Slashdot Mirror
Despite Promises, China Still Targeting US Firms (crowdstrike.com)
itwbennett writes: Three weeks after the U.S. and China reached their first ever cybercrime and cyberespionage agreement, a new report from CrowdStrike details intrusions from hackers affiliated with the Chinese government, indicating they almost immediately broke their word. In a blog post, CrowdStrike's Dmitri Alperovich said the first observed intrusion was detected on September 26 – one day after President Obama hosted President Xi Jinping of China for a state visit.
Despite promises US still targeting Chinese firms.
Is anyone surprised by this? Even a little bit? I don't know what it is about the Chinese, but they seem to think that if one repeats one's denials enough, the plainly observable truth will just go away. How else would you explain their straight-faced, utterly disingenuous denials?
I think the more likely answer it pretty much anything facing the internet should probably expect to be under fairly constant attack, from lots of different sources, none of which knows what you are.
Years ago it was true that if you took a brand new Windows machine, put it on the internet, it would probably be hacked within 30 minutes. I very much doubt that has changed for the better.
I suspect a lot of this stuff is just purely automated at this point.
The internet isn't really a safe place. You should pretty much assume that someone on the internet is actively trying to hack into machines. In fact, you should probably assume a lot of someones are.
I suspect they don't know or care the function of your machine. It's just a blanket "attack everything and see what happens".
Lost at C:>. Found at C.
Quick advice: move the port to some random (RANDOM!!!) port above 1024.
It won't help your security but it will stop you log from filling up with notifications.
I see "attacks" from addresses in almost every nation. It isn't that I'm under constant attack. It isn't that I'm particularly valuable.
It's that it is easily scripted.
The short answer is no.
The longer answer is that an IP address alone tells you almost nothing. For example, any competent agent for the NSA is going to use a compromised system in the EU, Russia or China when attacking Chinese targets. Equally, any competent state-sponsored actor in China is going to use a compromised system in the EU, Russia or the US when attacking US targets.
And the remote IP is not necessarily even compromised. Maybe not so much for Chinese IP addresses, but what the bad guys like for the US IP address space are university virtual private networks. Get the password for an account at an EDU then (bounced through a compromised system) connect to that, *then* attack. Some of them will bounce through multiple EDU VPNs.
Another example is the javascript malware that you get to a browser via: injection from privileged position on the network (e.g., NSA), compromised server, advertising, or any other method. The javascript runs in the browser and does its thing. The user's system is effectively compromised and part of a botnet, but closing the brower "cleans" it. There's no requirement to have anything on the file system making antivirus as helpful as some hand sanitizer.
If you have a remote IP address all that you can really say is that packets were routed to you with that as the identified source (in some attacks they don't even have to come from that IP address at all). Who was at the computer? Who was responsible for the packets? That takes a lot more than an IP address to determine.