Mar 21 2009
Zhao Wei, CEO of Knownsec (aka icbm, formerly with Venustech and McAfee) gave a presentation at the recent Cansecwest security conference. The presentation was covered by securityfocus.com yesterday. In the presentation, Mr. Zhao asserts that all of the attacks that are coming from China are the result of its many compromised computers. Further, any country that wanted to launch a targeted attack on its adversaries could use China as a jumping-off point in order to hide their true origin.
Many people who haven’t been involved in studying targeted attacks would probably agree with this assessment. There is a lot of malicious traffic coming from China. It tends to get noticed by organizations that don’t have any business in China. There is a lot of truth to ICBM’s presentation and it seems likely that Chinese hackers don’t control all of the Chinese bots.
However, it isn’t just the IP address that we have to go on. In many cases, it is the type of information that the attacker took from the compromised target that indicated their origin. There are a lot of similarities between attacks on Chinese dissident groups, Defense, government and contractors that warrants a closer look. Commenters on articles like this usually note that the US, UK, EU are all doing this too. That may be the case but there isn’t nearly as much press out there speculating about countries other than China (and Russia). Well, there is a small bit about Germany at least.
6 Responses to “via securityfocus.com: China more friend than foe, says white hat”