The Titans still Reign

SA Security Bloggers

SensePost

Haroon Meer
link

Matt Erasmus
link

Andrew Mohawk

Junaid Loonat
link

Barry Irwin
link

Tom Wells

Allen Baranov
link

Jock Forrester
link

IT Security Pubcast
link

Telspace

ISGAfrica

Ralfe Poisson

How-To's
link Linux SSH Jail with pam_chroot
link Firefox Privacy & Security Extensions

Papers
link Managing Patching, my MSc Thesis
link Risk Analysis of Monthly Patch Schedules

Tools
link Automated Vodacom SMS (VodaSMS)
link RSS 2 SMS
link DShield Hack Detection

Neologisms
link Encryption principles
link Zoolander's Law

Syndicate This Blog

SSL

Certificate fingerprints:

SHA1: 61 13 45 4B 4C F9 89 9B B7 87 C8 78 F7 38 12 CB 07 E2 60 BF
MD5 : DA 53 7B 50 E4 3A 2C 6C A1 17 53 C1 A0 5E CB 89

HTTPS version.
You can find an explanation here.

License

Original content in this work is licensed under a Creative Commons License

Disclaimer

This blog and its contents are in no way affiliated with, or endorsed by my employer.

Random Entry: Home sweet Homeless
< The Convergance of Physical and Information Security | Chinese Hack Attacks: Some Common Sense >

Tuesday, September 4. 2007

Reports of Chinese hacker activity are surfacing again. First against Germany, then unclassified Pentagon networks, the EU parliment (in 2005) and now the UK. These reports seem to constantly rear their heads. But, as I pointed out in 2005, the limited descriptions of the attacks that filter into the press, have the same MO as the Chinese Triads (that info is from 1997). Given the big move of criminal organisations onto the Internet, why is the first assumption the Chinese Government?

I have two (non exclusive) theories, the first more likely than the second:

The targeted compromise of government and sensitive corporate networks is far more widespread than the few media reports we receive, and possible of the events detected by the security teams.
The 'horn blowing' around these attacks is completely opposite to what we have seen with other compromises where it took a (American only) law to get any sort of disclosure out of companies. Could it be that some sort of pariah state is looking to garner sympathy for an attack (the truth of the compromise is not relevant in this theory).

To put this into context, bear in mind that the US is usually rated as the biggest source of intrusion attempts and SPAM in many reports, but we don't see these referred to as 'Attacks by the US'. Is this just another case of 'them and us'? Quotes such as the following highlight this mentality:

“The Trojan is an old trick favoured by Chinese hackers,” Mr Preatoni said.

Trojans are also favoured by malware writers and SPAMmers, in fact, a majority of malware written at the moment is Trojan and/or bot based, with the line between the two getting blurry. Even better:

The attacks are part of a pattern in which China and Russia are switching from “old-fashioned espionage” techniques to electronic hacking into government computers to gain Britain’s military secrets, the sources added.

It seems Russia is added to the pot, which is just as silly, as we know there is a ton of organised internet-based crime originating from there too. Once again, the message being clearly spelled out is that this is 'espionage' which implies government involvement.

Posted by Dominic White in Security at 08:25 | Comments (0) | Trackbacks (0)

Last modified on 2007-09-05 20:43

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

No comments

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry