Apr 012024

So I was reading ūĚēŹ and came across one of those memes showing “Chinese bots” making connections to “open” SSH ports to Internet accessible servers. The suggestion to turn off password authentication in favour of public/private key authentication was certainly a sensible suggestion (on a very simplistic level it effectively makes a very strong “password”).

But the “Chinese bots” thing sort of irritated me a bit, so I decided to trawl my personal firewall logs looking for attempts to connect to my ssh port(s). Even ignoring the IPv6 probes, there were 1251 different addresses probing my network (just one public IPv4 address) in the months of March so far.

Why is this irritating? Because the addresses of the machines attempting to break into a non-existent ssh service here are those of compromised machines. They may be in China, or the USA, Russia, etc. but that in no way betrays who is controlling those “bots”.

Anyway, for some data :-

502,US USA 840 United States
128,CN CHN 156 China
97,KR KOR 410 Korea, Republic of
33,SG SGP 702 Singapore
27,BG BGR 100 Bulgaria
26,RU RUS 643 Russian Federation
22,HK HKG 344 Hong Kong
22,GB GBR 826 United Kingdom
20,DE DEU 276 Germany
16,SE SWE 752 Sweden

And “China” isn’t even in the lead in this case! I have included just the top 10 as a long list of random countries with one or two robots isn’t very enlightening.

The key point here is that the national identity of the compromised host attacking tells you nothing about where the true attacker is from. Russia is quite a likely candidate given it’s status as a rogue nation with a known tolerance for cyber criminals (as long as they co-operate with the state when the state needs their skills), but that is just background knowledge.

May 182013

The strange thing about being involved in information security is the phenomena of cyber warfare.

After all, what does tinkering with computers have to do with real war? Well it depends what all that tinkering leads to, and we simply do not know what would happen in a real war. We are in the beginning of the era when aggressive hacking supports war.

But probably the overwhelming majority of activities labelled as cyber warfare are in fact espionage, or a grey area in between. Any kind of hacking that leads to information disclosure, is espionage rather than warfare. More aggressive hacking – such as writing malware to spin centrifuges¬†into destruction – falls into the grey area between espionage and warfare; it’s too aggressive to be labelled espionage, but isn’t part of a legal war (and yes there is such a thing). In terms of legality, it could well be that such acts are illegal acts of war, but morally justified.

And why is China always the bad actor here? Practically every hacking conference video dealing with cyber warfare drops big hints about the activities of China with little in the way of evidence. There¬†is some evidence that China may be involved in cyber espionage, but as for cyber warfare itself, there is¬†far¬†more evidence for the involvement of the US, Israel, and even the UK; although the rumoured replacement of an Al-Qaeda recipe for a pipe bomb with one for cupcakes doesn’t seem like an act of war, but perhaps an exhibit of the English sense of humour.

Part of the problem is that anyone who reads their firewall logs will find a huge number of attacks coming from Chinese address space. As an example, a quick inspection of the addresses blocked on one of my servers for attempted ssh brute force attacks gives the following table :-

Count Country Code Country
255 CN China
51 US United States …
29 KR Korea (South)
19 BR Brazil
17 DE Germany
15 IN India
13 RU Russia
13 GB Great Britain
13 FR France
11 ID Indonesia

This is not intended to be an accurate reflection of anything other than the number of infected machines trying to brute force accounts on my server.

The high presence of China is an indication of the number of malware infections within China, and the large population of the Chinese. It doesn’t actually say anything about where those attacks¬†originate. Every hacker with enough sense to tie up their shoe laces will be pivoting through privacy proxies, and using armies of infected hosts to send out their attacks. These infected hosts are the ones whose addresses show up in your logs.

Assuming that because these addresses are Chinese means that the Chinese state is behind attacks is faulty logic. There is no reason why the Chinese state hackers (if they exist … although it is almost certain they do) would use Chinese addresses to attack from; they are more likely to be using addresses from the US, Europe, South America, etc. If anything, attacks coming from Chinese addresses indicate :-

  1. Private sector hacking (which is the majority)
  2. Attacks from state groups other than China.

It may well be that China is engaged in industrial scale cyber espionage; it may also be that what people assume are Chinese attacks are in fact other states. After all cyber espionage is probably one of the cheapest ways to get involved; within the means of even the smallest and poorest states.

Dec 112011

David Cameron has officially put the UK into the slow-lane of Europe with the other 26 countries all in the fast lane – including not just the 17 members of the Eurozone, but also those other countries that do not use the Euro. The excuse for doing so is to protect the banking industry – specifically the City of London from a transaction tax.

There are of course the¬†Euro-sceptics¬†whose mindset is stuck in the 19th century who are celebrating and suggesting that we should go further and have a¬†referendum¬†on leaving the EU and ‘going it alone’. Fortunately even the majority of Tories (whose instincts lie in that direction) realise this is a step too far and realise that whatever minor annoyances there are, the membership of Europe is a good thing for us.

To exaggerate the scale of things somewhat, Britain is a country playing in the playground of 900-kilo behemoths – China, the USA, and right next door to us (and we’re effectively part of it … sometimes) the giant of Europe. And it is a giant, although people often underestimate the power of Europe – all those funny Europeans, surely they can’t add up to much can they ? Actually they do – the GDP of the European Union as a whole is larger than any country in the world including the USA and China; admittedly only marginally larger than the GDP of the USA (a¬†trifling¬†2 trillion dollars larger). This is because we usually rank countries¬†in order of GDP, but miss larger blocks.

It is essentially an “accident” of history that Europe has remained a grouping of 26 independent countries whereas China became a huge land empire, and the USA became a federal union of “nation states”. The accident is of course a complex series of events throughout European history that is beyond the scope of this blog entry!

This could all be an example of short-term thinking – whilst staying out may¬†protect the financial industry (although it is interesting to note that the Financial Times wasn’t entirely positive about this), it may well harm Britain’s prospects in the longer term. And increased regulation and taxation of the banking industry may be what the leaders of banking oppose, but it could well be that people in the UK actually would quite agree with it.

By staying out, we will have less influence over the core of Europe with less say on how Europe progresses. Whilst some people may welcome this, it does seem unwise to risk losing any amount of influence over what is our largest trading partner. And losing any influence with an organisation to which we belong seems unwise.

For some strange reason – perhaps because we seem to like bad news better than good news – the news about the European Union always seems to be bad rather than good. Some of this is merely down to how it is presented – we always hear about draconian regulation of business from Europe, but rarely stop to think that perhaps the regulation was called for by consumers because of abuses by businesses (such as international roaming charges by mobile phone operators), or that the European regulation merely harmonises regulation across Europe – would that business rather have 26 sets of regulations to work with, or 1 ?

There is also a bizarre myth that the European Union is less democratic than the national governments. That all EU power is controlled by unelected European Commissioners. That is a myth put about by politicians who are in danger of losing their cushy jobs if the people eventually device that with the EU parliament in place, there is no more need for expensive national parliaments. In fact, it is entirely possible that the EU is more democratic than national governments.

We often take the earlier accomplishments of the EU for granted – the ability to travel across Europe without visas at every turn. Who has not sailed through the fast lane at airports pitying those from outside the EU who are stuck in the slow lane ? And what about peace across Europe ?

Jan 152010

Before reading further, go and visit http://www.dec.org.uk/ and make a donation.

One of the things that is clear from the current chaos in Haiti approaching nearly four days since the earthquake (and to be fair from other disasters) is that getting aid on the ground takes far too long. This is not supposed to be a criticism of anyone – I’m simply at this stage wondering what the delay is caused by.

Perhaps we have unrealistic expectations of how quickly aid can be sent in – I’m sure that it is a lot harder than we think it should be! I’m sure there will be those throwing criticism at the UN, the Haitian government, etc. all without much in the way of justification.

What are the politics of sending in assistance in situations like this? Normally if US troops were to “go in” to a country to help out n a disaster without permission from the government it would be an act of war – can you imagine how the Chinese government would react ? So normally we can assume that those offering assistance need to obtain permission from the local government.

But what happens when the local government has effectively ceased to operate ? The Haitian government has problems at the best of times, and was effectively unreachable for a while during the immediate aftermath of the earthquake. Did the rescuers have to wait until they could get someone from the government on the phone ? I cannot imagine the UN operating any other way – they are (and in fact should be given their other work) the paragons of diplomatic nicety.

Perhaps governments could consider giving advanced permission along the lines of “Hey! If a really big disaster happens, you’ve got permission to come in and help and we’ll have a nice polite chat about it afterwards”. Do such arrangements already exist ?

The other thing that springs to mind is that there needs to be some way of arranging air transport very rapidly. In this case there is an airport close by, but an airport that is not up to dealing with a such a large influx of cargo planes. In many other cases, there is no convenient airport. Perhaps it is not possible to build a temporary airport in a matter of hours, but it is something that needs someone to think about a way of trying. At the very least it should be possible to “upgrade” the air traffic control system equipment in a matter of hours – which appears to have been a problem in Haiti.

People can survive without food for quite a while, and without water for not so very long, but those in need of medical help need it now. Do we need to consider parachuting in small medical stabilisation teams ? Obviously a full field hospital would be preferred but a small team (or many of them) with supplies that can be carried can at least stabilise causalities to give them a better chance of surviving until more comprehensive facilities are available.

Similarly in the event of earthquakes, parachuting in search and rescue teams with minimal equipment could accomplish quite a bit even before heavy equipment is available.

There is also the psychological effect of having someone on the ground. Even if those early aid workers cannot accomplish much for those who are fit and healthy, they at do least indicate that help is coming and that they have not been forgotten.

I’ve said it before and I’ll say it again, we need a more military approach to emergency aid in situations like this. And I’m not exactly a fan of the military! The military are used to reacting very rapidly to a limited extent with rapid reaction forces available to go into action on very short notice. If the UN were given the resources to setup an organisation that would work in the same way (but with different aims) it would be very much more effective at responding to disasters like this.

After all, we use the normal military in situations like this – who aren’t even properly equipped for performing this job!

Dec 292009

(With apologies to the relatives of Akmal Shaikh – I’m using somewhat impolite terms for mental illness)

The Chinese government has just executed an Englishman for drug smuggling despite the fact that he was plainly more than a little unhinged.¬† Even ignoring the fact that executions are a barbaric way of dealing with criminals, not taking into account someone’s mental health is positively medieval.

Well it would be except that medieval societies may well have been a trifle more understanding of those with mental health issues than the Chinese authorities have been.

The Chinese authorities are claiming that there are no reports indicating that Akmal has mental health issues, but it doesn’t take a report to know that he’s a bit of a fruitcase. And if there has not been a mental health assessment it is fully the responsibility of the Chinese authorities that there hasn’t been one!

Apparently the Chinese authorities are annoyed that people are criticising them for executing Akmal. They claim we have no right to criticise them! Well it’s not about whether we have the right to criticise them but about whether we find the behaviour of the Chinese authorities repugnant.