As usual, Douglas Adams said it first and best.

Screw it, just block the whole subnet. I've never received a packet from .cn that wasn't a complete and utter waste of electrons. If I ever /do/ want to do business with someone in China, I can phone them up or write a letter.

If we blocked the whole lot to avoid the attacks, the only thing we'd miss out on (as "collateral damage" or fallout or side-effect) would be the spam.

Why is this not a no-brainer?

japan and romania and poland and russia and...

fail2ban is your friend... and if you're still using windows for your servers... umm... HA!

my personal server (which doesn't generate much traffic if any for that matter) gets attempts on being hacked daily. used to be well over 10,000 attempts a day. now it stops at 3-5 (fail2ban is set at 3 attempts). kinda kills the attack when the IP is banned from all access for attempting to break in.

Or are they trying to find compromizing material on the IOC's president's computer ?

Belguim indeed.

Does make me wonder why those jolly chinamen [and women, of course] wouldbe poking around belgian interests? I mean, what important information could they gleam?

New recipes for high quality chocolate? [they are turning into a consumer based society after all]

Technical data from Fabrique Nationale so they can make cheap knockoffs of P90s? Perhaps the Type 56 [one of the most successful AK47 knockoffs in second and third world countries] will be replaced with a suspicioucly familiar 'type 90' bullpup SMG sometime in the near future? ;-)

Possibly being bundled with some tasty dark chocolate to entice overseas buyers?

Mine is the long overcoat with the large amounts of firearms underneath...and the 70% cocoa chocolate bar in the breast pocket.

Steven R

"So far, the countries have provided little proof that Chinese hacking is any different from cyber operations being conducted by other governments."

Such as ... ? Are you gonna back that up, or what?

It presumes that "other governments" are, then, attempting the same types of attacks as those the Chinese government is being accused of perpetrating. Where is the outrage, or at least a link? Tsk tsk.

It's taken seven years, but could this really be the Chinese cyber-war that the American anti-virus industry, and Richard Cluck / um, Richard Clarke, warned us about back in 2001?

Back when the Wall Street Journal exposed the US AV industry as tools of the People's Republic of China?

(ok, one more time: http://www.theregister.co.uk/2001/04/03/chinese_feds_demand_computer_virus/ )

And how very, very interesting that Goodin brings up Cisco. Didn't Cisco participate in the construction of The Great Firewall of China?

At least it makes necessary for our govs to pay attention to security. Well, some of our govs at least, as you observed:

"According to some reports, hackers who stole a large amount of sensitive information from the US Pentagon last June were based in China. [...] Last month the FBI was report to be investigating the possibility Chinese hackers have installed backdoors in sensitive government networks using counterfeit Cisco routers."

Mouarf.

Anyway, I'd bet my shirt that all the poor victim countries are doing exactly the same (not even to mention Echelon).

I am growingly increasingly reluctant to purchase any equipment manufactured in China, simply because I have seen equipment inexplicably "phone home" to the PRC. I'm not talking about SoHo crap like Linksys or NetGear, I'm talking about high dollar, high end enterprise hardware that costs more than your run of the mill Ferrari.

Even after a thorough investigation by our forensics team, the vendors engineers and several of the senior developers involved, there has yet to be an explanation as to why virgin hardware would immediately be sending unsolicited packets to China.

Needless to say, neither that equipment manufacturer nor ANY of its products will ever be used at any of the businesses, the company I work for, supports.

Name and shame, mofo.

Steven R

"Does make me wonder why those jolly chinamen [and women, of course] wouldbe poking around belgian interests?"

Steven, go look at a map and find out where Brussels is located, and the Hague, and all those lovely EU institutions, and NATO headquarters.

Think about it for a moment...

Realisation dawning yet?

The author wants proof why Chinese hacking is any different from any other countries' hacking. Presumably Hack thinks that this story is being picky on the poor old Chinese. Bit of a funny thought that one.

I think it was 1998 that a Dutch hacking convention tried to remove Belguim from the internet, in retaliation for a previous Belgian conventions attack on the Netherlands. My employer had systems in both countries so I spent a week installing patches for everything past my bedtime.

Attacking Belgium doesn't distinguish the Chinese from anyone else, in a way it makes them seem more normal. Even Belgians hate Belgians - the three different language groups never talk to each other there. What sort of a nation is split in three along extra-national boundaries ? We should call the Belgians by their true names - Dutch and French and Germans. At what point do we stop the pretence Begium is a real nation - I mean, if Pluto isn't a planet anymore then Belgium shouldn't have a seat at the UN. Have they even been able to elect a Belgian government yet since the last election ?

sure I have seen that exact same post before, about 6 months ago, thats not to say its not a true story, just stuck in my mind.

@ .gov, Why is a .gov network connected to the damn interweb, surely it should be seperate on its own lines etc.

In my job as a security manager for a Governement agency I actively drop all traffic from China allocated IP ranges (as well as many other networks) Chinese networks are the source of nearly all malicious traffic encountered plus providing hosting services to so much fraudulent and copyright infringing products/services. They will not rewspond to complaints so I simply blackhole them.

The Hague happens to be in Holland....

You think SHAEF is on public backbone?

Same thing!

...when they realised that their own had stopped working.

Cisco provides much of the worlds' infrastructure; if the US wanted a way into potential enemy* networks they'd only have to ask** Cisco to cooperate.

* every other country

** pay

Anon because there's a Cisco router in my office...

Maybe the Chinese spent 10 months *looking* for the Belgian Government, along with *everyone else*. Or, they’ve gotten confused by *which* Government; last time I counted I’m paying for 5 of them (well, 6 whilst I was subsidising the old lot in caretaker mode at the same time paying for the “in waiting” lot)

And to answer Danny; the 3 communities get on a lot better than the media portrays. The bollox you read last year was pure politicking by the right-wing Flemish separatists and predictable over-reaction by the far-left. A bit like the Daily Mail claiming all the Scots want to declare independence etc; a little bit of loaded propaganda can go a long way…

Mine's is the one with the bottle of Leffe

Suckers! Only a heavily firewalled chinaman with little understanding of western society could possibly think that either of these institutions do anything at all.

It's the ultimate tar pit, the hackers will be bogged down in mountains of meaningless shite for decades. I'd love to see the look on their faces when they hit the EU document stash, all bollocks and then translated into a gazillion languages!

Mmmmmm Leffe in an ice frosted glass. At least the Belgians know how to serve beer properly :)

Why Belgium like others have said already ... NATO HQ is in Evere (Part of the Capital Area of Brussels) and guess what? A large number of EU instances are based in ... Brussels... Thats is why...

As to the beer remarks well Leffe is good I suppose but be adventurous and try some Kriek (Black cherry) or Framboise (Raspberry) or Apple-Black cherry beer... Nicely chilled in a cold glass it is heavenly...

Paris because she knows how to handle her booze... or so she thinks

Holland? HOLLAND?!?

oh.

Hey look, uh... something! *runs away*

You shouldn't worry too much about Belgium. there are indeed some Flemish right wing separatist that are making a lot off trouble recently, but most people are getting along quite well (I am a "french" Belgian and my best friend is a "dutch" Belgian).

The issue with Belgium is that it is a central point in Europe were a lot of institutions are (the EU and NATO) and where a lot of international companies have some presence. So many things transit trough Belgium that it is a very good target.

The US intelligence community knows pretty much about hacking threats. They are operating a special network for intelligence and command an control. Google for SIPRNET and CRITICOM. These networks are of course encrypted and all inflow/outflow to other networks is closely monitored.

For example, a team working on the F22 avionics would operate in its own virtual subnet and would not be able to communicate with anybody else. Of course they could not read theRegister.com while hacking on F22 Ada code.

So the is no "NATO intranet" or something, it is more like a lot of compartmentalized systems. Note that these systems can span multiple locations, due to router and encryption technology.

I once heard from some guys who worked at NATO in Brussels that their firewall is actually something called "Air Gate". Basically, they transmit data with a USB stick between the "outside" and the "inside".

Also check for NSA Security Enhanced Linux. The elite of NSA engineering & science is second to none I would think. Just because there are many ignorants/cretins in the ranks of many military services (sometimes even the “Commander in Chief”...) does not mean much.

If you think hard about the theoretical possibilities of hacking, you have to stop using off-the-shelf hardware and software, because you basically don't know how many security holes there are still undiscovered. It is just that the brass is so impressed by PowerPoint that they crave for it.

But I would not be surprised to learn that the folks at NSA had their custom-made hardware (from CPU to routers and text editor to database) and software for the =really= critical things.

Also check for NSA Security Enhanced Linux. The elite of NSA engineering is second to none I would think.

I would say that hackers / security testers are your friends during time of "peace". Better to find the holes now than during time of war. But Cisco / Linksys / Netgear routers sending packets (passwords) to .cn? Ouch! We need to raise our game.

Belgium and Holland are nowhere near the same. perhaps you should take a look at an online atlas?

The Haque - Dutch seat of goverment, Seat of the International war tribunal and not its capital ( Amsterdam )

Brussels - Seat of the E.U.

Another note: German BND (Bundesnachrichtendienst) apparently got into the networks of the Afghan government. It was made public because they accidentally intercepted emails to a German journalist. The latter may be illegal, so they thought they had to notify the journalist and the whole thing became public.

Hacking has just become an additional method of gathering secret intelligence. It appears to be more intrusive than cryptanalysis, but maybe that is just a perception ( just like “longbows are illegal weapons” (according to the pope of that time)). It seems everybody is doing it.

Better use a mechanical typewriter for really important memos.

Paris, because I like her face and her money.

So if we block China that means chinese gold farmers will be removed from World of Warcraft... Lets do it.

They'd have to find it first!

(Somewhere near Holland, but "nowhere near the same", I hear)

Chinese hackers are having a go at India...

A lot of UK data (banks, financials, etc) are off-shored to India...

Is our data really secure being off-shored?

I was in Belgium, I ended up being violently ill after eating gnocci in a Brussels restaurant. Cyber attack these Belgianeeses to peeses I say!!!!

You cannot just simply block the IP's from China and believe they are cut off from your network.

A proficient hacker isn't directly routing from his network to the network he is attacking. He is working through at least one other (more than likely 3 to 4). Basically, setting up a proxy from another network he has already taken control of, or at least enough control he can launch attacks from there. The networks he is directly routing towards your network is likely one you haven't blocked, because it is in the same country you are.

The FBI is investigating counterfeit CISCO routers, however none of them are suspected to have been purchased by the US Governement. Procurement of these IA enabled devices (routers, firewalls, etc) is strictly controlled; and can only be purchased from certain vendors.

I've said it a thousand times on the WoW forums, but I'll repeat it here.

You need to stop the gold buyers to stop the gold sellers. It's not like they can't use a proxy anyway. Remove the buyers, the sellers then do not get enough business, the servers clean up. Fewer key loggers too and fewer cheater.

Mind you this is completely off topic. On topic, who else is involved in this "cyber war" if it's just China, surely the west needs to start working on it too?

Thecowking

Paris because it's f=Friday.

Has anyone considered the possibility that maybe, just maybe, people are using proxies or some other routing software (tor) to appear to be coming from china?

If i were a miscreant, i might take advantage of the recent press about attacks from china and make myself appear to be from china to mount an attack.

Suddenly, its just another attack from china.....

Just a thought.

Mines the one with the glasses, fake nose an mustache in the pocket....

...I might make myself appear to be from the white house.

Much more entertaining.

>You cannot just simply block the IP's from China and believe they are cut off

>from your network.

Yes, you can, although you would have to block all the gateways coming out of the China network. Which sounds like a big job. And then there'd still be dial-up, Hong Kong, Macau (block or not?) and, most challenging, Taiwan.

While it may be good for WoW I doubt the worlds economy would benefit from such an approach.

"While it may be good for WoW I doubt the worlds economy would benefit from such an approach."

Probably totally infeasible, due to the fact that the most important link of Apple's, Dell's and HP's supply chain is CHINA. The same can be said for many other low- and high-tech businesses. At least if we don't want the Second Great Depression.

But maybe it is time for the British to reconsider the mantra “it is all about Economics”. Sometimes it is also about security. The lowest bidder is not always the best bidder on the long run.

There is a strong rationale for sourcing strategic products from democratic countries, otherwise we may be at the mercy of the irrational behaviour of an Enlightened Tyranny.

Steve, because he is crazy about sourcing from China.

>Apple's, Dell's and HP's supply chain is CHINA.

Gosh, not CHINA!

>But maybe it is time for the British to reconsider the mantra “it is all about Economics”.

So you think that maybe a "second great depression" is worthwhile to stop some hackers who may or may not be Chinese dicking about with Belgian computers?

Maybe it's time for the UNITED STATES OF AMERICA to reconsider sourcing all their products from China, since all the companies you listed are actually American.

Remember the Incredible 1987 cyberpunk movie "RoboCop", starring the inestimable Peter Weller? Omni Consumer Products was trying to perform a corporate takeover of Detroit.

Clearly, China is trying a hostile takeover of Belgium.

"So you think that maybe a "second great depression" is worthwhile to stop some hackers who may or may not be Chinese dicking about with Belgian computers?"

I was trying to make two arguments, which are running against each other. When I wrote the message I was aware of the fact that these arguments were contradictory.

What I want to say is that we can't possibly lock China out of the world economy without a great economic crisis.

But we should reconsider the Free Trade argument in the light of strategic threats. I don't care about Chinese jeans or shoes. But I care about Chinese routers in European networks. Huawei is successfully trying to get into virtually all European telecom networks (including BT) and that may be dangerous, given the Chinese system of government.

Just because their gear is cheap and appears capable does not mean it is in our interest to use it. I want to make the argument that strategic equipment (CPU, RAM, display, networking, software) must come from sources we (democratic countries) trust.

Adam Smith invented the idea of Free Trade when there were no security risks attached to foreign wares.

Regarding the Americans, if HP, Dell and Apple are in trouble, I bet the paper-pushers in the City of London are in even deeper trouble.

Jolly Rogers, raised when another harddisk is transferred to Beijing.

yes , that post is sharp to the point of propaganda, can we have some verifiable facts/names please?

@Scott - Leffe

I don't know - I have stayed in Belgium but I only spoke French and Dutch - and those communities aren't similar. However you did make a winning point about the beer. Leffe, and a few of the monks dark beers are so tasty that they may hold the country together. That raises another problem though - maybe the Chinese aren't after NATO when they look into Belgian systems. Maybe they are after the recipe to a decent beer.

Joking aside, the single most important organisation in the capitalist world is headquarted in Belgium. It is a place so prestigous that it's employees are banned from ever using the word 'prestige' in internal documentation. That is not NATO, it is SWIFT. It is much more secure than NATO. When you hear of hacking attacks on Belgium, don't think military, think financial. Or beer.

"You can't be a Real Country unless you have a BEER and an airline - it helps if you have some kind of a football team or some nuclear weapons, but at the very least you need a BEER." - Frank Zappa

The Chinese have been poking around North American computers for years. I think it was Chinese National Railroad computers that used to be looking at my little and inconsequential system. They probably still do but I haven't bothered to check in years. Banning the IPs of bothersome areas/countries doesn't seem like a bad idea.

"Just because their gear is cheap and appears capable does not mean it is in our interest to use it. I want to make the argument that strategic equipment (CPU, RAM, display, networking, software) must come from sources we (democratic countries) trust."

You must be living in cloud cuckoo land if you think democratic countries have an agreement not to spy on each other and not to use underhand tactics on each other.

"Joking aside, the single most important organisation in the capitalist world is headquarted in Belgium. It is a place so prestigous that it's employees are banned from ever using the word 'prestige' in internal documentation. That is not NATO, it is SWIFT. It is much more secure than NATO. When you hear of hacking attacks on Belgium, don't think military, think financial. Or beer."

Or they just do what the US did/does, blackmail SWIFT and other corporations to give them whatever info they want:

en.wikipedia.org/wiki/Terrorist_Finance_Tracking_Program