back to article The Obama-era cyber détente with China was nice, wasn't it? Yeah well it's obviously over now

Infosec pros might have already noticed some familiar IP address ranges in their system logs – China has returned to the cyber-attack arena. That's the conclusion of threat intel outfit CrowdStrike, which released its midyear threat report this week (downloadable here with free registration). The firm's Falcon OverWatch team …

  1. Anonymous Coward
    Anonymous Coward

    Reall?

    From the article:

    >Alperovitch said that the 2015 Obama-era non-hacking pact had led to a decline in hostile activity, at least at the state level.

    And yet they got data for F-35 in 2017: http://fortune.com/2017/10/14/hacked-f-35-data/

    Just how naive can people be?

    1. Anonymous Coward
      Anonymous Coward

      Re: Reall?

      And yet they got data for F-35 in 2017:

      Who said they hacked it? Surely we should all want China to copy the mad, complex, expensive, impracticable F35? We can move towards a situation where the militaries' demand for unaffordable "state of the art" toys makes big nation versus big nation wars unfeasible.

      On current progress, in three decades the US will have the F42 with a programme cost of seventy trillion dollars, and as a result USAF will have one, and USN the other. Impoverished European air forces will be holding together a handful of aged F35s and Typhoons with sellotape and string.

      We have to hope Russia and China will likewise have out-teched their own pockets.

    2. Anonymous Coward
      Anonymous Coward

      Re: Reall?

      > "Just how naive can people be?"

      Well, Democrat Senator Dianne Feinstein employed a Chinese spy as a chauffeur for 20 years, up until a short time ago.

      1. John Gamble

        Re: Reall?

        "Well, Democrat Senator Dianne Feinstein employed a Chinese spy as a chauffeur for 20 years, up until a short time ago."

        ...or possibly not.

    3. This post has been deleted by its author

    4. veti Silver badge

      Re: Reall?

      They hacked data for the F-15 in 2007. Source. All they took in 2016 was some manufacturing data, to supplement the much more valuable (but still non-classified, according to the DOD) design materials they already had.

      1. Anonymous Coward
        Anonymous Coward

        Re: Reall?

        >All they took in 2016 was some manufacturing data,

        Sure. As they still plan to sell tons of these fighters for eye watering sums, they simply will have to say this. Compromised fighters do not sell like hotcakes.

  2. Chairman of the Bored

    You keep using that word.

    I do not think it means what you think it means.

    $word =~ s/inconceivable/drop-off/g

    For me and my logs, 2016 fits a long-running pattern. A monotonic increase in Chinese(x) activity. Mostly idiotic port scans and occasionally something that makes me sit up straight and think

    (x) yeah, I know attribution is tough in a spoofed or multi-hop environment, yadda yadda

  3. Rich 2 Silver badge

    China

    So remind me again, why do we (primarily Europe and the US) keep throwing money at a state that has an appalling human rights record, routinely locks up anyone who it doesn't like, has an appalling environmental record, is hostile to anything outside of itself, and has no recognisable morals at all; has, basically, an abhorant government that has its eye on world domination and enslavement?

    Then again, we think nothing of fucking-up the planet either!

    1. hplasm
      Coat

      Re: China

      But enough about the US...

      1. Chronos

        Re: China

        @hplasm: Spooky. That's exactly, word for word, what I was thinking when reading that comment.

      2. sprograms

        Re: China

        Absurd. It is that sort of late-night political "humor" which allowed the perpetuation of the corporate sabotage of the US technology manufacturing sector, including the assembly business, to continue, allowing domestic corporate tech profits to sky-rocket at the cost of trade imbalance, employment reduction, and technology transfer (imposed openly or taken by theft) for so many years.

        If you really equate the US to China, you wish to live under a totalitarian government, with your credit rating determined by your Facebook comments, a government with a leader-for-life, active Death Vans scooting from town to town, and re-education camps for religious minorities. But it's all a joke, right?

        1. Chronos

          Re: China

          But it's all a joke, right?

          No, it's the lesser of two evils. Just because the West's excesses aren't as visible as China's doesn't make them any less evil. Satirising these excesses are probably the only recourse we have at this point - until, that is, people like you come along and try to stop us with silly hyperbole. For example:

          and re-education camps for religious minorities

          Sounds like Gitmo to me.

          Now that's reductio ad absurdum done properly.

          1. DavCrav

            Re: China

            "Just because the West's excesses aren't as visible as China's doesn't make them any less evil."

            They really are less evil. China has a million people in re-education camps and has a proper 1984-style good citizen ranking. Seriously you guys, sort yourselves out. I don't see any of you rushing to move to China, which kind of suggests that deep down you know it's actually a whole lot worse.

            1. JohnFen

              Re: China

              "They really are less evil."

              Indeed, which is exactly what Chronos' comment that you're replying to said: "it's the lesser of two evils". So you're agreeing with him.

              1. Anonymous Coward
                Anonymous Coward

                Re: China

                > "So you're agreeing with him."

                Name one national government that isn't evil. Chronos's comment was meant to put down the US, period.

                1. Chronos

                  Re: China

                  Name one national government that isn't evil. Chronos's comment was meant to put down the US, period.

                  No! It was meant to put down blind faith in western "democracy," i.e. the pre-selected choices we get to elect the usual bunch of corrupt incompetents every single time, as the epitome of human advancement in government. You completely missed the point when I switched from "The US" to "The West." While we're lobbing rocks at China, we're not sorting our own shit out. "Better than them" == "dryer than the sea" and is no cause for celebration or declaring the job done.

                  This little island and Europe are currently deadlocked in a battle to see which bunch of corrupt incompetents gets what slice of the pie to waste - and waste it they will, whoever wins. Granted, they won't have big limos and massive security retinues - oh, wait...

                  So no, I'm not chucking rocks at the US. I'm chucking rocks at the people who meekly accept this system that only delivers misery time and again, myself included as my sole contribution to protesting this situation is to refuse to take part aside from making snide comments on El Reg. At least you folks have write-ins on your ballots, for all the good they do...

                2. MacroRodent

                  Re: China

                  》name one national governement that isn't evil

                  Easy: just about any of the smaller western European countries. Part of the problem is scale. In small countries it is easier for citizens to hold the leadership accountable. I fear democracy just does not work above a certain size.

                  1. Anonymous Coward
                    Anonymous Coward

                    Re: China

                    > Easy: just about any of the smaller western European countries

                    Interesting thought. Seems Switzerland hits the sweet spot perfectly.

            2. veti Silver badge

              Re: China

              China has a million people in re-education camps

              The US has over 2 million. Plus twice that number on parole.

              You don't see me rushing to move to the USA either.

            3. Cuddles

              Re: China

              "I don't see any of you rushing to move to China, which kind of suggests that deep down you know it's actually a whole lot worse."

              You don't see us rushing to move to the US either. The thing about the world is that there's quite a lot of it, and China and the USA aren't the only countries in it. "Country A does bad things" does not mean the same as "I love Country B and would do anything in my power to go and live there as soon as possible", especially for someone who actually lives in Country C and has no reason to move to either of the other two. That said, I know several people who either have, or are planning to, move to Countries D, E and F, at least in part because Country C does itself have issues becoming more similar to A and B than many are comfortable with.

        2. Anonymous Coward
          Anonymous Coward

          Re: China

          "a government with a leader-for-life"

          give trumpy a chance he's working on it!!.

          wasn't he reported as saying we'll have to try that.

          and was very keen on getting people to praise him like his mate from N.Korea getting a lot of respect from citizens!!!

      3. Version 1.0 Silver badge

        Re: China

        But enough about the US..." and the Conservative Party.

    2. Anonymous Coward
      Anonymous Coward

      Re: China

      If you want your cheep tracking devices, errrr phones, you'll shut up.

    3. JohnFen

      Re: China

      Because we (the US, anyway) as a nation prioritize making a profit over literally every other consideration.

      1. vtcodger Silver badge

        Re: China

        It's my impression -- perhaps incorrect -- that the Chinese have a high opinion of profits as well.

    4. Anonymous Coward
      Anonymous Coward

      Re: China

      They are the lowest cost bidder...

  4. GnuTzu
    Headmaster

    "a state that... has no recognisable morals at all"

    Do nations really have morals? {Insert ugly political debate here.} I'm just too cynical to believe that any power structure would not strive to maintain power of some kind or another or gain more.

    Yet, I did have to back up on that statement to make sure I understood who or what you were saying had "no morals at all."

    1. Anonymous Coward
      Anonymous Coward

      "Do nations really have morals?"

      Some do until they get a right wing bunch of twats, then they like to kill off the poor and disabled....rings a bell Mrs Maybot

  5. Anonymous Coward
    Anonymous Coward

    The lower labour costs and less restrictive policies that protect people and the environment make it cheaper to manufacture the stuff that we buy from them.

    Those same states have built their economies and now compete with us for the planet's limited remaining resources, and some have a military capability that cannot be ignored, and we funded!

    1. veti Silver badge

      Of course they're competing for resources. What else *could* happen?

      And better for them to have a military that you (indirectly) support, than to have one that doesn't need you to support it.

  6. Chris G

    I would love to see the figures for who is hacking what in China , Russia etc.

    I notice a lot of spurious stuff comes from i.o. Now who has a cyber base in Diego Garcia?

    I think there are a lot of pots complaining about kettles.

  7. Mahhn

    okaly dokaly

    "China has returned to the cyber-attack arena"

    Think all that back door'ed hardware was engineered and made in the last year? Iol nope.

  8. Anonymous Coward
    Anonymous Coward

    Please....

    There was never a detente. Ever.

    1. bombastic bob Silver badge
      Devil

      Re: Please....

      it also proves that bending over and apologizing to the world is NOT a good strategy. [better to negotiate from a position of STRENGTH]

      If China were 100% "our friend" they wouldn't be reacting this way. Their goals were obvious, they've been called out on them, and they stopped pretending to be our friends, so much.

      It's time to get lights out factories up and running 'back home', in lieu of paying a 'bunch of warm bodies' slave wages to do things manually in China. Pick & place and automated processing competes with China, easily. Seen it. And labor in places like Mexico is a bit more 'affordable' these days, all things considered.

      China spent quite a bit of time trying to lock down the supply chains such that you HAVE to go to them, more or less, for pretty much EVERYTHING. I spent some time looking for possible components for a personal project, and saw a bunch of things marked as 'tarriff included' on the pricing (in this case, surface mount resistors). A lot of manufacturers use discrete parts that are made in China. But I bet an automated factory in the USA could do the same thing, once it's up and running. The reason the China factories are so popular is they're basically "down the road" from the assembly houses and board shops. So China has everything 'in one place' more or less which cheapens the overall supply line.

      When things are built in lights out factories NOT in China, it becomes more reasonable to use domestic makers of discrete components, too. With automated processes, you don't need "a pile of warm bodies" to get things done any more.

      It wouldn't take a whole lot of time to shift things over, I bet. A year or two perhaps, and lights out factories would be building discrete components in the USA and Mexico and Canada, and EU too.

      1. Anonymous Coward
        Anonymous Coward

        Re: Please....

        Even less of a difference once transportation/distribution costs are factored into the complete supply chain opportunity costs. I'm still trying to figure out what "lights out factories" are. What-evah. There's a lot of much more friendly places to place one's sources than the PRC anyway. Already relocation targets are being looked at since, obviously, our corporate masters are scheming for a way to that next bonus.

      2. JohnFen

        Re: Please....

        "A year or two perhaps, and lights out factories would be building discrete components in the USA and Mexico and Canada, and EU too."

        I think you are seriously underestimating the time and cost of doing this. As a goal in ten years? Sure. In two? Not a chance.

      3. Anonymous Coward
        Anonymous Coward

        Re: Please....

        "It wouldn't take a whole lot of time to shift things over, I bet. A year or two perhaps, and lights out factories would be building discrete components in the USA and Mexico and Canada, and EU too."

        Yeah trumpys really brought the manufacturing of his trashy crap home, lol, even "MAGA" hats aren't made in the USA..really bright voting for that twat!!!

      4. Anonymous Coward
        Anonymous Coward

        Re: Please....

        > it also proves that bending over and apologizing to the world is NOT a good strategy.

        You would have thought people had learned after Chamberlain but no - you clocked up plenty of down votes.

        So for those who insist on repeating the ugly parts of history:

        Winston Churchill — 'You were given the choice between war and dishonour. You chose dishonour, and you will have war.' - To Neville Chamberlain'

  9. heyrick Silver badge

    "Primarily they're focused on stealing intellectual property... in order to counteract in part the trade tariffs we're putting into place on them."

    That's an interesting comment to make given that the West has been busy handing over IP for years since it's cheaper to get stuff made there (and pretend to care about the workers).

    Maybe the rise isn't to do with IP but simply because China doesn't consider America and friends to be their friends any more.

    As for server logs - undesirable attempts from China are pretty regular. Always have been. Now would somebody care to explain the rise in the same sort of portscan nonsense from Israel? Are we expected to be too stupid to realise both sides are at it?

    1. Anonymous Coward
      Anonymous Coward

      "As for server logs - undesirable attempts from China are pretty regular. Always have been. Now would somebody care to explain the rise in the same sort of portscan nonsense from Israel? Are we expected to be too stupid to realise both sides are at it?"

      If anybody trusts the source ip as being the true source of a hack they are fucking idiots...(and I know..don't ask I wont tell!)

      First thing a competent hacker does is bounce off other targets, the number of badly configured servers running compramisable software is insane...

      An IP from a particular country pretty much proves nothing about the true source...

      1. JCitizen
        Coffee/keyboard

        True.. but...

        At about 2003, when I first started logging this kind of thing; the PRC was so arrogant that they didn't bother doing fancy server bouncing like you describe. The sources of the attacks made sense too - usually military bases or industrial parks. After people woke up, they shifted the IP addresses to "Universities", then when that got public attention, they built a mysterious communication building that could only be described as a major "CIA" type communications center where the attacks were coming from. This didn't fool anybody, so they finally simply copied the same technique criminals use just as you describe. l have no doubt the PRC is still doing just what they've always been doing, and probably worse - but you are right, the original source is hard to determine ( but not impossible either). We are doing it to them and our friends too, so it is a bit disingenuous to cry loudly about it, but that doesn't mean we have to lie down and forget it either.

  10. Andromeda451

    PRC anyone?

    Anyone believing that our friends in China ever took a break under Mr. Obama has been smoking illegal substances way too long. The Chinese NEVER stopped their attacks. The difference was it was politically expedient to ignore their efforts. I visited China in 2012 and upon returning to my hotel room found that my luggage and laptop had been discretely searched, too bad the PLA didn't properly train their peeps for the "tells" I placed.

    1. bombastic bob Silver badge
      Meh

      Re: PRC anyone?

      what OS on the laptop? also you might want to see if the BIOS was re-flashed (or similar)

  11. Gene Cash Silver badge

    Block 'em

    A rising tide of portscans has made me block all the .ru & .cn IP blocks... and I STILL get a dozen daily attacks on my little home network.

    1. Anonymous Coward
      Anonymous Coward

      Re: Block 'em

      "A rising tide of portscans has made me block all the .ru & .cn IP blocks... and I STILL get a dozen daily attacks on my little home network."

      you would have to also block huge ranges of IP's held by a lot of web/server hosting companies, not to mention the ip blocks of ISP's that are handed out to users (insecure routers/IOT devices)

      1. JCitizen
        Mushroom

        Re: Block 'em

        There was a time when I was tempted to block the entire range at APINIC, RIPE NCC, and Wasilla Alaska;; but a guy would probably spend all his time configuring exceptions to that now days.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like