Inside Look At Eastern European Vs. East Asian Hackers

wiredmikey writes with a snippet from Security Week: "Much of the talk about cybercrime remains focused on East Asia. But according to a new report, it is hackers in Eastern Europe that have actually emerged as more sophisticated. In a report entitled 'Peter the Great vs. Sun Tzu' ... compared hackers from the two regions. His conclusion — the Eastern Europeans are far more insidious and strategic. While East Asian groups tend to work for other organizations interested in their skills, hackers from Eastern Europe generally operate in small, independent units, and are focused on profit. Their infrastructure tends to be developed by them specifically for their own use in attacks. 'They [Eastern European groups] tend to want to be in control of their entire infrastructure and will routinely set up their own servers for use in attacks, develop their own DNS servers to route traffic and create sophisticated traffic directional systems used in their attacks,' according to the report. 'If they do go outside, they will carefully select bulletproof hosts to support their infrastructure. It is their hallmark to maintain control of the whole stack similar to the business models pioneered by Apple.'"

Makes sense to me

If the east Asian hackers are anything like the Indian and Chinese programmers I've worked with in the past, that sounds about right. They more often produce lazy, sloppy, jerry-rigged code--and work purely as guns for hire, in-and-out (usually leaving the rest of us to clean up the mess after some company realizes that their great money-saving outsourcing initiative just left them with unusable shit code). Give me a conscientious western programmer any day over that. At least the average American/European programmer can follow basic instructions and won't play dumb and ask for more money when you point out his code doesn't even work.

Re:Makes sense to me

[phil_aychio]

Sounds about right...I haven't been attacked by any Europeans (that I know of) (yet), but the Chinese hackers have got to be the laziest. Sometimes it works for them, only because the target everyone and exploit those systems that are administered by someone just as lazy or lazier. I have an FTP log full of IP's originating in China that try to brute-force their way in. I could set the auto-ban to 1 million failed attempts and the lazy bastards will still get banned. FTP log usually looks like this: login: administrator password: 1111 login: administrator password: 2222 login: administrator password: 3333 etc...

Re:Makes sense to me

[Arancaytar]

That scheme is going to catch more hosts than you might think. They don't care if you have a secure password; most others don't.

Though this article indicates they'd be better off trying 1234 first (and possibly "password" after that).

Re:Makes sense to me

[phil_aychio]

not mine, no. their password attempts are. did I forget to mention that the FTP server's DNS entry has the word 'honeypot' in it?

TL;DR

Apple is Eastern European hackers trying to steal your money

Training

[Hatta]

They're just training for a career in finance.

na zdrowie / sanatate / egészségedre

[acidfast7]

godspeed as it seems that breaking something for profit is the only way corporations make improvements!

Misread

[SJHillman]

I only opened this because I misread "hackers" as "hookers"

Re:Misread

[SJHillman]

On second thought, it still makes sense.

"Much of the talk about cybercrime remains focused on East Asia. But according to a new report, it is hookers in Eastern Europe that have actually emerged as more sophisticated. In a report entitled 'Peter the Great vs. Sun Tzu' ... compared hookers from the two regions. His conclusion — the Eastern Europeans are far more insidious and strategic. While East Asian groups tend to work for other organizations interested in their skills, hookers from Eastern Europe generally operate in small, independent units, and are focused on profit. Their infrastructure tends to be developed by them specifically for their own use in attacks. 'They [Eastern European groups] tend to want to be in control of their entire infrastructure and will routinely set up their own servers for use in attacks, develop their own DNS servers to route traffic and create sophisticated traffic directional systems used in their attacks,' according to the report. 'If they do go outside, they will carefully select bulletproof hosts to support their infrastructure. It is their hallmark to maintain control of the whole stack similar to the business models pioneered by Apple.'""

Re:Misread

[TeknoHog]

With Blackjack! In fact, forget the hookers.

Analogy overload

[circletimessquare]

"It is their hallmark to maintain control of the whole stack similar to the business models pioneered by Apple."

This statement is so absurd.

Why not compare to the Apollo space program or the DeBeers diamond monopoly... these comparisons just as absurd. Or, here's a fun analogy: the Soviet Union.

We get it, how the hackers work. You can get really fun with the analogies by getting political: say their organization methods resemble the organization methods of Al Qaeda or FARC or Wikileaks or Anonymous. See how the absurd analogy is formed from, and can be used to form, silly prejudices and bias?

Reaching for the absurd sort of analogy, like with Apple, tells us more about the author's hangups and obsessions or agenda: comparing and contrasting things and finding parallels in things which are superficial and uninformative.

Re:Analogy overload

[SJHillman]

Oooooor more people on Slashdot (a tech site) are familiar with Apple than an old space program, a former world power, diamonds or politics.

Re:Analogy overload

[circletimessquare]

familiar with^W^W obsessed with

if the idea of centralized control is something you can only appreciate from the business practices of Apple, you have problems

Re:Analogy overload

[Hillgiant]

How DARE you go against the slashdot groupthink?!? Apple is the source of all that is evil in the world. People who purchase their products should be pitied and reviled.

Re:Analogy overload

[Fr33z0r]

Not just Slashdot, it's everywhere. Smartphone rivalry has brought us the console war mentality to the masses. Everybody's got smartphones, so the "your choice is wrong because my choice was different" mentality is running riot and ruining the whole damn internet now, not just the gaming websites.

Re:Analogy overload

[hackula]

If we wanted to do that then we would say "ok /.ers. Europeans are like Magic the Gathering and Asians are like Pokemon".

Re:Analogy overload

[circletimessquare]

I said author, I didn't say submitter.

Apple is not the best analogy, it is ridiculous and absurd, it speak's of the authors obsessions, not a useful analogy.

Re:Analogy overload

[Jstlook]

If we wanted to do that then we would say "ok /.ers. Europeans are like Magic the Gathering and Asians are like Pokemon".

No! I asked for a *CAR* analogy! No, the D is not silent!
More like, Asians produce toyota - those popular cheap cars that people drive, the ones that have all the essential parts to make a car go (you know the asian cars), and europeans produce those sophisticated luxury cars that have all the nice, leather seats and air conditioning (like those european cars do).

Re:Analogy overload

[Larryish]

Pokemon is totally gay.

Re:Apple really?

[JosKarith]

Or... they're dangling a particularly juicy worm for the fanbois to rage over - how dare they compare Apple to hackers...?

Re:Apple really?

[Beorytis]

Apple isn't a fucking punctuation mark!

It would be if /. would allow Unicode in comments.

People don't know the meaning of the word "hacker"

[me74]

Wasn't the Net created by "hackers" working on open-source? (to share informations for free around the world?) People stealing money and private informations are Theaves, Not Hackers.

Re:People don't know the meaning of the word "hack

*Thieves. ... and in the ol' days, weren't people exploiting system vulnerabilities called "Crackers"?

Re:creativity

[hazah]

Supposed to be according to whom?

Re:Apple really?

[Cryacin]

Yeah! How do you like THEM apples?!?

Re:People don't know the meaning of the word "hack

[rmdpgh]

Wasn't the Net created by "hackers" working on open-source? (to share informations for free around the world?) People stealing money and private informations are Theaves, Not Hackers.

I agree with the second sentiment of thieves. Your first supposition, though, couldn't be more wrong. The 'Net started out as a US Department of Defese initiative through DARPA to ensure communications integrity across the US (in particular, the military) in the event of a catastrophe, up to and including nuclear attack from an enemy. Those communications would most certainly *not* have been shared freely around the world. At some point, there were enough private/private-ish entities on ARPAnet, it made sense to split MILNET off to perform the military functions, and *then* let the rest of the world screw around with the 'Net as you know it today.

They are complementary opposites

[srussia]

dark and light, female and male, low and high, cold and hot, water and fire, earth and air... Brin and Yang and all that jazz.

Re:People don't know the meaning of the word "hack

[hackula]

Even though it gets everyone's panties in a wad, I still like the term "Software Engineer". IRL I actually go one step up with "Software Architect". Why would I want to call myself something that makes my clients uncomfortable? I want the term that is going to give them the most confidence and willingness to pay me more. I know that I am a hacker in the real sense, but calling myself that in business is simply unprofessional.

Hookers

[Frankie70]

How about a comparison of East Asian vs East European Hookers?

Apple

[Andrewkov]

So if East European groups are like Apple, then the East Asian groups are like Microsoft?

Re:People don't know the meaning of the word "hack

[RobinH]

Actually if you follow what's being going on with Arduino and 3D printers, etc., what we used to call "hackers" are now calling themselves "makers," as in people who "make" things. I think a more accurate title would be "maker/modder" to cover people who are modifying existing products to give them new functionality. Interestingly these people tend to congregate in "hackerspaces" so it's all a mix of words.

Link to Original Report

[chill]

Wow. 41 comments in and only a handful actually on topic. The rest just bitch about an analogy involving Apple or the proper use of the term "hacker". I guess Slashdot has totally given up on discussions relating to security.

For those (few) interested, here is the link to the original paper.

http://www.trendmicro.com/us/security-intelligence/research-and-analysis/index.html#spotlight-articles

Re:Link to Original Report

[sourcerror]

Garbage in, garbage out.

mmm no

[Gr4vyBoy]

Anyone else think working for someone, like the Asian hackers are said to, guarantees you far more protection against any threat toward you? Therefore, I think Asian hackers are the smarter and more logical ones here.

Re:Apple really?

[maxwell+demon]

Using UTF-8 encoding is not the same as supporting Unicode. Try to use a Cent sign (U+00A2), for example. That's even in latin1, but Slashdot will eat it anyway.

Eastasia or Eureasta

[Tyrannicsupremacy]

Which one were we at war with again?

Re:People don't know the meaning of the word "hack

[DroolTwist]

We'll never win this fight. How about we make up a new word for "hackers", and let it go? It happened to the best words... that's why it is good we have a symbolic language, mostly - easy to switch signs. Maybe code artists? code artisans? cartists?

Artodes?

Re:How about "computer programmer"?

[Urza9814]

Because, the thing is, unless you have an actual engineering degree from a bona fide school of engineering, or you drive a locomotive, or maintain a ship's engines, you're not an engineer.

Who says he doesn't? Most universities that I'm familiar with have computer science as part of their college of engineering, and I'd bet a fair number of slashdotters have comp sci degrees...

Also -- when I was freelancing doing web development in college, I called myself a web developer -- because that's what I was. A PHP code monkey. But now I'm working for a large company, and my official job title is 'software engineer'. So that's what I go with, because I don't feel like changing what my job title is depending on who I'm talking to. It's also the best term I know of -- I could say I'm a programmer or developer, but that leaves out the design and deployment parts of my job. Which currently is the majority of it.

And yes, my degree is a B.S. in Comp Sci from The Pennsylvania State University College of Engineering.

Re:How about "computer programmer"?

[StingyJack]

Or just "programmer"?

Because, the thing is, unless you have an actual engineering degree from a bona fide school of engineering, or you drive a locomotive, or maintain a ship's engines, you're not an engineer.

I know, I know... You want people to think you are an engineer, and you want us to say you're an engineer, because it sounds really important, way more so than just "programmer".

But you're not an engineer, unless, as I said, you have an engineering degree from a bona fide school of engineering, or you drive a locomotive, or maintain a ship's engines.

You sir, are an idiot. An engineer does not a degree make, and if you think that having that lil' ol' piece of paper makes any difference IRL you have not learned anything of real value from whatever "bona fide" institution you attended.

I do not sit at a keyboard and type commands. I apply scientific methods, experience, and some creative thinking to solve technical problems within certain tolerances. That is engineering.

I also can operate a locomotive (steam, gas, and electric), but I don't consider that "engineering".