Belgium, man! Belgium!!
As usual, Douglas Adams said it first and best.
Belgium and India have joined the growing ranks of countries voicing concerns about cyber attacks originating from China. Earlier this week, officials from both countries said computer networks inside their borders are routinely targeted by hackers trying to ferret information that could benefit the Chinese government. Belgian …
Screw it, just block the whole subnet. I've never received a packet from .cn that wasn't a complete and utter waste of electrons. If I ever /do/ want to do business with someone in China, I can phone them up or write a letter.
If we blocked the whole lot to avoid the attacks, the only thing we'd miss out on (as "collateral damage" or fallout or side-effect) would be the spam.
Why is this not a no-brainer?
japan and romania and poland and russia and...
fail2ban is your friend... and if you're still using windows for your servers... umm... HA!
my personal server (which doesn't generate much traffic if any for that matter) gets attempts on being hacked daily. used to be well over 10,000 attempts a day. now it stops at 3-5 (fail2ban is set at 3 attempts). kinda kills the attack when the IP is banned from all access for attempting to break in.
Belguim indeed.
Does make me wonder why those jolly chinamen [and women, of course] wouldbe poking around belgian interests? I mean, what important information could they gleam?
New recipes for high quality chocolate? [they are turning into a consumer based society after all]
Technical data from Fabrique Nationale so they can make cheap knockoffs of P90s? Perhaps the Type 56 [one of the most successful AK47 knockoffs in second and third world countries] will be replaced with a suspicioucly familiar 'type 90' bullpup SMG sometime in the near future? ;-)
Possibly being bundled with some tasty dark chocolate to entice overseas buyers?
Mine is the long overcoat with the large amounts of firearms underneath...and the 70% cocoa chocolate bar in the breast pocket.
Steven R
"So far, the countries have provided little proof that Chinese hacking is any different from cyber operations being conducted by other governments."
Such as ... ? Are you gonna back that up, or what?
It presumes that "other governments" are, then, attempting the same types of attacks as those the Chinese government is being accused of perpetrating. Where is the outrage, or at least a link? Tsk tsk.
It's taken seven years, but could this really be the Chinese cyber-war that the American anti-virus industry, and Richard Cluck / um, Richard Clarke, warned us about back in 2001?
Back when the Wall Street Journal exposed the US AV industry as tools of the People's Republic of China?
(ok, one more time: http://www.theregister.co.uk/2001/04/03/chinese_feds_demand_computer_virus/ )
And how very, very interesting that Goodin brings up Cisco. Didn't Cisco participate in the construction of The Great Firewall of China?
I am growingly increasingly reluctant to purchase any equipment manufactured in China, simply because I have seen equipment inexplicably "phone home" to the PRC. I'm not talking about SoHo crap like Linksys or NetGear, I'm talking about high dollar, high end enterprise hardware that costs more than your run of the mill Ferrari.
Even after a thorough investigation by our forensics team, the vendors engineers and several of the senior developers involved, there has yet to be an explanation as to why virgin hardware would immediately be sending unsolicited packets to China.
Needless to say, neither that equipment manufacturer nor ANY of its products will ever be used at any of the businesses, the company I work for, supports.
At least it makes necessary for our govs to pay attention to security. Well, some of our govs at least, as you observed:
"According to some reports, hackers who stole a large amount of sensitive information from the US Pentagon last June were based in China. [...] Last month the FBI was report to be investigating the possibility Chinese hackers have installed backdoors in sensitive government networks using counterfeit Cisco routers."
Mouarf.
Anyway, I'd bet my shirt that all the poor victim countries are doing exactly the same (not even to mention Echelon).
"Does make me wonder why those jolly chinamen [and women, of course] wouldbe poking around belgian interests?"
Steven, go look at a map and find out where Brussels is located, and the Hague, and all those lovely EU institutions, and NATO headquarters.
Think about it for a moment...
Realisation dawning yet?
I think it was 1998 that a Dutch hacking convention tried to remove Belguim from the internet, in retaliation for a previous Belgian conventions attack on the Netherlands. My employer had systems in both countries so I spent a week installing patches for everything past my bedtime.
Attacking Belgium doesn't distinguish the Chinese from anyone else, in a way it makes them seem more normal. Even Belgians hate Belgians - the three different language groups never talk to each other there. What sort of a nation is split in three along extra-national boundaries ? We should call the Belgians by their true names - Dutch and French and Germans. At what point do we stop the pretence Begium is a real nation - I mean, if Pluto isn't a planet anymore then Belgium shouldn't have a seat at the UN. Have they even been able to elect a Belgian government yet since the last election ?
In my job as a security manager for a Governement agency I actively drop all traffic from China allocated IP ranges (as well as many other networks) Chinese networks are the source of nearly all malicious traffic encountered plus providing hosting services to so much fraudulent and copyright infringing products/services. They will not rewspond to complaints so I simply blackhole them.
...when they realised that their own had stopped working.
Cisco provides much of the worlds' infrastructure; if the US wanted a way into potential enemy* networks they'd only have to ask** Cisco to cooperate.
* every other country
** pay
Anon because there's a Cisco router in my office...
Maybe the Chinese spent 10 months *looking* for the Belgian Government, along with *everyone else*. Or, they’ve gotten confused by *which* Government; last time I counted I’m paying for 5 of them (well, 6 whilst I was subsidising the old lot in caretaker mode at the same time paying for the “in waiting” lot)
And to answer Danny; the 3 communities get on a lot better than the media portrays. The bollox you read last year was pure politicking by the right-wing Flemish separatists and predictable over-reaction by the far-left. A bit like the Daily Mail claiming all the Scots want to declare independence etc; a little bit of loaded propaganda can go a long way…
Mine's is the one with the bottle of Leffe
Suckers! Only a heavily firewalled chinaman with little understanding of western society could possibly think that either of these institutions do anything at all.
It's the ultimate tar pit, the hackers will be bogged down in mountains of meaningless shite for decades. I'd love to see the look on their faces when they hit the EU document stash, all bollocks and then translated into a gazillion languages!
Why Belgium like others have said already ... NATO HQ is in Evere (Part of the Capital Area of Brussels) and guess what? A large number of EU instances are based in ... Brussels... Thats is why...
As to the beer remarks well Leffe is good I suppose but be adventurous and try some Kriek (Black cherry) or Framboise (Raspberry) or Apple-Black cherry beer... Nicely chilled in a cold glass it is heavenly...
Paris because she knows how to handle her booze... or so she thinks
You shouldn't worry too much about Belgium. there are indeed some Flemish right wing separatist that are making a lot off trouble recently, but most people are getting along quite well (I am a "french" Belgian and my best friend is a "dutch" Belgian).
The issue with Belgium is that it is a central point in Europe were a lot of institutions are (the EU and NATO) and where a lot of international companies have some presence. So many things transit trough Belgium that it is a very good target.
This post has been deleted by its author
This post has been deleted by its author
You cannot just simply block the IP's from China and believe they are cut off from your network.
A proficient hacker isn't directly routing from his network to the network he is attacking. He is working through at least one other (more than likely 3 to 4). Basically, setting up a proxy from another network he has already taken control of, or at least enough control he can launch attacks from there. The networks he is directly routing towards your network is likely one you haven't blocked, because it is in the same country you are.
The FBI is investigating counterfeit CISCO routers, however none of them are suspected to have been purchased by the US Governement. Procurement of these IA enabled devices (routers, firewalls, etc) is strictly controlled; and can only be purchased from certain vendors.
I've said it a thousand times on the WoW forums, but I'll repeat it here.
You need to stop the gold buyers to stop the gold sellers. It's not like they can't use a proxy anyway. Remove the buyers, the sellers then do not get enough business, the servers clean up. Fewer key loggers too and fewer cheater.
Mind you this is completely off topic. On topic, who else is involved in this "cyber war" if it's just China, surely the west needs to start working on it too?
Thecowking
Paris because it's f=Friday.
Has anyone considered the possibility that maybe, just maybe, people are using proxies or some other routing software (tor) to appear to be coming from china?
If i were a miscreant, i might take advantage of the recent press about attacks from china and make myself appear to be from china to mount an attack.
Suddenly, its just another attack from china.....
Just a thought.
Mines the one with the glasses, fake nose an mustache in the pocket....
...I might make myself appear to be from the white house.
Much more entertaining.
>You cannot just simply block the IP's from China and believe they are cut off
>from your network.
Yes, you can, although you would have to block all the gateways coming out of the China network. Which sounds like a big job. And then there'd still be dial-up, Hong Kong, Macau (block or not?) and, most challenging, Taiwan.
While it may be good for WoW I doubt the worlds economy would benefit from such an approach.
This post has been deleted by its author
>Apple's, Dell's and HP's supply chain is CHINA.
Gosh, not CHINA!
>But maybe it is time for the British to reconsider the mantra “it is all about Economics”.
So you think that maybe a "second great depression" is worthwhile to stop some hackers who may or may not be Chinese dicking about with Belgian computers?
Maybe it's time for the UNITED STATES OF AMERICA to reconsider sourcing all their products from China, since all the companies you listed are actually American.
This post has been deleted by its author
@Scott - Leffe
I don't know - I have stayed in Belgium but I only spoke French and Dutch - and those communities aren't similar. However you did make a winning point about the beer. Leffe, and a few of the monks dark beers are so tasty that they may hold the country together. That raises another problem though - maybe the Chinese aren't after NATO when they look into Belgian systems. Maybe they are after the recipe to a decent beer.
Joking aside, the single most important organisation in the capitalist world is headquarted in Belgium. It is a place so prestigous that it's employees are banned from ever using the word 'prestige' in internal documentation. That is not NATO, it is SWIFT. It is much more secure than NATO. When you hear of hacking attacks on Belgium, don't think military, think financial. Or beer.
"You can't be a Real Country unless you have a BEER and an airline - it helps if you have some kind of a football team or some nuclear weapons, but at the very least you need a BEER." - Frank Zappa
The Chinese have been poking around North American computers for years. I think it was Chinese National Railroad computers that used to be looking at my little and inconsequential system. They probably still do but I haven't bothered to check in years. Banning the IPs of bothersome areas/countries doesn't seem like a bad idea.
"Just because their gear is cheap and appears capable does not mean it is in our interest to use it. I want to make the argument that strategic equipment (CPU, RAM, display, networking, software) must come from sources we (democratic countries) trust."
You must be living in cloud cuckoo land if you think democratic countries have an agreement not to spy on each other and not to use underhand tactics on each other.
"Joking aside, the single most important organisation in the capitalist world is headquarted in Belgium. It is a place so prestigous that it's employees are banned from ever using the word 'prestige' in internal documentation. That is not NATO, it is SWIFT. It is much more secure than NATO. When you hear of hacking attacks on Belgium, don't think military, think financial. Or beer."
Or they just do what the US did/does, blackmail SWIFT and other corporations to give them whatever info they want:
en.wikipedia.org/wiki/Terrorist_Finance_Tracking_Program