×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Responsible For the Majority of Cyber Attacks

CmdrTaco posted more than 5 years ago | from the we're-number-one-we're-number-one dept.

Security 205

Amber G5 writes "SecureWorks published the locations of the computers from which the greatest number of cyber attacks were attempted against its clients in 2008. The United States topped the list with 20.6 million attempted attacks originating from computers within the country, and China ran second with 7.7 million attempted attacks emanating from computers within its borders. This was followed by Brazil with over 166,987 attempted attacks, South Korea with 162,289, Poland with 153,205, Japan with 142,346, Russia with 130,572, Taiwan with 124,997, Germany with 110,493, and Canada with 107,483."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

205 comments

Within the U.S. (4, Insightful)

Ethanol-fueled (1125189) | more than 5 years ago | (#25123665)

The majority of cyber-attacks(controlled by their Chinese and Russian overlords) originate within the U.S.

Re:Within the U.S. (5, Insightful)

Otter (3800) | more than 5 years ago | (#25123913)

Also, these numbers are limited to attacks against the clients of a US-based firm, and are probably skewed accordingly.

If the US rhetoric is right (0)

Anonymous Coward | more than 5 years ago | (#25125517)

Surely US clients are more likely to be attacked by CHINESE attackers, not US ones.

Re:Within the U.S. (4, Funny)

Anonymous Coward | more than 5 years ago | (#25123941)

We should fight them over there so we don't have to fight them over here!

We could also just send Sarah Palin over to Russia and ask them nicely to stop. After all, she can see it from her house, she already said she would cross a sovereign nations' borders without permission if necessary, and apparently she's ready to engage on foreign policy and relations.

Re:Within the U.S. (1, Insightful)

drodal (1285636) | more than 5 years ago | (#25124377)

We should fight them over there so we don't have to fight them over here!

We could also just send Sarah Palin over to Russia and ask them nicely to stop. After all, she can see it from her house, she already said she would cross a sovereign nations' borders without permission if necessary, and apparently she's ready to engage on foreign policy and relations.

Don't mark this post funny, mark it insightful!

Re:Within the U.S. (0, Troll)

operagost (62405) | more than 5 years ago | (#25124933)

I find it amusing that leftists think Palin is a hotter version of Dick Cheney. Frankly, thinking Cheney is evil is already hilarious, until I remember that you all get your "news" from the Daily Kos.

Is Sarah Palin a MILF? (0)

Anonymous Coward | more than 5 years ago | (#25124583)

I honestly don't know -- I'm gay.

Re:Within the U.S. (2)

liquidpele (663430) | more than 5 years ago | (#25124031)

Sure it's impossible to know if the computer is some script kiddie or a hacked PC owned by a Russian college student - and subsequently it's impossible to come up with figures on who actually is responsible for the attack.

However, this does tell you which networks are used the most by hackers (or script kiddies, depending on how you define attacks) which is still very useful information.

Re:Within the U.S. (2, Insightful)

Anonymous Coward | more than 5 years ago | (#25124113)

The majority of cyber-attacks(controlled by their Chinese and Russian overlords) originate within the U.S.

Do you have any legitimate source to back this statement?

Re:Within the U.S. (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25124645)

Do you? No? Then shut the fuck up!

Riiiiiight (5, Insightful)

$RANDOMLUSER (804576) | more than 5 years ago | (#25123673)

So

port scan == attempted attack

Sounds plausible.

Re:Riiiiiight (1)

Goaway (82658) | more than 5 years ago | (#25124725)

Do you honestly think anything but the tiniest fraction of port scans are not malicious?

Re:Riiiiiight (1)

Creepy Crawler (680178) | more than 5 years ago | (#25125139)

Is it illegal to knock on each persons door going down the street?

Its your computers choice if you answer, is it not?

Re:Riiiiiight (0)

Anonymous Coward | more than 5 years ago | (#25125457)

No, but it isn't illegal to scan port 80 on all machines on a subnet either.

Now, try the front door, back door, all the windows, and the sliding glass door in the back - and you may indeed be in trouble.

What? You're kidding, right? (1)

Medievalist (16032) | more than 5 years ago | (#25125277)

Do you honestly think anything but the tiniest fraction of port scans are not malicious?

I've done thousands of port scans as part of my job. I've done four today, and I'm not even a networking guy any more. Most reasonably capable computer professionals will do hundreds if not thousands of non-malicious port scans during their careers.

How do you check port security? Ask your (possibly root-kitted) host with netstat? Ask the (possibly incompetent) sysadmins of the systems you're trying to check?

netcat and nmap are commonly used tools found on all competent network professionals' computers, and most sysadmins use nmap, and really top-notch app programmers keep it handy as well.

Ummm, duh? (3, Insightful)

R2.0 (532027) | more than 5 years ago | (#25123675)

Formula:
#zombies=#computers * X%

I mean, isn't it that obvious?

Re:Ummm, duh? (1)

morgan_greywolf (835522) | more than 5 years ago | (#25123809)

And certainly there are a ton more computers in the U.S. than in China, although that will certainly change within the next decade or so.

Re:Ummm, duh? (5, Informative)

gnick (1211984) | more than 5 years ago | (#25124243)

And certainly there are a ton more computers in the U.S. than in China, although that will certainly change within the next decade or so.

Actually, China has ~253 million Internet users. The US has only ~215 million. It could just be that your numbers are dated - They're increasing that number about 8x as fast as we are. Look for yourself: http://www.internetworldstats.com/stats.htm [internetworldstats.com]

Re:Ummm, duh? (5, Informative)

gnick (1211984) | more than 5 years ago | (#25124501)

Actually, just while I have the numbers pulled up, here are the number of "attacks" from each country mentioned in TFS scaled by the number of Internet users in the country. Since I'm inferring that these are total attacks and not unique IPs, I guess that these numbers are "attacks per Internet user".

0.09581 US
0.03043 China
0.00958 Poland
0.00812 Taiwan
0.00489 Canada
0.00466 South Korea
0.00392 Brazil
0.00210 Germany
0.00151 Japan

Re:Ummm, duh? (1)

KillerBob (217953) | more than 5 years ago | (#25125023)

It's also worth pointing out, while you're normalizing the numbers, that broadband penetration and internet penetration are two different statistics. Canada has much higher broadband penetration as a proportion of Internet penetration at the US... at least, it did last time I actually bothered to look at the numbers.

Re:Ummm, duh? (1)

pushing-robot (1037830) | more than 5 years ago | (#25124775)

More users != more computers. Plenty of people in China (and many other countries) don't own PCs — they use shared machines at Internet Cafes.

Re:Ummm, duh? (1)

eleuthero (812560) | more than 5 years ago | (#25125269)

I had an interesting discussion with a Scottish young woman in a Starbucks recently. She was trying to find an Internet Cafe. I looked around with everyone tapping out emails on their phones and laptops and said, "This IS an internet cafe" to which she, of course, asked where she could find one with computers. In an urban area of some 5 million people, after searching google (et al) for some 10 minutes, I finally found three actual internet cafe's. In Europe, I've seen them at every street corner in some places. The numbers around the world might be significantly different if it was a per-computer statistic versus a per-user statistic.

Re:Ummm, duh? (1)

svnt (697929) | more than 5 years ago | (#25125227)

From another article [searchengineworld.com] :

"About 34 percent of Internet usage in China takes place in Internet cafes, which are more popular in rural areas, where they account for about 48 percent of Internet usage, according to the study, which also notes that Internet access both at home and at work is growing rapidly in China."

Whatever way you slice it, that's still fewer computers.

Re:Ummm, duh? (1)

cream wobbly (1102689) | more than 5 years ago | (#25124281)

No, there is wonton more computers in China than in the U.S.

Where do you think they come from? Santa Claus's underpants?

Re:Ummm, duh? (2, Insightful)

whitehatlurker (867714) | more than 5 years ago | (#25124643)

Not really - the Canadian figures should be around 3.4 million and the German around 8 million if that were the case. (This is using the Linux Counter [li.org] for rough numbers of computers. Canada has 17% of the US values, Germany 40%.)

...

Besides, any formula involving zombies needs to include some mention of number and location of malls, and at least passing mention of braaaaainzzz.

Re:Ummm, duh? (1)

Goaway (82658) | more than 5 years ago | (#25124755)

No, it's not. Local computer culture plays a big role in how easy it is to infect personal computers and servers.

redirection (5, Insightful)

Anonymous Coward | more than 5 years ago | (#25123677)

Of course, hackers always use their home ip, and never bounce off of compromised clients in other countries.

Re:redirection (3, Informative)

db32 (862117) | more than 5 years ago | (#25123733)

Good job on reading the article. You know, the part where every other paragraph other than what was cut for the summary points this out and how to defend against this very thing.

Actually... (4, Interesting)

CorporateSuit (1319461) | more than 5 years ago | (#25124393)

Good job on reading the article. You know, the part where every other paragraph other than what was cut for the summary points this out and how to defend against this very thing.

You know, they never draw that conclusion in the article. They just say that some attacks originating from a given country may be initially controlled from a different country. They don't go into ip masking/spoofing or any of that... Why would they want to expose the limits to their services when this article was written in an attempt to sell something?

Re:Actually... (2, Informative)

Zironic (1112127) | more than 5 years ago | (#25124737)

Unless you're performing a DoS isn't IP spoofing very counterproductive since you cant get a response?

Re:Actually... (1)

PitaBred (632671) | more than 5 years ago | (#25124927)

Or you just send "start" commands to your bots. Who needs a response? Let them do the hard work and expose themselves.

Depends on the malware. (1)

Medievalist (16032) | more than 5 years ago | (#25125407)

Unless you're performing a DoS isn't IP spoofing very counterproductive since you cant get a response?

If the target system's been infected from a webpage or email, you can send commands from a fake IP and receive responses on an anonymous channel such as IRC or an abandoned web forum.

Re:redirection (1)

lymond01 (314120) | more than 5 years ago | (#25124923)

Good job on reading the article.

Article? You mean there's more to read than just what's on Slashdot?

This explains...a lot. Wow. I guess I've got a lot of reading to catch up on. Uh...see ya...

Re:redirection (1)

CSMatt (1175471) | more than 5 years ago | (#25125805)

You have violated one of the most sacred of rules on Slashdot: never reading the articles.

Turn in your UID. Now.

20.6 million (3, Interesting)

morgan_greywolf (835522) | more than 5 years ago | (#25123687)

And out of how many computers connected to the Internet? I'm willing to bet China's "per machina" rate is higher.

Re:20.6 million (1)

Rary (566291) | more than 5 years ago | (#25124499)

And out of how many computers connected to the Internet? I'm willing to bet China's "per machina" rate is higher.

Since China actually has more internet-connected computers than the US, I'll take that bet.

Damn Windows Lusers! (2, Funny)

andreyvul (1176115) | more than 5 years ago | (#25123689)

Leaving their broadband-connected computers 24-7!

Re:Damn Windows Lusers! (3, Funny)

JeanBaptiste (537955) | more than 5 years ago | (#25123793)

well I'm a windows user that leaves my broadband connected computer up 24-7, and I guarantee none of my boxes are causing the attacks. Except for when I'm the one doing the attacking. Er, uhm, nevermind...

Re:Damn Windows Lusers! (2, Insightful)

morgan_greywolf (835522) | more than 5 years ago | (#25123957)

I run Windows XP under VirtualBox on an Ubuntu Linux machine that is connected 24x7. What does that make me?

Re:Damn Windows Lusers! (1, Funny)

Anonymous Coward | more than 5 years ago | (#25124255)

a wanna-be linux user.

Re:Damn Windows Lusers! (1)

WK2 (1072560) | more than 5 years ago | (#25124979)

Damn Windows Lusers! Leaving their broadband-connected computers 24-7!

I run Windows XP under VirtualBox on an Ubuntu Linux machine that is connected 24x7. What does that make me?

A smart ass.

Re:Damn Windows Lusers! (0)

Anonymous Coward | more than 5 years ago | (#25125075)

A hypocrite

Woot! (4, Funny)

SatanicPuppy (611928) | more than 5 years ago | (#25123717)

We're #1!
We're #1!

I'm sure the bulk of it is just that we have more computers. I'd have thought Japan would have been higher though, if that were the primary factor, so maybe not.

Re:Woot! (1)

moderatorrater (1095745) | more than 5 years ago | (#25124089)

Japan's population is less than half that of the US. They'd have to average over 2x the number of computer that can pull of an attack than the US, and I highly doubt that's the case.

Re:Woot! (2, Interesting)

aykroyd (82171) | more than 5 years ago | (#25124555)

According to Akamai's quarterly "State of the Internet" report, Japan and the U.S. account for "over 50% of observed [attack] traffic in total."

You can see the executive summary and download the report here [akamai.com] .

Full Disclosure: I work for Akamai.

May depend on who their "Clients"are... (2, Interesting)

Zymergy (803632) | more than 5 years ago | (#25123727)

A list of their "Clients" might be useful as well as interesting while taking their numbers and the source of the "cyber attacks" into consideration...
It might be that as the US is the greatest English-speaking population with disposable income, the US may be a better target and thus is targeted from within the itself more often??

More in US than Reported (5, Interesting)

BountyX (1227176) | more than 5 years ago | (#25123765)

Many of the attacks originating from China are actually from the US as well. Many US hackers find it easy to compromise chinese machines and use those machines for whatever they need. I'm willing to bet a hand full of Chinese attacks are actually originating from the US as hackers seek to use easily compromised machines that are unlikly to work with the US (politically) if the US asks for connection info from an ISP. As a result, a lot of US originated hack trails stop in china.

Re:More in US than Reported (4, Insightful)

Missing_dc (1074809) | more than 5 years ago | (#25123887)

On the flip side of that would be the large # of botnets that are foreignly controlled, which is where most of TFA's attacks probably originated.

Also take into account the # of computers running unattended (and likely infected)in the US vs the rest of the world.

So, do we try to cut off the monster's hands or its head?

Re:More in US than Reported (1, Funny)

Anonymous Coward | more than 5 years ago | (#25124767)

So, do we try to cut off the monster's hands or its head?

Let's cut it off at its heart! Or rather, let's cut out its heart! It's a witch! Burn it!

Re:More in US than Reported (0)

Anonymous Coward | more than 5 years ago | (#25125125)

So, do we try to cut off the monster's hands or its head?

Cut off its nuts!

Re:More in US than Reported (1)

morgan_greywolf (835522) | more than 5 years ago | (#25123911)

Do you mean "How many attacks originating from the U.S. are actually result of Chinese-zombified machines in the U.S.?" or the other way around?

Re:More in US than Reported (1)

BountyX (1227176) | more than 5 years ago | (#25124203)

As missing_dc pointed out, it could be either way around. The fact is the attack origin data is pretty much meaningless since many of the attack machines are controlled outside of the originating location (as reported). A better way to look at origin of attack data, is to use it as a source for how secure we are..since most attacks are from compromised machines. The US is probably responsible for majority of the cyber attacks becuase it is a target of interest for most hackers which is probably the result of higher amount of compromised machines in the US.

That just means US has the most hijacked systems! (4, Funny)

Phizzle (1109923) | more than 5 years ago | (#25123823)

All those AOL users who leave their boxes up 24/7 are infected with cooties that use their machines to haxx0r the rest of the world and steel their megabites, oh n0s!

China (1, Funny)

Anonymous Coward | more than 5 years ago | (#25123847)

One day, there will be a time where most cyber attacks originate from China, and people will be like: "where are those good old times where most cyber attacks still came from the US".

Attention Slash DOT (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25123863)

If you can read this you are a straight heterosexual who only enjoys penis-in-vagina intercourse.

So . . . (1)

arizwebfoot (1228544) | more than 5 years ago | (#25123883)

If one computer in China is responsible for 30% of all the attacks and another computer is responsible for another 30% of attacks, that only leaves 60%.

As one poster already said, I'm willing to bet that the per machine rate in both countries probably accounts for the other 60%.

Thoughts?

---
With bad karma, what have I got to lose?

Re:So . . . (0)

Anonymous Coward | more than 5 years ago | (#25124569)

Say what??

Did you know Canada has its CIA? No? Exactly. (2, Funny)

Twyst3d (1359973) | more than 5 years ago | (#25123925)

At first when someone pointed out to me, that Canada, my home country had the least amount of attacks, he spun it to me in a sad manner. "Aww we have the least amount of hackers :(" To which I responded "No no young padawan. We have the least amount of hackers who were traced" GO CANADA!! Milk in a bag FTW

Re:Did you know Canada has its CIA? No? Exactly. (1)

c6gunner (950153) | more than 5 years ago | (#25125757)

At first when someone pointed out to me, that Canada, my home country had the least amount of attacks, he spun it to me in a sad manner. "Aww we have the least amount of hackers :(" To which I responded "No no young padawan. We have the least amount of hackers who were traced"

Agreed. When I was a teen (growing up in Canada), I used to dabble in the dark arts. I can guarantee that no "attacks" ever originated from my IP. Of course, if anyone had been paying attention, they may have noticed 2,500 computers in Korea and China doing some rather strange things, while being logged into an IRC channel called #Canadian_eh. Pretty much all of my friends took similar precautions. Dunno if that's true for all Canadians, but it definitely was for the ones I knew.

Soooo.... (4, Insightful)

Sta7ic (819090) | more than 5 years ago | (#25123985)

...can we lump the MediaSentry/SafeNet "investigations" in the numbers for these attacks?

The obious solution... (0)

Anonymous Coward | more than 5 years ago | (#25124077)

... is to disconnect USA from the Internet, while we are at that, lets close the borders and cancel all posible fligths over the country. Oh and cancel the fucking NAFTA that is only making the rich people richer and the poor people poorer (at least in my country).

Is not that we are loosing anything good anyway.

Mod me as flamebait, I don't care, that's what AC is for.

My experience different (0)

Anonymous Coward | more than 5 years ago | (#25124097)

In my experience, most attacks are coming from China, with U.S. attacks being very rare. This is primarily based on looking at SSH brute-force attacks.

The article does not provide much detail. It would be interesting to see the attacks classified by type.

What is with the down beat nay-sayers? (1)

MosesJones (55544) | more than 5 years ago | (#25124245)

Come on, this is the first bit of upbeat news on the tech sector that the US has had in a while.

The banks might be tanking.

The Hell-desk might be going over seas

But when it comes to Cybercrime the US still leads the way as the Gambinos of the internet.

USA - A OK... come on you know you want to shout it.

China might have a state backed machine, but that is no match for the free market capitalism of corruption and crime that can support a much larger and more effective cybercrime base.

So don't doubt it and say "oooh no we are the good guys, its all China and Russia" like some pinko liberals, embrace the brilliance of US invention in circumventing technological barriers.

Didn't John McCain say that the fundamentals of the US economy were strong as the fundamentals were the ingenuity of the american people? It seems like the old coot is more up to date on technology than any of us thought, he was thinking about cybercrime as being a boom area for Americans.

One citizen, one rootkit. This is a lead that need not be lost.

Re:What is with the down beat nay-sayers? (0)

Anonymous Coward | more than 5 years ago | (#25124579)

Well at least we still have coal mining...

Oh wait, Biden says we won't and wants to offshore them to China too... oh wait, Obama says we will and Biden's jumping the gun... I'm so confused...

These numbers seem skewed... (1)

Khyber (864651) | more than 5 years ago | (#25124305)

I bet this does not take into account the use of proxy servers.

And how does that help? (0)

Anonymous Coward | more than 5 years ago | (#25125583)

Unless you MUST have these proxies operated by the chinese, they could just as well be operated by the US.

You can only use that point to comfort yourself that those dirty foreigners are the bad guys, not you lovely yanks.

Which really IS begging the question.

It's obvious (2, Funny)

quarmar (125648) | more than 5 years ago | (#25124391)

2 out of 3 US hackers choose SecureWorks clients. Remember, discerning hackers choose SecureWorks.

And, they determined this how? (1)

DaveV1.0 (203135) | more than 5 years ago | (#25124427)

All the article says is that someone said it was so. It gave no indication of how the numbers were determined. What was the methodology?

Did it take into account, say, a Chinese hacker compromising a two or three servers in the U.S. and then using THOSE servers to attack many other servers both inside and outside the U.S.?

DUH...UH...HUH? (0)

Anonymous Coward | more than 5 years ago | (#25124603)

Only the dumbed-down Faux News drone would be surprised here, or more likely just not care.. those pitiful creatures. With all their hoohah over cyber attacks, they turn out to be the biggest(by far) offenders.

I don't know about the rest of you, but I'm tired of my country's government, it's media, and it's corporations' bullshit. Something needs to be done.

Re:DUH...UH...HUH? (1)

MaxwellEdison (1368785) | more than 5 years ago | (#25124893)

Well, you could always engage in the process to change those things you dislike.
Or emmigrate to another nation which shares your viewpoints.
Or complain offtopic and anonymously on an internet discussion site. . .Oh wait, number 3 it is.

Headline should be "Attacks come from inside US" (0)

Anonymous Coward | more than 5 years ago | (#25124769)

The headline should tell main point of the article, which is that most attacks come from computers that are most likely inside the U.S., not that the US government is launching the attacks, but then again not many people do a good job of writing headlines these days anyway...

B-)

Intent (1)

waveformwafflehouse (1221950) | more than 5 years ago | (#25124821)

The US certainly takes the cake for number of citizens sitting in front of computer with too much time on their hands. I would like to see a breakdown based on the severity of these attacks, to differentiate between some kid running a port scanner on his local cable loop and a deliberate attack on a .gov address or Randy Newmann [youtube.com] or such.

Can't ryhme origin with Oregon? (1)

macker (53429) | more than 5 years ago | (#25124853)

I question whether the 'origin' of the attack can be designated in most cases.

An unattended, unsecured box in a corporate cubicle, zombied by a back-door trojan isn't the 'origin'.
Neither is the mom-and-pop AOL box in the basement.

It's the hacker(s) who control the zombie masses that are the origin, out in that nebulous cloud.

If the attacks could really be traced to their true origins, as in 'first cause', and that inital controlling element is physically present within our borders, would not the zombie nets have been rendered ineffective long since?

just askin'

Murder vs. Littering (4, Insightful)

nick_davison (217681) | more than 5 years ago | (#25124863)

You'll notice pretty much any survey of crime shows:

Violent Crimes per 100,000
Serious Sexual Assaults per 100,000
Murders per 100,000
etc.

They don't just say, "Crimes" because...

Any smart person would choose somewhere with a billion people and 10,000 crimes over a million people with 1,000 crimes. That's why per capita is critical.

Any smart person would also likely choose somewhere with 10,000 littering offences and 1 murder over somewhere with 1000 murders.

It only takes two massive cyber attacks against the entire infrastructure of Georgia and Estonia to make Russia (assuming you don't accept their denials) far more offensive on a global scale than a million spam botnets.

Now which is worse? The country that spams millions of times or the country that cripples the infrastructure of any small nation that dares oppose it? Still care about pure numbers without caring what the numbers actually record?

I'm not claiming the U.S.'s vast numbers of offenses are purely the equivalent of littering, nor that they never do anything worse... Simply that big but meaningless because it's not clarified number A vs. big but meaningless because it's not clarified number B is still... meaningless.

My bad (0)

Anonymous Coward | more than 5 years ago | (#25125293)

My bad.

-ZeroCool

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...