starting to think people end their articles with a completely useless Apple comments just to be ironic...

    1. Re:Apple really? by xor.pt · · Score: 0

      I'm so fed up with this aswell, Apple isn't a fucking punctuation mark!

      On top of it Apple fanboys/girls are generally so cluelesly stupid that whatever compliment they are giving Apple half the time is bullshit. LIKE THIS TIME!!! Apple didn't pioneer that business model! Slashdot WTF?

    2. Re:Apple really? by JosKarith · · Score: 1

      Or... they're dangling a particularly juicy worm for the fanbois to rage over - how dare they compare Apple to hackers...?

      --
      'Don't worry' said the trees when they saw the axe coming, 'The handle is one of us.'
    3. Re:Apple really? by Beorytis · · Score: 4, Funny

      Apple isn't a fucking punctuation mark!

      It would be if /. would allow Unicode in comments.

    4. Re:Apple really? by Cryacin · · Score: 2

      Yeah! How do you like THEM apples?!?

      --
      Science advances one funeral at a time- Max Planck
    5. Re:Apple really? by Anonymous Coward · · Score: 0

      please don't flame me too hard, but isn't utf-8 a unicode implementation and that's what slashdot uses?

      Captcha is probably right on: disgusts

    6. Re:Apple really? by maxwell+demon · · Score: 1

      Using UTF-8 encoding is not the same as supporting Unicode. Try to use a Cent sign (U+00A2), for example. That's even in latin1, but Slashdot will eat it anyway.

      --
      The Tao of math: The numbers you can count are not the real numbers.
  3. TL;DR by Anonymous Coward · · Score: 3, Funny

    Apple is Eastern European hackers trying to steal your money

    1. Re:TL;DR by Anonymous Coward · · Score: 0

      Glancing at the headline, bleary-eyed with my first cup of coffee in hand, I read "hookers" instead of "hackers" and immediately went to the article-- that's one way to get someone to RTFA.

  4. Training by Hatta · · Score: 4, Funny

    They're just training for a career in finance.

    --
    Give me Classic Slashdot or give me death!
    1. Re:Training by Anonymous Coward · · Score: 0

      They are also probably the people to call for handling IT in international events in the near future. ;)

  5. na zdrowie / sanatate / egészségedre by acidfast7 · · Score: 2

    godspeed as it seems that breaking something for profit is the only way corporations make improvements!

  6. Misread by SJHillman · · Score: 3, Funny

    I only opened this because I misread "hackers" as "hookers"

    1. Re:Misread by SJHillman · · Score: 2

      On second thought, it still makes sense.

      "Much of the talk about cybercrime remains focused on East Asia. But according to a new report, it is hookers in Eastern Europe that have actually emerged as more sophisticated. In a report entitled 'Peter the Great vs. Sun Tzu' ... compared hookers from the two regions. His conclusion — the Eastern Europeans are far more insidious and strategic. While East Asian groups tend to work for other organizations interested in their skills, hookers from Eastern Europe generally operate in small, independent units, and are focused on profit. Their infrastructure tends to be developed by them specifically for their own use in attacks. 'They [Eastern European groups] tend to want to be in control of their entire infrastructure and will routinely set up their own servers for use in attacks, develop their own DNS servers to route traffic and create sophisticated traffic directional systems used in their attacks,' according to the report. 'If they do go outside, they will carefully select bulletproof hosts to support their infrastructure. It is their hallmark to maintain control of the whole stack similar to the business models pioneered by Apple.'""

    2. Re:Misread by TeknoHog · · Score: 1

      With Blackjack! In fact, forget the hookers.

      --
      Escher was the first MC and Giger invented the HR department.
  7. Analogy overload by circletimessquare · · Score: 5, Insightful

    "It is their hallmark to maintain control of the whole stack similar to the business models pioneered by Apple."

    This statement is so absurd.

    Why not compare to the Apollo space program or the DeBeers diamond monopoly... these comparisons just as absurd. Or, here's a fun analogy: the Soviet Union.

    We get it, how the hackers work. You can get really fun with the analogies by getting political: say their organization methods resemble the organization methods of Al Qaeda or FARC or Wikileaks or Anonymous. See how the absurd analogy is formed from, and can be used to form, silly prejudices and bias?

    Reaching for the absurd sort of analogy, like with Apple, tells us more about the author's hangups and obsessions or agenda: comparing and contrasting things and finding parallels in things which are superficial and uninformative.

    --
    intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    1. Re:Analogy overload by SJHillman · · Score: 1

      Oooooor more people on Slashdot (a tech site) are familiar with Apple than an old space program, a former world power, diamonds or politics.

    2. Re:Analogy overload by circletimessquare · · Score: 2

      familiar with^W^W obsessed with

      if the idea of centralized control is something you can only appreciate from the business practices of Apple, you have problems

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    3. Re:Analogy overload by thripper · · Score: 0

      The comparison is found in TFA where it's quoted from the original paper. So it's not the submitter who adds this (should have been obvious because quotes are used). Also, all the alternatives you provided are correct but when presenting to the public, if an analogy is to be used, you chose to make comparison with something that people know and recognize off the bat. Out of the available options, I think Apple is the best choice.

    4. Re:Analogy overload by Hillgiant · · Score: 1

      How DARE you go against the slashdot groupthink?!? Apple is the source of all that is evil in the world. People who purchase their products should be pitied and reviled.

      --
      -
    5. Re:Analogy overload by Fr33z0r · · Score: 3, Interesting

      Not just Slashdot, it's everywhere. Smartphone rivalry has brought us the console war mentality to the masses. Everybody's got smartphones, so the "your choice is wrong because my choice was different" mentality is running riot and ruining the whole damn internet now, not just the gaming websites.

    6. Re:Analogy overload by hackula · · Score: 2

      If we wanted to do that then we would say "ok /.ers. Europeans are like Magic the Gathering and Asians are like Pokemon".

    7. Re:Analogy overload by circletimessquare · · Score: 1

      I said author, I didn't say submitter.

      Apple is not the best analogy, it is ridiculous and absurd, it speak's of the authors obsessions, not a useful analogy.

      --
      intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
    8. Re:Analogy overload by Jstlook · · Score: 1

      If we wanted to do that then we would say "ok /.ers. Europeans are like Magic the Gathering and Asians are like Pokemon".

      No! I asked for a *CAR* analogy! No, the D is not silent!
      More like, Asians produce toyota - those popular cheap cars that people drive, the ones that have all the essential parts to make a car go (you know the asian cars), and europeans produce those sophisticated luxury cars that have all the nice, leather seats and air conditioning (like those european cars do).

      --
      ---jstlook ---For that is the way of Elves, for they say both yes AND no, and mean every word of it. --- J.R.R.T.
    9. Re:Analogy overload by Larryish · · Score: 2

      Pokemon is totally gay.

  8. People don't know the meaning of the word "hacker" by me74 · · Score: 4, Insightful

    Wasn't the Net created by "hackers" working on open-source? (to share informations for free around the world?) People stealing money and private informations are Theaves, Not Hackers.

  9. Re:People don't know the meaning of the word "hack by Anonymous Coward · · Score: 1

    *Thieves. ... and in the ol' days, weren't people exploiting system vulnerabilities called "Crackers"?

  10. well the europeans have bigger tits by Anonymous Coward · · Score: 0

    oh sorry it's "hackers", not "hookers".
    Well back to work...

  11. Re:People don't know the meaning of the word "hack by leehwtsohg · · Score: 0

    We'll never win this fight. How about we make up a new word for "hackers", and let it go? It happened to the best words... that's why it is good we have a symbolic language, mostly - easy to switch signs.
    Maybe code artists? code artisans? cartists?

  12. Re:creativity by hazah · · Score: 2

    Supposed to be according to whom?

  13. Re:People don't know the meaning of the word "hack by StoneyMahoney · · Score: 0

    Get over it, I gave up this fight years ago. Language evolves and nomenclature changes. Either change with it or stubbornly misrepresent yourself to everyone else.

  14. Re:People don't know the meaning of the word "hack by rmdpgh · · Score: 4, Informative

    Wasn't the Net created by "hackers" working on open-source? (to share informations for free around the world?) People stealing money and private informations are Theaves, Not Hackers.

    I agree with the second sentiment of thieves. Your first supposition, though, couldn't be more wrong. The 'Net started out as a US Department of Defese initiative through DARPA to ensure communications integrity across the US (in particular, the military) in the event of a catastrophe, up to and including nuclear attack from an enemy. Those communications would most certainly *not* have been shared freely around the world. At some point, there were enough private/private-ish entities on ARPAnet, it made sense to split MILNET off to perform the military functions, and *then* let the rest of the world screw around with the 'Net as you know it today.

  15. They are complementary opposites by srussia · · Score: 2

    dark and light, female and male, low and high, cold and hot, water and fire, earth and air... Brin and Yang and all that jazz.

    --
    Set your phasers on "funky"!
    1. Re:They are complementary opposites by Anonymous Coward · · Score: 0

      Brin and Yang

      I got it but I have no mod points. Sorry.

  16. Re:People don't know the meaning of the word "hack by hackula · · Score: 2

    Even though it gets everyone's panties in a wad, I still like the term "Software Engineer". IRL I actually go one step up with "Software Architect". Why would I want to call myself something that makes my clients uncomfortable? I want the term that is going to give them the most confidence and willingness to pay me more. I know that I am a hacker in the real sense, but calling myself that in business is simply unprofessional.

  17. Hookers by Frankie70 · · Score: 3, Funny

    How about a comparison of East Asian vs East European Hookers?

    1. Re:Hookers by Anonymous Coward · · Score: 0

      To early to draw conclusions yet Ive still got an extensive sample quota to get through before grant renewal submission.

  18. Apple by Andrewkov · · Score: 1

    So if East European groups are like Apple, then the East Asian groups are like Microsoft?

  19. Re:People don't know the meaning of the word "hack by RobinH · · Score: 2

    Actually if you follow what's being going on with Arduino and 3D printers, etc., what we used to call "hackers" are now calling themselves "makers," as in people who "make" things. I think a more accurate title would be "maker/modder" to cover people who are modifying existing products to give them new functionality. Interestingly these people tend to congregate in "hackerspaces" so it's all a mix of words.

    --
    "I have never let my schooling interfere with my education." - Mark Twain
  20. Link to Original Report by chill · · Score: 1

    Wow. 41 comments in and only a handful actually on topic. The rest just bitch about an analogy involving Apple or the proper use of the term "hacker". I guess Slashdot has totally given up on discussions relating to security.

    For those (few) interested, here is the link to the original paper.

    http://www.trendmicro.com/us/security-intelligence/research-and-analysis/index.html#spotlight-articles

    --
    Learning HOW to think is more important than learning WHAT to think.
    1. Re:Link to Original Report by sourcerror · · Score: 1

      Garbage in, garbage out.

  21. mmm no by Gr4vyBoy · · Score: 1

    Anyone else think working for someone, like the Asian hackers are said to, guarantees you far more protection against any threat toward you? Therefore, I think Asian hackers are the smarter and more logical ones here.

  22. Re:People don't know the meaning of the word "hack by Anonymous Coward · · Score: 0

    Using the word hacker in this sense, while obviously common in popular usage, is simply yet another example of Slashdot's policy of posting troll summaries to get commenters worked up into a nerd rage.

  23. Chinese hackers suck by Anonymous Coward · · Score: 0

    just like in real life where China produces cheap knock offs, these 'hackers' in china write code like SHIT..

    the eastern European block and russia have ALWAYS been far superior at software writing than China. China are those dudes who go to packetstorm and scan for a bunch of shit that deserves to be owned.

  24. Russian Mafia vs. Yakuza by Anonymous Coward · · Score: 0

    3... 2... 1... Fight!

  25. How about "computer programmer"? by Anonymous Coward · · Score: 0

    Or just "programmer"?

    Because, the thing is, unless you have an actual engineering degree from a bona fide school of engineering, or you drive a locomotive, or maintain a ship's engines, you're not an engineer.

    I know, I know... You want people to think you are an engineer, and you want us to say you're an engineer, because it sounds really important, way more so than just "programmer".

    But you're not an engineer, unless, as I said, you have an engineering degree from a bona fide school of engineering, or you drive a locomotive, or maintain a ship's engines.

    1. Re:How about "computer programmer"? by Urza9814 · · Score: 1

      Because, the thing is, unless you have an actual engineering degree from a bona fide school of engineering, or you drive a locomotive, or maintain a ship's engines, you're not an engineer.

      Who says he doesn't? Most universities that I'm familiar with have computer science as part of their college of engineering, and I'd bet a fair number of slashdotters have comp sci degrees...

      Also -- when I was freelancing doing web development in college, I called myself a web developer -- because that's what I was. A PHP code monkey. But now I'm working for a large company, and my official job title is 'software engineer'. So that's what I go with, because I don't feel like changing what my job title is depending on who I'm talking to. It's also the best term I know of -- I could say I'm a programmer or developer, but that leaves out the design and deployment parts of my job. Which currently is the majority of it.

      And yes, my degree is a B.S. in Comp Sci from The Pennsylvania State University College of Engineering.

    2. Re:How about "computer programmer"? by StingyJack · · Score: 1

      Or just "programmer"?

      Because, the thing is, unless you have an actual engineering degree from a bona fide school of engineering, or you drive a locomotive, or maintain a ship's engines, you're not an engineer.

      I know, I know... You want people to think you are an engineer, and you want us to say you're an engineer, because it sounds really important, way more so than just "programmer".

      But you're not an engineer, unless, as I said, you have an engineering degree from a bona fide school of engineering, or you drive a locomotive, or maintain a ship's engines.

      You sir, are an idiot. An engineer does not a degree make, and if you think that having that lil' ol' piece of paper makes any difference IRL you have not learned anything of real value from whatever "bona fide" institution you attended.

      I do not sit at a keyboard and type commands. I apply scientific methods, experience, and some creative thinking to solve technical problems within certain tolerances. That is engineering.

      I also can operate a locomotive (steam, gas, and electric), but I don't consider that "engineering".

    3. Re:How about "computer programmer"? by Anonymous Coward · · Score: 0

      ...If you think that having that lil' ol' piece of paper makes any difference IRL you have not learned anything of real value from whatever "bona fide" institution you attended.

      Yeah, like my Computer Science degree. Stupid, worthless bit of paper that is. Why did I even bother with university, when I could have just spent years gaming and home coding, then gone out and called myself a "Software Engineer" or a "Software Architect"?

      And my father's astrophysics Ph.D.? What a waste. Boy, he's such a sucker to have got that thing, right? He should have just bought himself a little telescope and learned everything from our yard at night, then walked into a job at some observatory or university, or at NASA or JPL, or someplace.

      The OP is correct: if you do not have an Engineering degree from a recognized Engineering school, you are not an Engineer.Accept the facts and move on with your life.

  26. Re:People don't know the meaning of the word "hack by Anonymous Coward · · Score: 0

    I think I speak for most engineers of the world when I say that I disagree that "Software Architect" is a step /up/ from "Software Engineer."

    In meatspace, architects work out how they can make a building pretty, then turn to the engineers who then work out how to make it stand up. I'm sure you can fill in the rest of the analogy for software.

  27. references to Apple in every story now policy? by Anonymous Coward · · Score: 0

    I thought the summary was from some blog where writers are paid by Apple references, but it is actually a quote from Tom Kellermann of Trend Micro. Perhaps he is so bitter that Apple users generally don't need/run antivirus software that he tries to associate them with illegal hacking methodology with such inappropriate, bizarre comparisons?!?

  28. Eastasia or Eureasta by Tyrannicsupremacy · · Score: 1

    Which one were we at war with again?

    --
    http://i.cubeupload.com/T6cyLu.png
  29. Russians early go to bed, China stealth dragon! by Anonymous Coward · · Score: 0

    > While East Asian groups tend to work for other organizations interested in their skills, hackers from Eastern Europe generally operate in small, independent units, and are focused on profit.

    Stupids! What do the russian and bulgarian hackers have? Oligarchs with a pile of cash and failed countries of no future and soon lost Siberia.

    What do the chinese hackers have in their list of achievements? The next world superpower with not one, but TWO different 5th generation stealth jetfighter types already testing on the runway. Those futuristic jets were built 99% on american knowledge the chicom hackers managed to exfiltrate via the internet. Some 25 years ago chicom industry had no idea how to copy an already vintage, Ford-T simple MiG-21 plane! Those young chicom console jocks have literally hacked together the future of their huge country. I bow down to their espirit d' corps and patriotism.

    What did the russian hackers achieved? Stealth njet, vodka da, mashenyka da, maffia links da! See with your own eyes in their own self-promotion video, available here:
    http://link.brightcove.com/services/player/bcpid3698508001?bctid=524257711001

  30. Re:People don't know the meaning of the word "hack by DroolTwist · · Score: 1

    We'll never win this fight. How about we make up a new word for "hackers", and let it go? It happened to the best words... that's why it is good we have a symbolic language, mostly - easy to switch signs. Maybe code artists? code artisans? cartists?

    Artodes?