Slashdot Mirror
Despite Promises, China Still Targeting US Firms (crowdstrike.com)
itwbennett writes: Three weeks after the U.S. and China reached their first ever cybercrime and cyberespionage agreement, a new report from CrowdStrike details intrusions from hackers affiliated with the Chinese government, indicating they almost immediately broke their word. In a blog post, CrowdStrike's Dmitri Alperovich said the first observed intrusion was detected on September 26 – one day after President Obama hosted President Xi Jinping of China for a state visit.
That's just what we call pillow talk.
Is anyone surprised by this? Even a little bit? I don't know what it is about the Chinese, but they seem to think that if one repeats one's denials enough, the plainly observable truth will just go away. How else would you explain their straight-faced, utterly disingenuous denials?
I think the more likely answer it pretty much anything facing the internet should probably expect to be under fairly constant attack, from lots of different sources, none of which knows what you are.
Years ago it was true that if you took a brand new Windows machine, put it on the internet, it would probably be hacked within 30 minutes. I very much doubt that has changed for the better.
I suspect a lot of this stuff is just purely automated at this point.
The internet isn't really a safe place. You should pretty much assume that someone on the internet is actively trying to hack into machines. In fact, you should probably assume a lot of someones are.
I suspect they don't know or care the function of your machine. It's just a blanket "attack everything and see what happens".
Lost at C:>. Found at C.
Daily State Department press briefings with verifiable evidence of the actions, with the same basic script every time: "Given that our Chinese friends have pledged not be engaging in nor benefitting from such actions, one can only conclude they have lost control of their internal domestic networks."
The Chinese government would hate nothing more than being publicly accused of not having iron control, to the point of possibly even shutting the hacking down for real.
Quick advice: move the port to some random (RANDOM!!!) port above 1024.
It won't help your security but it will stop you log from filling up with notifications.
I see "attacks" from addresses in almost every nation. It isn't that I'm under constant attack. It isn't that I'm particularly valuable.
It's that it is easily scripted.
Next thing you know the media will try to convince is that Iran is cheating on the Nuclear deal.
I'm an American. I love this country and the freedoms that we used to have.
I suspect they don't know or care the function of your machine. It's just a blanket "attack everything and see what happens".
That's what it looks like in my logs, too. When I was running an open http port I would see not targeted attacks, but what looked like scripts looking for an insecure/misconfigured server.
I found it amusing that since switching to https with self-signed certificates, the number of attacks dropped to zero. Even hackers won't accept my certificate :/
A big part of the problem is this BO administration. Worse that Jimmy Carter, this one is frankly, in-your-face anti-American, trying to trash the country.
The short answer is no.
The longer answer is that an IP address alone tells you almost nothing. For example, any competent agent for the NSA is going to use a compromised system in the EU, Russia or China when attacking Chinese targets. Equally, any competent state-sponsored actor in China is going to use a compromised system in the EU, Russia or the US when attacking US targets.
And the remote IP is not necessarily even compromised. Maybe not so much for Chinese IP addresses, but what the bad guys like for the US IP address space are university virtual private networks. Get the password for an account at an EDU then (bounced through a compromised system) connect to that, *then* attack. Some of them will bounce through multiple EDU VPNs.
Another example is the javascript malware that you get to a browser via: injection from privileged position on the network (e.g., NSA), compromised server, advertising, or any other method. The javascript runs in the browser and does its thing. The user's system is effectively compromised and part of a botnet, but closing the brower "cleans" it. There's no requirement to have anything on the file system making antivirus as helpful as some hand sanitizer.
If you have a remote IP address all that you can really say is that packets were routed to you with that as the identified source (in some attacks they don't even have to come from that IP address at all). Who was at the computer? Who was responsible for the packets? That takes a lot more than an IP address to determine.
Check you logs. Were you "attacked" by any IP's in the USofA? Or Europe?
Just because an "attack" is coming from an ISP owned by someone does not mean that that someone is connected to the attack.
Any minimally competent attacker would have bounced the attack through at least 2 other cracked systems outside of his/her home or government or whatever.
Or, to clarify that, a competent Chinese attacker would connect to a machine in France that would connect to a machine in California that would run the script that would attack your system. At a minimum.
This is because, unlike Hollywood movies, most attacks are scripted. There isn't a "hacker" sitting at a keyboard thinking about what to type in real time.
Obama is a hopeless wimp and a god-awful "negotiator," and we've no more reason to suppose China will live up to bargains with him than Russia or Iran will. They are laughing their asses off at this putz. Spare us the bewildered tone of surprise, this is exactly what we all wanted when we elected this idiot.