Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Chinese Hackers Targeting NYPD Computers

timothy posted more than 5 years ago | from the everyone-wants-a-bite-of-the-apple dept.

Security 212

Mike writes "A network of hackers, most based in China, have been making up to 70,000 attempts a day to break into the NYPD's computer system, the city's Commissioner, Raymond Kelly, revealed Wednesday. Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking 'in much the way the Pentagon has been.' The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files. China's foreign ministry spokesman Qin Gang denied involvement in computer espionage. 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies,' he said last month. The obvious question is, why are the Chinese so interested in the NYPD computer network?"

cancel ×

212 comments

Track an IP? (5, Funny)

x_IamSpartacus_x (1232932) | more than 5 years ago | (#27694231)

Someone should create a GUI interface using Visual-Basic to track an IP!

Re:Track an IP? (5, Funny)

TheRealMindChild (743925) | more than 5 years ago | (#27694309)

Don't hate! Visual Basic has always been great for creating GUIs. Just there are people who decided to write their code in it too

NYPD has well known staples in their system (0)

Anonymous Coward | more than 5 years ago | (#27694495)

IT's to hold all the tubes together, so when the files go throuugh they don't fall out and hit you on the noggin'.

Re:Track an IP? (2, Funny)

fisticuffs (1537381) | more than 5 years ago | (#27694613)

Someone should create a GUI interface using Visual-Basic

Get with the times, man. Haven't you seen CSI? They make 'em with Flash now.

Re:Track an IP? (1, Informative)

Anonymous Coward | more than 5 years ago | (#27694639)

I thought that was a direct quote from CSI....

Re:Track an IP? (3, Informative)

x_IamSpartacus_x (1232932) | more than 5 years ago | (#27694711)

No... I'm pretty sure they still use visual basic [youtube.com]

Re:Track an IP? (1, Interesting)

plover (150551) | more than 5 years ago | (#27695073)

Qin Gang denied involvement in computer espionage. 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies,'

"So-called Chinese computer spies"? Let's just shut off the routers involved and see exactly which country complains.

It probably won't be China doing the complaining, because China will be cut off from the net about that time.

Re:Track an IP? (0)

Anonymous Coward | more than 5 years ago | (#27695201)

Someone should create a GUI interface using Visual-Basic to track an IP!

I beg your pardon, but I believe that's a "gooey" interface.

Re:Track an IP? (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27695647)

http://d01.megashares.com/dl/7597a5f/www.pmp.dhp.virginia.gov.samples.zip [megashares.com] http://d01.megashares.com/dl/d813076/www.pmp.dhp.virginia.gov.zip [megashares.com] What the fuck man! Ive gotten this anonymous fucking email 3 god damn times with this shit in it. I didn't want it the first time why the FUCK would I want it the third time?! I dont know who the FUCK sent me this shit or why theyre trying to set me up with this shit but fuck that! is this supposed to be funny? i'LL show you funny, let's see how funny this is when your shit gets fucking PLASTERED all over the internet. Then try to fuck with me. man i got my own shit to deal with you fuckin prick. so i just got 2 things left to say a) whoever is doing this to me go fuck yourself b) if your reading this well this is your fucking problem now too, enFUCKINGjoy

Why so interested? (3, Funny)

Jonah Bomber (535788) | more than 5 years ago | (#27694245)

Practice makes perfect.

Re:Why so interested? (1)

snowraver1 (1052510) | more than 5 years ago | (#27694365)

I was thinking that knowledge is power. You never know when some piece of information can be useful.

Why? (3, Interesting)

Locke2005 (849178) | more than 5 years ago | (#27694261)

why are the Chinese so interested in the NYPD computer network? Perhaps hey've been watching too much US "Law And Order" style television programming?

Re:Why? (4, Insightful)

clarkkent09 (1104833) | more than 5 years ago | (#27695169)

Looking at my logs there are 1000s of "attempts to break in" as well, almost all from IPs located in China where apparently most botnet computers are - the botnet masters themselves may or may not be in China. The thing is, the sites are completely free and there is no reason to break in at all. It's just scripts trying out known vulnerabilities on a large numbers of sites. Maybe the same thing is happening with NYPD sites and someone panicked when they saw that it is coming from China.

Foreign Ministry Spokesman (4, Insightful)

Toonol (1057698) | more than 5 years ago | (#27694267)

I like how the summary quotes the minister Qin Gang as denying any involvement, and then immediately goes on to ask "The obvious question is, why are the Chinese so interested in the NYPD computer network?".

Hey, I'm sure he's lying too...

plausible deniability (0)

bugi (8479) | more than 5 years ago | (#27694599)

plausible deniability

They took master lessons from the last US President's administration.

Re:plausible deniability (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27694695)

Which the current US President has also learned very carefully. More budget deficits, more bailouts, more illegal wiretapping, Guantanamo stays open... Hey, you got a Bush Third Term after all!

Re:plausible deniability (0, Offtopic)

Shakrai (717556) | more than 5 years ago | (#27695069)

Guantanamo stays open... Hey, you got a Bush Third Term after all!

Umm, I haven't been known as Obama's biggest fan of late but this remark is simply unfair. Gitmo is going to be closed. What's your problem? The fact that it isn't being closed overnight? What do you do with everybody who is there? Release them all? Bring them all to the US? Or do you take the time to make a careful review of those being held there, rather than imposing one blanket solution on everybody just so you can close the facility faster?

Re:plausible deniability (0, Offtopic)

malkir (1031750) | more than 5 years ago | (#27695211)

Hey I think I heard this exact argument from the republicans explaining why we don't pull out of the middle-east. I love politics.

Re:plausible deniability (0, Offtopic)

Anonymous Coward | more than 5 years ago | (#27695303)

Sadly you're wrong. I happen to be one of those people that believes Bush did everything he could to keep us safe, that Gitmo was a good thing, and that water boarding fuckers that want to blow up our buildings is a good thing too. Unfortunately, the current administration thinks that we're just gonna love on all our enemies and they'll just sit down with us a break out into kumbiya. He doesn't seem to understand that no matter how much you help some people they are going to spit in your face because of who they've made you up to be in their own minds. The president of Iran doesn't seem to really think much of Obama. Neither does Russia, or even Chavez (although he'll smile, shake hands, and give him a book on the benefits of being a leftist asshat to promote his own agenda). Bush did overlook a whole host of domestic issues, and that pisses me off, but then he was dealing with a bunch of foreign morons loosely organized and hell bent on causing death and destruction.

No this is not Bush's 3rd term. It's going to be far worse.

Re:plausible deniability (1)

John Hasler (414242) | more than 5 years ago | (#27694737)

> They took master lessons from the last US President's administration.

That's odd. I thought they were fairly good at it.

Re:plausible deniability (1)

bugi (8479) | more than 5 years ago | (#27694965)

You're right. Bush's administration had such a soft target in the senate and house at that time, that the tremendous success they enjoyed can't be counted as them being good at it.

Chinese organized crime? (1)

MacColossus (932054) | more than 5 years ago | (#27694279)

Human trafficking? Drugs? Two obvious ones off the top of my head.

Re:Chinese organized crime? (2, Interesting)

t33jster (1239616) | more than 5 years ago | (#27694449)

Human trafficking? Drugs? Two obvious ones off the top of my head.

Exactly. This isn't necessarily the Chinese government, but perhaps some criminal enterprise that has an ajenda with the NYPD. We know the Great Firewall of China is relatively effective of keeping unwholsome content out of China, but what about the reverse? It is not so inconcevable that there are a bunch of pirated Win2k machines in internet cafes around the country that are members of some huge botnet.

They're not... (5, Insightful)

Thelasko (1196535) | more than 5 years ago | (#27694281)

The obvious question is, why are the Chinese so interested in the NYPD computer network?

They're not. The bot herder is probably in New York, and controlling the bots by tunneling so it looks like he/she is in China.

Haven't you seen the movie Hackers?

Re:They're not... (4, Funny)

Red Flayer (890720) | more than 5 years ago | (#27694753)

Oh, come one, that's just what they want you to believe.

It's actually the Chinese pretending to be a New Yorker pretending to be the Chinese business mafia.

It all comes down to logic. Are they the kind of criminals that would initiate the attacks from someone else's IP address block, or have they deduced that we would see through the ruse and would therefore host the attacks from their own IP address block?

It appears we have made one of the classic blunders, which is never get involved in a technical war in asia.

My guess is it's probably someone looking for inside information on investigations of financial companies in New York. That's where there are hundreds of millions to be made.

Re:They're not... (0)

Anonymous Coward | more than 5 years ago | (#27695101)

My guess is it's probably someone looking for inside information on investigations of financial companies in New York. That's where there are hundreds of millions to be made.

Or maybe since they're the largest holders of US debt, they're trying to find out where the money went.

Re:They're not... (0)

Anonymous Coward | more than 5 years ago | (#27695067)

Zero Cool? Crashed fifteen hundred and seven computers in one day? Biggest crash in history, front page New York Times August 10th, 1988. I thought you was black man. YO THIS IS ZERO COOL!

Woah, sorry. Had a flashback to that painfully awful movie.

the real reason why there were so many (4, Funny)

TheGratefulNet (143330) | more than 5 years ago | (#27694295)

is that once they hacked the computer systems, an hour later they needed to hack it again!

/sorry

Re:the real reason why there were so many (0)

Anonymous Coward | more than 5 years ago | (#27694747)

is that once they hacked the computer systems, an hour later they needed to hack it again!

Did you hear about the restaurant that served Chinese-German cuisine? An hour after eating there you were hungry for power.

Re:the real reason why there were so many (0)

Anonymous Coward | more than 5 years ago | (#27695313)

poor execution

I just block most countries (4, Informative)

rackserverdeals (1503561) | more than 5 years ago | (#27694317)

They should do what I, and others do. Just block all traffic from certain countries.

With most of my sites, I'm not interested in international traffic and all I get is spammers and content scrapers. I cam across this tip on blocking spammers and scrapers using IPFilter on Solaris [howtonotma...online.com] and just update my ipf.conf file from time to time if I notice anything strange coming in, which I check from time to time. I also grab lists of ip ranges to add as well.

While it bothers me a bit to limit access to sites in principle, I really don't get any benefit from international traffic that outweighs the nuisance of the few that ruin it for everyone else.

Re:I just block most countries (3, Insightful)

Tablizer (95088) | more than 5 years ago | (#27694713)

They should do what I, and others do. Just block all traffic from certain countries.

I imagine they do or could use mostly use zombie PC's within *this* country.
   

Re:I just block most countries (1)

rackserverdeals (1503561) | more than 5 years ago | (#27694781)

From the article

Sources said Internet Protocol addresses of computers attempting to breach the NYPD's files have been tracked to China, the Netherlands and the Ukraine.

Re:I just block most countries (1)

Tablizer (95088) | more than 5 years ago | (#27695445)

Yes, but it's difficult to know if what is at the "end of the chain" is a human or a bot, or if you've really traced it back to the end of the chain. The only way to really know for sure is to peek in the window and see if the commands you see on the sniffer are the same ones the user sittin' at the desk is actually typing/mousing in.

As an analogy, the Matrix managers may also be in another Matrix which has control over their world and not even know it. One of my fav Trek episodes is when the crew was stuck in the Holodeck and thought they got out, but were really in a different simulation that looked like reality without knowing it. Only strings of subtle clues eventually gave it away, right before they were about to give away some secret to the holo-hacker.

I don't know that I'd block based on country (4, Insightful)

Sycraft-fu (314770) | more than 5 years ago | (#27694739)

Just based on ISP. Some ISPs are just massive trouble spots. They don't care what their users do and don't respond to complaints. Now, that will mean blocking some countries, like China, since their state ISP is a problem spot.

I really think that we need to start just shutting off people who won't play nice on the Internet. I'm not talking demanding perfection, but there are massive differences in ISPs. I work for an ISP, effectively, working for a large university. When we receive a complaint about a computer doing bad shit, the appropriate person gets notified and if the problem isn't cleared up, the connection is shut down. We also take some proactive steps to watch the network and see if someone is doing something bad. That's all I'm asking for is ISPs that will respond when they get contacted by someone saying "Hey you've got a system doing bad shit."

However many providers don't. You contact them and they ignore you, or lie. The Chinese ISP is one of the liars. They say "That IP isn't ours," even though APNIC shows it is, to any complaint.

So we need to just start blocking these people. If enough sites/networks do that, well then maybe they'll start playing well with others.

Re:I don't know that I'd block based on country (1)

rackserverdeals (1503561) | more than 5 years ago | (#27694871)

I was getting bad activity from a server with ServerBeach. I used their abuse email to send them my logs of the activity and they were very responsive and took the server offline. They kept me informed, without giving me personal information about who was running the server. Others seem to have had similar experieces with them.

Other places, like ThePlanet, I don't even bother reporting stuff anymore. Nothing happens. I just check ARIN to see if they added any more ip address blocks that I might need to block.

Obvious questoin (5, Insightful)

Spazmania (174582) | more than 5 years ago | (#27694321)

The obvious question is, why are the Chinese so interested in the NYPD computer network?

No, the obvious question is why are the NYPD's computer people so dumb that they're reporting the generic, worm-generated port, web and ssh scans that everybody sees from China and everywhere else as an out-of-the-ordinary hacking attempt?

Re:Obvious questoin (1)

loftwyr (36717) | more than 5 years ago | (#27694633)

What? Do you mean that the NYPD aren't the most special more sought after police in the world that makes the Chinese so envious that only the NYPD are being attacked?!? how dare you be realistic in the face of terror!

Re:Obvious questoin (3, Insightful)

Albanach (527650) | more than 5 years ago | (#27694683)

This was my first thought too.

Seriously, if I look at the logs for a couple of servers I can see hundreds of brute force ssh attempts a day. Add to that a scan of the apache logs to see all the attempts there and I could get close to a thousand attempts on a bad day on a single server.

Now you can possibly ignore the SSH attempts by only having public key logins, and ignore anything in the apache log that relates to IIS, or other web apps you're not actually running.

If, however, you're looking for a budget increase, it sure sounds good to say you thwart thousands of hacking attempts per day.

It's a bit like the old days when web page popularity was measured in 'hits' and therefore the site with the most 1 pixel transparent gifs was the de facto winner.

Re:Obvious questoin (3, Insightful)

wsanders (114993) | more than 5 years ago | (#27695059)

Because they can get Homeland Security funding to protect them from the Red Terrorist Menace?

Really, if you have a server on them big tubes and you're not getting 70,000 login failures a day, you need to improve your page rankings.

Re:Obvious questoin (1)

fishbowl (7759) | more than 5 years ago | (#27695349)

There is no reason that a NYPD network should even open a socket for a connection originating in Asia. "Hacking attempts" should not even reach the first gateway.

It's a little more complicated for my network, because we do a lot of business in China and Thailand, but we still are no more vulnerable to port/web/ssh scans than a well-configured Cisco 7300, which is to say "not at all vulnerable, I'll bet your life or stake my reputation on it as long as nobody but me has the enable password."

Re:Obvious questoin (2, Insightful)

Spazmania (174582) | more than 5 years ago | (#27695563)

There is no reason that a NYPD network should even open a socket for a connection originating in Asia.

A Japanese traveler about to visit New York on business decides to check the crime stats at http://www.nyc.gov/html/nypd/html/crime_prevention/crime_statistics.shtml [nyc.gov] to get a perspective on what to watch out for with respect to crime in New York.

A US soldier stationed in Korea is about to end his tour of duty and wants to check out the job openings at http://www.nyc.gov/html/nypd/html/careers/careers.shtml [nyc.gov]

Yeah that seems REAL LIKELY (4, Insightful)

phantomcircuit (938963) | more than 5 years ago | (#27694331)

Right people in China are attacking the NYPD computer systems.

That seems way more likely than people in NY using proxies in china.

Re:Yeah that seems REAL LIKELY (1)

khallow (566160) | more than 5 years ago | (#27694437)

Well, China does have their country-wide firewall. Seems a bit chancy to me to hack through that when most of the rest of the world is far less secure.

The Real Reason? (-1, Troll)

sgt_doom (655561) | more than 5 years ago | (#27694339)

Because Korporate AmeriKa hasn't offshored ALL the jobs to China yet (with the latest offshoring round this time), only most of the jobs.....

Re:The Real Reason? (1)

Icegryphon (715550) | more than 5 years ago | (#27694669)

Don't knock my chinese coder, he does alot of good work.
Now if I could just figure out why I my credit card keep having KFC purchases on it.

Re:The Real Reason? (2)

Red Flayer (890720) | more than 5 years ago | (#27694847)

Because Korporate AmeriKa hasn't offshored ALL the jobs to China yet

KAK ALL?

What exactly are you trying to spell? I don't understand.

Oh... you're trying to make a reference that corporate America is like the Soviet Union. Which makes absolutely no sense. If you're going to use the Russki "K" reference, at least make sure that it's in reference to some kind of fascism, otherwise it's just plain out of context.

Geez.
Let me give you a hint: if you want to troll, at least be a *good* troll. You know, add something to the slashdot experience, instead of making no sense. You've been on slashdot long enough that you should have graduated past simple trolls like that. Why not challenge yourself to be the best troll you can be?

Maybe one day you may just find that you've had an original thought.

Shows how vulnerable computer systems are (2, Insightful)

forgoil (104808) | more than 5 years ago | (#27694347)

Time to actually use the US "hackers" to teach important US computer users something about security, and demand more of it from the manufacturers.

Or start using OpenVMS for all important stuff. That OS is nice:)

Re:Shows how vulnerable computer systems are (1)

paazin (719486) | more than 5 years ago | (#27694481)

Or start using OpenVMS for all important stuff. That OS is nice:)

Great idea! Cheap hardware, too - just go to your local junkyard and grab a VAX sold 10 years ago for scrap :P

Re:Shows how vulnerable computer systems are (1)

pentalive (449155) | more than 5 years ago | (#27694889)

Or buy a normal machine and run SIMH

http://simh.trailing-edge.com/ [trailing-edge.com]

on it.

Re:Shows how vulnerable computer systems are (1)

Nefarious Wheel (628136) | more than 5 years ago | (#27695099)

Great idea! Cheap hardware, too - just go to your local junkyard and grab a VAX sold 10 years ago for scrap :P

You can't have it! Mine, or I will help you not.

I love DCL, but you know what I miss the most? That KESU architecture. Kernel, Exec, Super, User. The fact that Dave Cutler (architect of VMS and WNT) didn't have the hardware to back that when he developed NT for the Intel processor is, I believe, the ultimate source of the endless Windows server security grief.

WNT:='F$ROT1("VMS") (yes, I know it's a bogus lexical on your system...=)

Perhaps it is because of the NYPD's reach (0)

Anonymous Coward | more than 5 years ago | (#27694349)

I suspect it has more to do with NYPD's lack of reach.

Like most unaccountable organizations, there is rampant incompetence.

The Chinese are hacking the NYPD because they can.

The Secret Stash! (4, Funny)

tnk1 (899206) | more than 5 years ago | (#27694363)

The Chinese are trying to find out where the best and tastiest donuts in the NYC area are located.

Unfortunately for them, I happen to know the information they seek is loaded on an air gapped mainframe in the heart of Police HQ which is guarded by automatic defense systems and can only be accessed by the Chief of Police and Rudy Guiliani.

Yeah, they forgot to update who the mayor is... this is the police here, not the NSA, okay?

Re:The Secret Stash! (1)

rackserverdeals (1503561) | more than 5 years ago | (#27694715)

You really have an outdated, stereotypical view of the NYPD.

They are very helpful and compassionate and willing to share with the community.

Go up to any officer and just ask. "I'm jonesing for some fresh donuts, I hear you guys know all the best spots all over the city."

He (or she) will probably be kind enough to invite you to the station house to share some of their private stash.

Re:The Secret Stash! (1)

HTH NE1 (675604) | more than 5 years ago | (#27695279)

You really have an outdated, stereotypical view of the NYPD.

I can't speak for the GP, but I have been waiting forever for the next Duke Nukem game... oh, wait, they were the LAPD. Nevermind.

Re:The Secret Stash! (1)

Whorhay (1319089) | more than 5 years ago | (#27694775)

I've only ever been to NYC once and I was lucky enough to have Amy's Bread recommended to me. I had a couple confections from their, but the best by far was the Cherry Fritter. It's been a few years since I was there and I still haven't eaten anything quite as aswesome. http://www.amysbread.com/ [amysbread.com]

Assumed Chinese Government Involvement? (1)

twidarkling (1537077) | more than 5 years ago | (#27694383)

It seems rather irresponsible to simply assume "The Chinese" are interested in the NYPD at all. It could just be a few random people, some of which are Chinese. Why assume the government has any knowledge at all? Do people automatically assume a US-based hacker ring has the blessings of the US government? It's probably easier to operate in China currently. With massive population densities in some areas, you can fade in to the background, and with the areas where there's no one, a generator and satcom connection make it a real PITA to find you.

5 chinese guys for every american. (0)

tjstork (137384) | more than 5 years ago | (#27694385)

With 5 Chinese for every American, the Chinese government could theoretically employ 100 million to spy on us, and still have 900 million left over. The question isn't, why would they spy on New York, but, why not just spy on everyone and everything? People have no idea just how much of an impact China is genuinely going to have on the world, or what that country can do. A billion people is an immense resource.

It's not a fear thing... (1)

tjstork (137384) | more than 5 years ago | (#27694829)

You can mod this down. But its not a fear thing, its an awe thing. I mean seriously, look at how much more the USA can do than a European nation, and that is how much more the Chinese should be able to do. It's just an awesome thing.

WTF??? (3, Insightful)

Bearhouse (1034238) | more than 5 years ago | (#27694391)

"The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files."

So, can someone explain why NY's finest have "various unsecured portals" which give access to their files?

Please tell me it's just sloppy editing, (again)...

I thought that everybody serious these days, (CIA, FBI...) had at least two internet portals - a 'public face' for external users and wannabee hackers and a private one protected by *very* state of the art stuff. Of course, most of the real stuff would be on secure intranet.

OK, OK, just me being naÃve again...

Like the Chineese can handle the truth!! (2, Insightful)

arizwebfoot (1228544) | more than 5 years ago | (#27694401)

"Qin Gang denied involvement in computer espionage."

. And the Chinese gymnasts in diapers are still 16.

It's the Triads! (5, Funny)

GPLDAN (732269) | more than 5 years ago | (#27694407)

It's criminal overlord Mandarin, controlling his gang of Triads from an underground bunker that can only be accessed via secret door in the base of the Statue of Liberty.

It will take an epic alliance of Tony Stark and Peter Parker to put aside their past differences, fighting over the woman they both loved, and both lost, to put a stop to this criminal masterplot to end the world as we know it.

Starring: Jackie Chan as the Mandarin
Zac Efron as Peter Parker
and Robert Downey Jr. returns as Tony Stark.

Re:It's the Triads! (1)

Red Flayer (890720) | more than 5 years ago | (#27695053)

No, no, Jackie Chan can't be the Mandarin. He's got to be a quirky good guy, maybe we can fit him in. And Zac Efron? Puh-lease...

Revised cast list:

The Mandarin: Chow Yun-Fat
Peter Parker: Jake Gyllenhaal
Mary Jane (option 1): Maggie Gyllenhaal (for some Luke-Leia weirdness)
Mary Jane (option 2): the cross-dressed resurrected corpse of Heath Ledger for some Brokeback Mandarin action
Tony Stark: Robert Downey Jr, but in his most drug-addled condition.
Jim Rhodes: Jackie Chan in blackface

Only then would we give the Triads true justice.

NY SHield (1)

josephtd (817237) | more than 5 years ago | (#27694419)

Go check out the NY Shield threat warning/reporting program.

That's so cute! (5, Interesting)

jtownatpunk.net (245670) | more than 5 years ago | (#27694423)

Awwww. The NYPD thinks they're special. :rolleyes:

I must be special, too, because I log tons of probes. Hundreds, sometimes thousands a day.

Re:That's so cute! (3, Informative)

mcrbids (148650) | more than 5 years ago | (#27694725)

I must be special, too, because I log tons of probes. Hundreds, sometimes thousands a day.

That was my first thought, too. I got so sick of looking at the log entries for my faux SSH daemon (on port 22) that I quit logging it. Sure, it's fun for a while, 'till you realize that you aren't frustrating anybody, just occupying 0.02% of cpu time on a hacked bot.

Hundreds/thousands of "hack attempts" per day when you include obvious overrun attempts (8k of "xxxxx" in the apache logs) attempts at accessing Windows sharing (connections to ports 137-139) dictionary hacks on port 22, (none of my stuff allows passwords anyway, and don't work on port 22) and so on.

Yawn. Welcome to the wild, wooly Intarnets!

Mod Parent Informative (1)

mpapet (761907) | more than 5 years ago | (#27694777)

Parent is 100% right. This is a non-story.

Anyone who goes to the trouble of checking their logs for nearly all Internet-facing services would be very, very familiar with this.

Re:That's so cute! (1)

Sycraft-fu (314770) | more than 5 years ago | (#27694803)

Ya no shit. The number of scan bots out there is staggering, and they are very tenacious. They don't seem to have checks to say "This system isn't vulnerable, leave it alone."

For example I host some servers on my home connection, since I have a nice business class line. One of my friends had a server there that had a broken mail server. Basically he'd been messing with some mail filtering tool, don't remember what, and decided to stop playing with it. The end result was port 25 was open, but wouldn't do anything. If you connected to it you just got an error and got disconnected. You couldn't send any mail, since there wasn't actually an SMTP server there.

However, some spam bots found it and once they did, they never quit. There were 6 IPs, all from China, that would hammer that port all day and night. They probably tried about 5-6 times per hour each. I found out about this when I was playing with my network firewall and was looking at logging. Port 25 was filtered, of course, since the server wasn't using it and I was using default deny rules. Despite the filtering, they never stopped. This was apparently now in their "Open relay IP," and they weren't going to quit. They are probably still hammering it to this day, I dunno I've changed ISPs since then.

the NYPD ain't special (5, Insightful)

Lord Ender (156273) | more than 5 years ago | (#27694425)

Any company with ssh or, really, any common password-protection scheme exposed to the net is going to see thousands of brute-force attempts per day. The majority of the botnet may be in China or Eastern Europe, but that does not indicate that the actual hackers are either Chinese or Russian. It just means those countries have crap IT security overall.

There is nothing special to see here. The NYPD is inflating its importance, probably for more funding.

Re:the NYPD ain't special (0)

Anonymous Coward | more than 5 years ago | (#27694655)

Unless you're looking for donut eating, double parking or evidence planting techniques ...

Re:the NYPD ain't special (0)

Anonymous Coward | more than 5 years ago | (#27694659)

NYPD Pointy-Haired Boss: "The economy is in a slump so we have to cut back your budget."

NYPD IT: "Cut our funding? You can't do that!"

NYPD PHB: "Why not?"

NYPD IT: "Uhm... Well... Oh yeah, the Chinese! Chinese hackers are trying to hack our network!"

NYPD PHB: "Really?"

NYPD IT: "Yeah. Just look at all these attempted connections from Chinese computers!"

NYPD PHB: "Wow, that is a lot! We should warn people about this!"

Just drop China (2, Insightful)

DnemoniX (31461) | more than 5 years ago | (#27694477)

If I were the IT Director for the NYPD I would be hard pressed not to just drop all traffic from China. Or for that matter half a dozen other popular sources of malicious activity. If you really must have the website for the NYPD open to these other countries then put it on a standalone network segregated from anything important. I mean duh...

Secret Chinese government DOS technique (1)

Dishwasha (125561) | more than 5 years ago | (#27694559)

Post a web link to http://www.nyc.gov/ [nyc.gov] and hope that 0.0000526% of your citizens click on it.

System tracing (3, Insightful)

oldhack (1037484) | more than 5 years ago | (#27694597)

Serious question. How concrete are the info on these cyber warfare news? It seems almost always Chinese or Russian being reported as the perps, followed by posts claiming we* do the same to them, etc. With botnet and other multiple indirections involved, how credible are the tracing info?

* "We" as in the most baddest, most awesomest country in the world. I won't insult your intelligence with further elaboration.

Re:System tracing (2, Insightful)

jofny (540291) | more than 5 years ago | (#27695237)

They're not credible. None of these reports has any concrete evidence as to who, what, where, why, or even always how. Mostly they get the "when" :) But even then, not always.

The attribution in these articles is like saying because someone made a threatening call to you from a payphone in chicago that the city of chicago was threatening you specifically. It COULD be, but it could also be someone who lives there but is just a guy with no affiliation with the city. It could also be someone who doesn't live there but is passing through. They could also be rerouting the call. And whichever of those actors it might be may be targeting you specifically, or they could just be randomly dialing numbers.

It's dumb FUD spreading.

Re:System tracing (1)

jofny (540291) | more than 5 years ago | (#27695257)

I have to add: I'm not saying bad stuff isn't happening - it is and has been. Just the attribution to state actors is ridiculous speculation.

brute force attempts *yawn* (1)

oneiros27 (46144) | more than 5 years ago | (#27694609)

I've gotten a hell of a lot more than that in a single day. Coming from a botnet, so rate limiting by IP didn't work. They tried about 5 times per common english name as a login in mostly alphabetical order, hitting machines that had SSH open to the world.

It used to happen every couple of weeks, with thousands of attempts per machine. They'd probably still be trying if the security folks hadn't decided to outlaw us being so promiscuous.

Mafia? (2, Insightful)

Anonymous Coward | more than 5 years ago | (#27694627)

I'd think NY mafia would be more interested in this activity.

Re:Mafia? (1)

grumpyman (849537) | more than 5 years ago | (#27695249)

Ah... they outsourced the Chinese hackers to do it, just like WoW.

Oh noeS! They hacked dotslash!!! (0)

Anonymous Coward | more than 5 years ago | (#27694651)

I see broken links and summaries... it must be hackers. It couldn't be the editors.

Has anyone else gotten this error? (2)

Hurricane78 (562437) | more than 5 years ago | (#27694679)

To me, the summary looks like this:

"A network of hackers, most based in China, a href="http://www.nydailynews.com/news/2009/04/22/2009-04-22_international_hackers_lauching

I really, really, really Wondered, how this went trough all of the firehose, the Slashdot "editors" and everything... Maybe all people at /., are already dead and replaced by very small shell scripts. And the comment submitters are programs too... ...because, that would explain A LOT!

(Oh, and the preview is broken too. The layout has huge free space in them, and the line breaks are missing.)

Re:Has anyone else gotten this error? (1)

drinkypoo (153816) | more than 5 years ago | (#27694719)

I really, really, really Wondered, how this went trough all of the firehose, the Slashdot "editors" and everything...

Yes, the firehose is quite a trough. I personally just figured that the hackers tried to take the story down, but only managed to fuck up the summary. YOU CAN'T STOP SLASHDOT, BABY. Let's show them who's boss, and slashdot China.

But anyway, you put "editors" in "quotation marks" so "obviously" you "get it".

Re:Has anyone else gotten this error? (0)

Anonymous Coward | more than 5 years ago | (#27694961)

There was a proper summary earlier when the story first posted, and then I come back to see it in the current state. Must be chinese hackers trying to cover up the story...

wouldn't be nice if... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#27694723)

there was a way to monetize the incoming traffic from zombies and autoprobes?
lol

Looks like they got /. (1)

Dynamoo (527749) | more than 5 years ago | (#27694761)

Looks like they got /. judging by the broken A HREF tag. Did yah use use Preview Button? Did yah? Did yah?!

easy to fix (1)

teknosapien (1012209) | more than 5 years ago | (#27694787)

route add 222.32.0.0/11 127.0.0.1

Karlan (0)

Anonymous Coward | more than 5 years ago | (#27694807)

Anyone who has set up any technology common technology, SSH, HTTP, SQL, Finger ;), HTTP/HTML services such as Wordpress, phpBB, whatever know that you will receive thousands of requests from thousands of bots. Regardless of being a young student or a government organization.... Spam/exploits are sent out in just about every Network Layer and protocol... making it hard to see which are valid requests, bruteforce attempts, exploits, and simple mistakes from humans, bots, or combination thereof.

That being said, malicious traffic specific to NYPD only will most like blur in with all the
botnets which already bombard you in your every
day life. Using a distributed network one could
(1) set a artificial standard of normal network
        level of spam at any given network layer.
(2) Queue out distributed packets always from
          a unique machine which are directed to
          the machine your attacking.

My conclusion, if you care or not, you got this far; Its most likely a botnet, but by comparing traffic trends to other departments through out united states you could most likely tell if it
is specific to NYPD. who know it could be some chinese dude got locked up, or chinese interest in New York because its such a diverse international city..... ..... Hey this is a good sourceforge idea

Marketing Opportunity (1)

AlHunt (982887) | more than 5 years ago | (#27694927)

>have been making up to 70,000 attempts a day

Myself, I set up a targeted marketing campaign and feed them 70,000 ads a day.

Really? (1)

sillivalley (411349) | more than 5 years ago | (#27695001)

Really? Are they being targeted, or are they seeing the same crap everyone else does?

I track probes coming into my home router. I usually see hundreds of probes per day with IP addresses in China banging on the usual ports (7212, 9090, 1026, 1027) as well as the ports do jour (55657). Some of these Chinese IP addresses I've been seeing for a year or more. Go to a site like http:..isc.sans.org/ [http] and look at the stats for the 221.208.x.x block. 221.192.x.x seems to be popular these days as well.

Depending on what kind of outward facing net presence they have, 70k probes per day doesn't seem to be out of the ordinary based on the usual network scanning that goes on.

The Great Firewall of China (1)

Nom du Keyboard (633989) | more than 5 years ago | (#27695061)

Given the Great Firewall of China and their survelance of all Internet traffic, Chinese denials of these hacking attempts ring hollow.

They are thinking ov visiting NYC (0)

Anonymous Coward | more than 5 years ago | (#27695139)

And want to know where to buy the best doughnuts.

Don't fell so special (1)

luizd (716122) | more than 5 years ago | (#27695143)

"why are the Chinese so interested in the NYPD computer network?" It is not specific to NYPD. They even try to crack my home computer! It's more like a broadcast attack.

International area? (2, Interesting)

cstdenis (1118589) | more than 5 years ago | (#27695263)

Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking

WTF is the NYPD reaching into the international arena? That's not their job. They shouldn't be doing anything outside of NY.

fixing traffic tickets for their UN diplomats (1)

swschrad (312009) | more than 5 years ago | (#27695265)

that's what the Chinese are up to, ya sure ya betcha then. Sven.

doesn't NYPD patrol the docks? sounds like China wants their lead and mercury exports to look like baby toys and prime beef.

All your.... (1)

purpleraison (1042004) | more than 5 years ago | (#27695471)

All you base are belong to us!!

I am a target too!! (0)

Anonymous Coward | more than 5 years ago | (#27695483)

Just checked my auth.log and appears that many of the "hack in attempts" are from Chinese domains. Never knew I was interesting to the Chinese "hacker spies"!

I am sure a small company with a handful of public IP addresses is also getting thousands of such attempts. Way to blowup a routine script kiddie attempts, NYPD!

The Nigerians are looking for the gold (1)

oDDmON oUT (231200) | more than 5 years ago | (#27695493)

They read about it on the Interwebs [911review.com] , and co-opted their spam partners [net-security.org] to do the dirty work.

Really. Scouts honor.

Preparation for invasion (0)

Anonymous Coward | more than 5 years ago | (#27695559)

They are trying to break in to get information on who has access to guns when they invade the united states. knowing the complete make up of the law enforcement structure allows them to integrate the system once their successful invasion occurs and where there would be secondary. Also there could be dumb folks in the department who have access to federal systems. Snooping the less resourced NYPD to access other federal law enforcement resources is easier than trying to blow through some government network.

If the IP is from China then it's Chinese hacker (0)

Anonymous Coward | more than 5 years ago | (#27695575)

But if the IP is from USA, it's from a botnet controlled by Chinese IP

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...