Feeds

China: Online predator or hapless host?

Reg man asks if all the China-bashing is justified

SANS - Survey on application security programs

In order to flourish, this kind of “Crime-as-a-Service” also requires so-called bulletproof hosting firms where hackers can run C&C servers and register malicious domains safe from the prying eyes of law enforcement. “These places provide a safe haven. Two or three different actors in China come to mind, accepting domain registrations which ultimately lead to attack campaigns – it’s a black hole,” said Manky.

“Interestingly China has done something. It had a problem with fraudulent registrations so the government acted to [tighten registration], but … there are still loopholes in the system – not just China but everywhere.”

The latest CNCERT stats reveal 140 malicious domains, just over a third located in mainland China, which could have been hosted in this way by attackers outside of the country.

FireEye EMEA product manager Jason Steer told El Reg that China was number three in the firm’s recent report for hosting C&C systems, below the US and South Korea, but agreed with Manky that this in no way signifies that actors inside the country are attacking global targets in huge numbers.

“Actually, I'd argue something different: attacks coming from within your country indicate that C&C servers are set up in-country to dupe defenders. Attackers are less easy to spot and find with traffic staying in country first and then being moved on,” he said.

“Given the size of China and the size of its PC population, it's an obvious place to attack from – with high speed internet and the same insecure computers running Windows there as they do across the world. As it rolls out high speed internet, clearly it’s a good place to locate systems without questions being asked.”

Home-grown problems

For the record, China's internet population at the end of 2012 stood at 564 million, around 50m more than a year previously. That's still only 42 per cent penetration but still a lot of users to target, meaning China is likely to remain an attractive location for global crime gangs to launch attacks from for some time to come. The vulnerabilities in the nation's address space are also being exploited by home-grown attackers, of course, as a report on China’s Online Underground Economy released last August shows. It claimed that nearly a quarter of the country’s internet users and 1.1m web sites were affected in 2011, at a cost of over 5bn yuan (£526m).

Trend Micro VP of cyber security Tom Kellermann told The Reg that there are over 90,000 members of the Chinese shadow economy.

“Over the past two years there has been an explosive growth in criminal hacking within China targeting Chinese corporations,” he added. “The great firewall of China has numerous vulnerabilities and as the nation becomes global economic hegemon the king of the mountain is beginning to experience the dark side of globalisation.”

China’s challenge is to promote greater levels of information security awareness among its vast populace, especially as more and more users come online for the first time, and tighten up the loopholes which have allowed bulletproof hosters to flourish. Such steps will make it less attractive for criminals – reducing the number of attacks launched by operators outside the country using compromised Chinese IP addresses, as well as cutting its domestic cyber crime problems.

It’s difficult to feel much sympathy with Beijing given the apparent volume and persistence of state-sanctioned attacks originating from within the Great Firewall. But it’s also worth remembering that activity of this kind is certainly being carried out to a lesser or greater extent by all major global powers.

In a notable report from last September, Trend Micro’s Kellermann even concluded that “hackers from the former Soviet bloc are a more sophisticated and clandestine threat than their more well-known East Asian counterparts”. China’s problem is that it’s currently the noisiest out there. Perhaps if it wants the damaging headlines to go away it needs to get its own house in order and get caught less frequently. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.