Feeds

China: Online predator or hapless host?

Reg man asks if all the China-bashing is justified

Boost IT visibility and business value

In order to flourish, this kind of “Crime-as-a-Service” also requires so-called bulletproof hosting firms where hackers can run C&C servers and register malicious domains safe from the prying eyes of law enforcement. “These places provide a safe haven. Two or three different actors in China come to mind, accepting domain registrations which ultimately lead to attack campaigns – it’s a black hole,” said Manky.

“Interestingly China has done something. It had a problem with fraudulent registrations so the government acted to [tighten registration], but … there are still loopholes in the system – not just China but everywhere.”

The latest CNCERT stats reveal 140 malicious domains, just over a third located in mainland China, which could have been hosted in this way by attackers outside of the country.

FireEye EMEA product manager Jason Steer told El Reg that China was number three in the firm’s recent report for hosting C&C systems, below the US and South Korea, but agreed with Manky that this in no way signifies that actors inside the country are attacking global targets in huge numbers.

“Actually, I'd argue something different: attacks coming from within your country indicate that C&C servers are set up in-country to dupe defenders. Attackers are less easy to spot and find with traffic staying in country first and then being moved on,” he said.

“Given the size of China and the size of its PC population, it's an obvious place to attack from – with high speed internet and the same insecure computers running Windows there as they do across the world. As it rolls out high speed internet, clearly it’s a good place to locate systems without questions being asked.”

Home-grown problems

For the record, China's internet population at the end of 2012 stood at 564 million, around 50m more than a year previously. That's still only 42 per cent penetration but still a lot of users to target, meaning China is likely to remain an attractive location for global crime gangs to launch attacks from for some time to come. The vulnerabilities in the nation's address space are also being exploited by home-grown attackers, of course, as a report on China’s Online Underground Economy released last August shows. It claimed that nearly a quarter of the country’s internet users and 1.1m web sites were affected in 2011, at a cost of over 5bn yuan (£526m).

Trend Micro VP of cyber security Tom Kellermann told The Reg that there are over 90,000 members of the Chinese shadow economy.

“Over the past two years there has been an explosive growth in criminal hacking within China targeting Chinese corporations,” he added. “The great firewall of China has numerous vulnerabilities and as the nation becomes global economic hegemon the king of the mountain is beginning to experience the dark side of globalisation.”

China’s challenge is to promote greater levels of information security awareness among its vast populace, especially as more and more users come online for the first time, and tighten up the loopholes which have allowed bulletproof hosters to flourish. Such steps will make it less attractive for criminals – reducing the number of attacks launched by operators outside the country using compromised Chinese IP addresses, as well as cutting its domestic cyber crime problems.

It’s difficult to feel much sympathy with Beijing given the apparent volume and persistence of state-sanctioned attacks originating from within the Great Firewall. But it’s also worth remembering that activity of this kind is certainly being carried out to a lesser or greater extent by all major global powers.

In a notable report from last September, Trend Micro’s Kellermann even concluded that “hackers from the former Soviet bloc are a more sophisticated and clandestine threat than their more well-known East Asian counterparts”. China’s problem is that it’s currently the noisiest out there. Perhaps if it wants the damaging headlines to go away it needs to get its own house in order and get caught less frequently. ®

Gartner critical capabilities for enterprise endpoint backup

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?