back to article Hidden Dragon: The Chinese cyber menace

Cybercrooks and patriotic state-backed hackers in China are collaborating to create an even more potent security threat, according to researchers. Profit-motivated crooks are trading compromised access to foreign governments' computers, which they are unable to monitise, for exploits with state-sponsored hackers. This trade is …


This topic is closed for new posts.
  1. Neil Barnes Silver badge


    Have you just given away the ending to Neal Stephenson's latest, REAMDE?

  2. LarsG


    If the Chinese are able to put a 'Great Wall of China' barrier around their web to keep thing out why doesn't the rest of the world put one round that to keep them from getting out.

    The tech is already out there.

    1. zen1

      maybe a little too late?

      In theory, it could be done, however there are a number of logistical issues that may be a problem.

      1) The number of western businesses doing business with the PRC.

      2) The number of stratigic alliances that the PRC has with other nation/states that are hostile to the west.

      3) While the PRC does run a lot of attacks out of the mainland, think about the number of compromised machines in each western country, that could communicate back to the PRC through indirect channels.

      I'm not saying it couldn't be done, but it would require a lot of people to remove their heads from the sand and really look at the situation for what it is. Given that most western comm gear firms (Cisco, Blue Coat, Juniper, et. al) have moved manufacturing to hong kong and the PRC OR large ISP/Telcom firms have been purchasing chinese gear hand over fist, we've basically handed the keys of the kingdoms over to them.

    2. Anonymous Coward
      Anonymous Coward

      I think LawsG needs to grow up and take a gander at the real world.

      Firstly the "Great Wall of China" doesn't stop mildly persistant people.

      Secondly the west relies on services from China, or do you think requests for more gadgets and shirts are flown by carrier pigeon and that the Hong Kong stock exchange is worked by old fashioned black telephones?

      Thirdly, how would the west spy on Chinese systems? Or are you dim enough to think that it's only the Chinese that go spying on Foreign companies, governments and local populations. China likely gets spied on plenty by the West, it's just that they're even less likely to expose such events at the risk of appearing weak.

      Fourth, How would growing legitimate local Chinese business be able to provide their services to the west?

      Fifth, how would Chinese expats get news about their homeland and communicate with their families and friends?

      Sixth, how would Chinese dissidants obtain information and support from the outside world?

      Seventh, it's almost certainly illegal.

      Eighth, it's entirely possible China would if such a thing were done, would take its toys home and demand its money back from western nations.

      Ninth, who would people blaime all the continuing hacking incidents on? China does make a nice easy scape goat for all things hacking.

      there are probably a few hundred more reasons.

      Not to mention it's a sign of a generally ignorant and racist opinion.

      Also I recall seeing one of the head honcho's from el'Reg many years ago on the bbc talking about China and as such take anything posted about China on el'Reg with about as large a shovel of salt as I take news from FoxNews.

      1. Steven Roper

        @AC 04:17

        You had me agreeing with you, right up until you used the word "racist." That word has been so overused by the PC lobby to squelch any and all cultural debate and enforcing their worldview that, like "think of the children" and "protect against terrorists", it has become a mockery of its original meaning, a symbol of oppression and reduction of freedom.

        The moment you labelled LarsG a racist, you invalidated your argument because I'd wager big money that race was the last thing on his mind when he came up with his solution. Granted, it's a bit extreme, but then he's probably concerned about a potentially hostile and oppressive communist nation having the power to destroy our livelihoods. The fact that a large proportion of China's residents also have slanted eyes and yellow skin most likely never even entered LarsG's thoughts, nor does it have any relevance to the threat China represents.

        I'd hazard a guess that's why you currently have 4 downvotes for an otherwise sensible post.

        1. Graham Marsden
          Thumb Down

          @Steven Roper

          And your taking a *single* word out of his (as you admit) sensible post and using it as a reason to claim that it invalidates the whole thing is why you have got a downvote.

      2. Armando 123

        Racist? We're talking about the Chinese government, not the Chinese people. And the Chinese government does not exactly have a track record that makes you think they respect rule of law or liberty.

        I'm not saying they're doing it; I'm saying it wouldn't shock me if they were doing it.

    3. MacGyver
      IT Angle

      I somewhat agree..

      I would say that we should have put all of China (hell, each country) on concurrent 8-bit subnets that way it would be easier to block the whole country if need be. Case in point, I have hundreds of random port scan attempts on my personal home network daily. I have blocked most of China's' 8-bit address blocks, but they are so spread out, that it is not as simple as blocking to

      I have so many 8-bit subnets blocked, that my routers block list is full, this wouldn't have been as issue or as much trouble if their address were concurrent. There is no reason that their country should be allowed to port scan private networks all over the whole world all day long.

      For all those coming down on LarsG, take a look at your firewall logs, and then look up where those "unauthorized access attempt" IPs originate, 99% are from China. I can't imagine what would happen if someone put a computer on the internet without a firewall nowadays, 8 years ago when I was in Korea, if you put a new computer on the internet for updates, it was infected before the updates were finished installing, I can imagine it has only gotten worse.

      I wonder how much of the bandwidth usage on the internet are port scans (from China or otherwise)?

      1. dhcp pump

        I somewhat agree..

        Agree +1,

        Subnet blocking can be required if you are running a service on a port ,most spi firewalls are set to block.,not very useful for half open connections and scans that are usually not done via the interested parties actual position /source country.

        As anon mentioned $ billion of business are carried out with legitiamate CN businesses,most of which are external countries with MF bases in the CN.

        Either way its hard to prove that it actually eminated from their subnet,although dns A' records

        show it to some CN uni etc .

        Where dns poisoning has been used in the past and a LOT of dns records showed ownership from cn suubnets ,doesnt mean cn were carrying out the attacks.

        To accurately determine that ip is attacking your system requires more investigation and other parties involvement outside of your subnet.

        Attacks appearing to be from the uk can be made via others in any country and vis versa,whether botnets are used or not .

        Public internet needs a revamp on the old arpanet,isp's need to allow people to configure their service for in traffic and out ,some have gone this way as it does save the isp data $ as you mentioned ,and also protects the end point customer .

        Most decent ' corporate services also provide this form of sla .

        Cheers & Merry Christmas & NY .

  3. zb

    Working hours

    If all the attacks really do happen between 9am and 5pm we have proof that it is done by civil servants and not real hackers. If this is not enough to convince: further analysis will show that there is no activity during weekends or Friday afternoons.

    1. perlcat

      Not to mention...

      During lunch hour, coffee, tea, and smoke breaks.

      Not sure when they can get in a bit of hacking, really.

  4. Anonymous Coward
    Anonymous Coward

    An article full of "hackers" that aren't.

    Notice how much of that "dark economy" doesn't involve breaking and entering computer systems, but is made up out of plenty of fences, brokers, and other middlemen, too. There's a reason thieves aren't called fences and fences aren't called thieves. Yet here we are, calling all persons doing things that aren't entirely legal "hackers" as soon as there's something with a CPU in it involved somehow. It's not very precise, nor very accurate, and it's not half as useful as it could be either. Worse, it gives legitimate invention a bad name too. That is a poor move in the race to stay ahead on the technology curve.

    "Dark Visitor" really is so much more apt. Comparably US Congress has far less clue about what really makes the economy go (support cartels sue their customers for "theft" that ultimately makes them more money, for one; spreading that love world-wide, for another) than China, where many of the fabs are that are making American[tm] chip- and other designs. Trouble is, most businesses haven't the faintest just what their crown jewels are and consequently are more vulnerable than they think to copying of "intelectual property"*.

    Knowing where your core business is and what constitutes the recipe to your secret sauce that helps you win that business is rather important to your business case. Thus this sounds like a wonderful opportunity to "integrate security" with clear business advantages attached.

    Doing that also obviates the need to listen to vague handwaving about "cyberthreats" and other things that get various government flunkies' and -contractors' panties in knots so much it gives rise to an entire industry that nonetheless hasn't done much to alleviate the threat.

    The more I look beyond mis- and abuse of the "hacker" term, the more I notice the IT security industry is made out of the same type of snake oil. A party that doesn't look at the field the same way can easily see opportunity where you've blinded yourself. And coming from a wildly different background, cultural, motivational, and otherwise, the Chinese have a clear advantage here.

    * "IP" is also a horrible misnomer because it lacks obvious properties of actual property; like how you can copy it and not be deprived of it yet (unknowingly!) have its value affected, though whether the value goes up or down or sideways** is not straight-forward at all. Insisting it is property regardless means we keep on deluding ourselves.***

    ** Here: Lose some value in one market, gain in another.

    *** Can't help but think some people do that knowingly, deliberately, according to some agenda.

  5. Paul Crawford Silver badge

    Kind of obvious

    Really, spying by internet means is such a gift to the whole espionage business really: much less risk, easier deniability by "out sourcing" the work western-style, and generally a whole lot easier due to the lack of security in a lot of organisations.

    That, it seems, is due to fundamentally crap software (think Adobe flash/reader, and office 'run anything' features here) and mismanaged configuration. I think 'mismanaged' is a good term, as it is partly down to BOFH failure, but for more often due to the PHB demanding things are done to make his life easier.

    Still, it is Xmas time and we can have a good laugh at the fantastically inflated loss figures attributed to 'IP theft', helps oil the snakes...

  6. Anonymous Coward
    Anonymous Coward

    Re: Dexter

    I think you'll find that Dexter refers to his "Dark Passenger" for the dark side of his psyche, not a "Dark Visitor".

  7. Circadian

    Why the outrage?

    A major nation is using hacking for industrial espionage. Wow, what a surprizzzzzzzz.....

    At least the "talking heads" implicitly admit they are doing it themselves.

  8. sysconfig

    @Paul Crawford

    "is partly down to BOFH failure" -- You know, BofH's are certainly not infallible.

    From my personal experience, most BofH's care a lot about security, but it's the execs and office workers who will _always_ prefer convenience over security.

    That starts with easily memorable and often shared passwords; includes document sharing via free 3rd party services, which have never been okayed by company security policies, or passing USB sticks around (and losing them somewhere, unencrypted of course); and doesn't end with a lack of understanding that security costs money, but will turn out very cheap compared to actually losing data and fighting lawsuits for infringements or leakage of personal data and internal company documents, not to mention the devastating effect when it becomes public.

    Also, many companies run tons of websites, and once they are out there, they won't be maintained or updated any more, because it doesn't make profit. Better to have staff working on new projects to make money rather than generating costs... that's the typical exec way of thinking.

    Now, the bigger the organisation (read: company and government/authorities alike), the slower the process from spotting a necessary update or security issue to actually resolving it.

    On a completely different note: If I was a hacker with malicious intentions, I'd hack a server in China, Brazil or Russia first, and originate further activities from there, because as soon as IPs from those countries appear in anyone's logs, most people almost automatically think "great, nothing we can do to track them down and kick their butts by legal means anyway"

    Beer, because it's almost Christmas, and I better drink fast, because BofH's don't have a Santa Clause. They are haunted by Murphy, who always strikes on bank holidays.

  9. John Sanders

    When configuring "new customer solutions"

    I always end having to ban most of Asia on the firewall.

    That causes less economical loss (hacking attempts go from ~50 attempts per month to less than ~5) than what can be gained from the amount of Asian users buying stuff on websites from western countries.

    When it comes to China we need them because we gave them all of our manufacturing business (misery-slavery salaries are very attractive towards juicy bottom-revenue) but sincerely they do not need us.

  10. Anonymous Coward

    Pot - kettle.

    After just skimming the article one word jarred a bit. I quote..."accidental bombing of the Chinese Embassy in Belgrade". If that had been written " unfortunate bombing" I would have gone back and read the article believing it to be a factual report - now I will believe it to be propaganda (although none the worse for that).

    How about someone letting rip with an informed assessment of the comparative hacking/listening abilities of the different nations/blocks. My own, totally uninformed, supposition is that the US of A is still streets ahead of everyone else.

    (I was going to put up the Anonymous icon but it's Christmas and some cheer is called for).

  11. Anonymous Coward
    Anonymous Coward

    Why can't China innovate?

    It doesn't really matter if the USA has better hackers. Hackers only know offense, and what does China have to steal?

    But PLA are only fooling themselves. There is something wrong with their system that prevents their own folks from properly innovating inside China. Do they really think they can just steal ideas forever?

    1. Madeye

      China created more international patents than any other country in 2011 ...

      1. ratfox

        China creating loads of patents? Good!

        Maybe the US will finally get around to reforming patents, then... When it is in their interest.

  12. Eddy Ito


    "geared towards stealing the US's technology and economic secrets"

    Seriously? I'll go along with the technology bit as it could be useful but why would they steal economic secrets? Oh, to use as a guide of what not to do. I get it now.

    I'll leave the comment about dark visitors, lunar cycles and the missus for another day as she might read this. Oh shit!

    1. Anonymous Coward
      Anonymous Coward

      Economic Secrets

      Think of raw material prices companies pay; shipping cost; efficiency metrics of semiconductor fabs; levels of debt; debtholders; all sorts of puchasing/sales information.

  13. Anonymous Coward

    The Elephant In The Room

    ..certainly is the laziness towards serious security measures on the side of the western companies being subverted.

    Corporate managers always have a ton of excuses why they "need" a certain kind of insecure setup/configuration. Just looking at the "RSA Security" (should better be called "RSA Fumblers") incident demonstrates what's wrong: This company knew that the security of a certain part of their network was critical to the security of all their customers, yet they didn't bother to remove Flash player from these systems. Everybody who follows the IT press knows that Acrobat products are one of the most dangerous weakness of contemporary systems.

    So if this kind of company doesn't have proper security, we should expect something slightly better than "no security at all" at other big-$$-enterprises.

    Exactly that is what I have seen at a core financial services institution in Germany. They did not care to update Flash player, the Java runtime and Firefox "because all systems are cloned from a 2009 image and all critical stuff is accessed via the Citrix client". The threat of a Flash-borne virus to simply perform screenshots was apparently beyond their imagination.

  14. All names Taken
    Paris Hilton

    Nothing new there then is there?

    We have: intelligence gathering operators

    They have: spies

    They have: well - you get the picture.

    But the real(er?) question is: why this motivation to discredit China?

    The guv and Whitehall do not usually expend energy without justifying to themselves the cost of using such energies.

    1. Armando 123

      Need a Yes, Prime Minister icon

      It's one of those irregular verbs, isn't it, Prime Minister? I gather information, you spy, he violates international law by stealing critical security data.

  15. mhenriday

    «... accidental bombing of the Chinese Embassy in Belgrade»

    Sure, John, the Easter Bunny told me, too, that it was accidental - the «smart» missile had inadvertently been replaced by one that barely made it to O-level....


  16. Anonymous Coward
    Anonymous Coward

    Beware Propaganda

    Problem, Reaction, Solution.

    It's a nasty pattern that repeats over and over sucking the latest buzzwords and technical jargon in and spitting out nothing but scorched earth, police state mentality.

    The real menace is the officials who are protecting the banksters.

    Will 2012 expose this menace, or will it guarantee a global bankster cartel, a global bankster police force, eugenics, agenda 21 and all that fucking UN crap. Or will the public allow these problem reaction solution sob stories to permeate into WW3 by pissing China and Russia off.

    This is why I choose to hang out over at instead of

    The difference is night and day! One propagandizes (TP) the other presents news (H-online). If you can't see it it's because your head is stuck in truth tables and technical manuals working out the timing issues for your digital signals on an intermittent o-scope probe, hint: jiggle the cable.

    Take a break from technical stuff and look what your governments (US, UK) are up to!

    The reality is we are all being used in a NASTY game by the banksters, nato, UN. Calling one country bad is straight out of the State Department's playbook. How bad are those open Chinese proxies really when compared to say a nuclear disaster by stuxnet? So why isn't Israel and the US getting bombed for that?! You want the truth? Read what your state department's treasonous oath breaking agenda is. Learn to recognize the difference between security and propaganda. Don't let these scumbags dictate our technical future.

    Know your real enemy. It sure the fuck ain't a Chinese proxy. These companies in the UK and US that get hacked, that's their stupidity. And the same pattern always applies, why was there data connected online, why wasn't it encrypted, bla bla bla. Same shit, different day.


    Stop buying PEPSI, quit supporting AIPAC, PNAC, UN, Carbon Tax, NGO's like NED, Freedom house. Quit voting for these globalist assholes and throw their asses in jail for treason! It don't matter what country your in. The US (mine) the UK (yours) throw these fuckers in jail before they start WW3!

    1. DryBones
      Black Helicopters

      When was the last time you took your medication?

      1. Anonymous Coward
        Anonymous Coward

        When was the last time you opened your eyes?

        Just because there are some crackpots supporting a conspiracy theory doesn't make it wrong.

        Banksters, he said. Well have a look at how many people in positions of authority in recent months, having previously been pulling the strings from in the dark, are ex Goldman Sachs (the company that showed Greece how to fiddle the accounts so they could be lent more money and therefore generate more megabonuses).

        I'll give you three easy ones for a start: unelected "technocrats" in Italy and Greece. And the head of the European Central Bank.

        Those are facts. They're not wrong.

        The lizard people may be the product of an overheated imagination.

        I wish the banksters were too.

        Happy New Year.

        1. Anonymous Coward
          Anonymous Coward

          Goldman Sachs? Covered in The Independent in November

          18 November, to be specific - with a lot more names than mentioned already.

  17. Gordon Fecyk

    Chinese Feds demand computer virus samples -- El Reg 2001

    Considering El Reg was only one of two IT mags covering this story, I'm surprised this tidbit wasn't included.

  18. Zippy the Pinhead

    "China routinely and angrily denies any involvement in cyber-espionage, arguing that it is frequently victimised by these types of attacks itself, and most recently said that it wanted to help improve cyber-security defences across all nations."

    Of course to help improve cyber-security it has to employ hundreds if not thousands of "investigators" to seek out those insecurities in other countries and corporations. Come on.. does anyone really believe the Chinese that they are innocent?

  19. hosthater

    Cpanel boycott This is important to you whether you know what it is or not. You data is not safe currently, if you shop online at places that use this, even if you don't shop online you might have multiple accounts with the same passwords. This is really important please read it.

  20. Anonymous Coward
    Anonymous Coward

    Once a year I test security at home.

    So far every time I do my tests at home I find it was always russian hackers NOT chinese.

    1. fatchap


      Unless you are more important than I think why on earth would professional hackers interested in IP and commercially sensitive data attack your home PC?

  21. Anonymous Coward

    I love the stench of hypocrisy in the morning!

    ...and of course, the Merkins are not simultaneously furiously trying to hack into Chinese government and military computer systems, all the while crying foul on 'Johnny Foreigner' for playing dirty.

  22. Anonymous Coward
    Anonymous Coward

    Downing of a Chinese jet by US warplanes? It was plane (singular, prop driven) and it collided with one of two jet interceptors.

  23. All names Taken

    On the other hand?


    Pondering: why should China be demonised quite as much as it is?

    Potential ans: even the the PR (peoples republic) seems to be embracing western capitalism (or at least some of their organisations) it should not be hailed as a thing of great excellence because:

    (a) doing so might mean the PR has got there and need do no more

    (b) there may be a future disagreement in some third party nation about some natural resource contractually obliged to PR while the west looks on enviously - very, very enviously. Hence PR of CC can never, ever be portrayed as a goodie. It has to be portrayed as forever a baddie? (by those contractually obliged to think about these things?)?


This topic is closed for new posts.

Other stories you might like