Search This Blog

Thursday, April 28, 2011

China: A nation of cyber attackers or the 'Wild West' of vulnerable systems?

An ascending nation creates waves in World Politics. At least, that is the case with China and the way it provokes the US Government when it comes to Cyber attack issues. There is one side (that of the US government) which states that China is the powerhouse of a new Cold War in the cyber front. On the other hand, a credible investigation finds that the Chinese government seems totally unprepared to fend off coordinated attacks on Chinese networks.

Well, they are both right. The mixup is in the detail of WHO attacks what. The fact that China (and many other countries) have a large number of vulnerable systems makes it an ideal ground to base the front end of large cyber attacks for two reasons:

  • It requires little effort to locate thousands of vulnerable systems.
  • It breaks the chain of evidence that leads to the real source of the attacks.
Both of these points are really important in the wishlist of a botnet/malware writer/coordinator: If I wanted to DDoS a site, would I target systems in a country where few vulnerable systems can be found, or in countries where most of the systems come from pirated copies (or at best unpatched copies of genuine software)?

The important point in my view is to really investigate how the chain of evidence can be preserved in these kinds of attacks. What Dillon Deresford found is really not surprising and it explains why China is often the ground for cyber attacks. The important thing is that someone should explain to US Federal funded bodies that instead of accusing a country at large, they should also investigate whether US based attackers use Chinese networks to attack US networks. Proving or disproving this possibility will be a winner and the greatest challenge of all. With many important changes in the global network infrastructure (IPv6 is already here), it will be interesting to see if an order or further chaos will emerge with every little device having a globally routable IP.