4825975
story
Comments: 195 +- IT: Is China Creating the World's Largest Botnet Army? on Thursday June 11, @02:22PM
background: url(//a.fsdn.com/sd/topics/topicsecurity.gif); width:59px; height:78px;
security
background: url(//a.fsdn.com/sd/topics/topicinternet.gif); width:70px; height:73px;
internet
david_a_eaves writes "The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army."
Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."
Related Stories
There's no easy quick way out, we're gonna have to live through our
whole lives, win, lose, or draw.
-- Walt Kelly
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.
Correct me if I am wrong... (Score:5, Insightful)
Would it be easier to just sever the undersea fibre cable to China if it's really such a grave threat?
Re:Correct me if I am wrong... (Score:5, Insightful)
This is economic warfare. The question is which is worth more economically to the US, a connection to China which opens Chinese citizens to the world's press or severing the connection and avoiding any potential complications.
So the question is which one is worth more? Personally im willing to bet that being connected to them is worth more to the US than it is to China.
Parent
Re: (Score:3, Informative)
Last year exports to the USA accounted for about 24% of Chinese exports but only about 13% of USA imports. USA exports accounted for about 6.5% of Chinese imports but only about 4% of USA exports. I wouldn't be so sure about who is dependent on who.
Re: (Score:3, Insightful)
Or just block their IP space (Score:5, Insightful)
The only reason botnets are so effective is they are distributed. When they come from all over the place, you have to do a ton of individual blocks. If they are all from the same IP space, ok just black hole China's space and that's it. Wouldn't take a block from very many top level providers and they'd be doing nothing at all.
Parent
Re:Or just block their IP space (Score:5, Interesting)
Parent
Re: (Score:3, Insightful)
Re:Correct me if I am wrong... (Score:4, Funny)
Parent
Re: (Score:3, Funny)
Is this a problem? (Score:2, Interesting)
How hard is it to block all traffic based on the country of origin, China in this case?
It is a problem (Score:3, Funny)
For the sake of argument, let's assume this is the case. (And to correct me if I am wrong here.) To be able to block, at the very least the packet header has to be examined. If remote attacker can generate packets faster than you can examine and drop them, you've just been DoS'ed. Multiply the number of packets by the number of computers in China...
Re:It is a problem (Score:4, Insightful)
For the sake of argument, lets assume the transit providers drop China's interconnects. 0% CPU overhead.
Parent
Re:It is a problem (Score:5, Insightful)
To be able to block, at the very least the packet header has to be examined. If remote attacker can generate packets faster than you can examine and drop them, you've just been DoS'ed.
You also have to look at the packet header in the course of regular routing decisions. Would it really take more CPU to look at the packet header and drop it into /dev/null than it does to look at the packet header and send it out a different network interface?
Parent
Re: (Score:3, Insightful)
That's not what really causes the extra CPU usage. It's the sheer volume of the packets you now have to handle. It's not as if these botnet computers are generating traffic like the would during a normal transaction. They're transmitting as fast as
Re:It is a problem (Score:5, Informative)
Parent
Re: (Score:3, Insightful)
You can be DOSd with legitimate traffic just as easily as a botnet. Too many packets is too many packets.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
Really, we need to rethink being so close to our adversaries online. I mean, isn't that obvious?
It's like we're waiting for the cyber-911 (god that's terrible) before we have the mandate to act.
They have to come over the same sets of pipes. You can't get around that.
At some point, you can shut off mega.undersea.cable01 and all traffic stops.
Cut the ties that bind the C&C with the bots, and monitor what happens next.
If sh!t hit hit the fan, the USAF/NSA/??? would step in and do this. The question is,
u
Re: (Score:3, Informative)
Why are the replies modded funny? Someone's doing a crappy job of moderating today.
Or a great job. Personally, I find it entertaining to read a comment waiting for the punchline, then re-read it thinking I 'missed' something. It speaks volumes to degree I have been conditioned to trust the mods. A round of "off-modding" like this gives me a chance to reflect on my own reading-of-Slashdot habits. Quite refreshing.
Of course, in all my comments I make sure to include a "little bit of everything", so that the less discerning reader can say "Oh! That's why this comment is Insightful/Interes
oOooo Scary! (Score:5, Funny)
-
- - VanCondo [vancouvercondo.info]
Re: (Score:3, Insightful)
And if they're running pirated, unpatched copies of windows, equally as fragile.
Does America already have the World's Largest? (Score:5, Funny)
Ballmer: Finally, the moment I've been waiting for! *Throws ceremonial war chair at wall*
That would be like... (Score:5, Funny)
Archimedes would be proud!
(Think before you mod me offtopic.)
Re: (Score:3, Insightful)
Why would you assume they actually moderated in the first place, rather than simply claimed that they did in order to make Teh Funny?
People are such suckers (Score:5, Interesting)
The goal, authorities say, is to protect children from pornography
Of course, that morsel isn't for the Chinese people. They could tell their own people "we're creating a botnet to terrorize you", and nothing would happen. In fact, it's for the benefit of people in other countries. Social conservatives everywhere will exclaim "what an excellent goal!" Those people have simply failed to realize that governments will use whatever power they have for whatever they want, and never exclusively for its "intended purpose". The US does this too, but they've been moving more slowly because more people fail to notice when the power shift is gradual.
Let's be charitable (Score:3, Insightful)
The Chinese government obviously understands their people better than we do. No other government anywhere, at any time in human history, has directly controlled so many people as the current Chinese government. Success counts for something. Obviously in some basic ways they're brilliant at being a government.
So let's grant for argument that they're telling the truth: That pornography is among the most dire current threats to the continuity of their control of their population. We need to get funding from ou
The "least of our worries" ? (Score:5, Funny)
Let me get this straight.
China further on intruding on its citizens who are already exploited and given no voice is a valid concern -- until it causes the rest of the world the slightest discomfort?
Re:The "least of our worries" ? (Score:5, Funny)
Let me get this straight.
China further on intruding on its citizens who are already exploited and given no voice is a valid concern -- until it causes the rest of the world the slightest discomfort?
And what exactly would you have the rest of the world do about it? Chinese are already subject to an oppressive dictatorial government, as are North Koreans, Vietnamese, Cubans, Laotians, Burmese, Iranians, Zimbabweans, and in general around half the total world population.
Parent
Re: (Score:3, Insightful)
M$ made largest botnet, Cisco the next Echelon (Score:5, Interesting)
I advice any government to use in their networks only SW they can compile by themselfes!
And even more important: use routers ( and switches ) where they compiled the firmware/software themselves!
Re:M$ made largest botnet, Cisco the next Echelon (Score:5, Interesting)
Parent
Re: (Score:3, Insightful)
Look.... (Score:3, Interesting)
Re:Look.... (Score:5, Interesting)
Look, in a "cyber war" you don't fight with DoS attacks, you fight by simply severing the undersea cables.
Well, severing the cables would be expensive. More likely we'd just filter incoming traffic from that address space. If every computer in China today started sending a DoS attack at something in the US or Europe, an IT guy would get beeped and would authorize their automated system to blackhole that traffic at the core routers. Basically, it would just cut off traffic originating in China and the rest of us would go on as usual except there would be some interesting network security articles. Heck, with some of the systems in place, companies with regular traffic to china might not even have their normal traffic disrupted since it had been previously mapped out as normal and white-listed.
Parent
Re: (Score:3, Funny)
except there would be some interesting network security articles
If it is a big enough story to be covered everywhere, the whole internet will be slashdotted. THAT is their true plan.
Re: (Score:3, Insightful)
You don't even need to cut the cables. They have to come out somewhere.. switch the routers off.
If you can't do that, advertise high priority routes so that all traffic to china gets null routed (they can do the same to you, theoretically, if they get in first).
Re: (Score:3, Informative)
Look
at this... under sea map of fiber connections [guardian.co.uk] How do you propose the US cut off those connections?
Don't usually get dupes the same day (Score:3, Informative)
Stating The Obvious (Score:3, Interesting)
Conceivably, everything from hospitals to electrical power grids could be targets.
Here's a thought! Make sure hospitals and electrical power grids AREN'T ON THE INTERNET! This is hard? VPNs and darknets are hard??
Choir, consider yourself preached to.
Easily identifiable source = easy blocked traffic (Score:5, Informative)
What makes a botnet potentially devastating is that it can create traffic that's indistinguishable from legitimate traffic. When a large enough number of computers from random locations request a page from your webserver, how do you sort the bad requests from the good? It's the slashdot effect on steroids.
If all the traffic was originating from within a particular country, it would be straightfoward to drop that traffic and let other traffic through.
It's interesting to note that in the early days, it wasn't possible to determine geographic location based on IP address. Address blocks were originally assigned rather haphazardly. As the number of networks grew, routers had to store larger and larger routing tables. Eventually this led to a push to reorganize address block allocations in a more hierarchical fashion, which ultimately made geolocation possible.
while of course this is fud (Score:4, Interesting)
trusting the chinese government at their word is equally foolish. there are no deep nefarious plots and twisty hidden meanings in this piece of censorware most probably. but at the same time, the chinese government is certainly no paragon of virtue that we should trust is motivated by exactly what they say
not that western nations are any more trustworthy. its just that there is this idiotic notion i often encounter that says "western critics are complaining the chinese have hidden purposes, so since i don't trust western mouthpieces, i'll believe the chinese at their word that they are completely virtuous and innocent in their motivations"
you know, like iran is enriching uranium for peaceful purposes. "that's what they said, that's what i believe. because i won't be a naive idiot for the west. i choose to be a naive idiot for the west's enemies"
hey, here's a radical idea: how about you trust no one and be a naive idiot for no one? that is: distrust the west, distrust china, and distrust iran, all at the same time
thunderclap
Re:while of course this is fud (Score:4, Insightful)
TRUST NO ONE!
DO NOT TRUST THE CHINESE! (But eat their food, wear their clothes, use their electronics)
DO NOT TRUST THE USA! (But obey their laws, enjoy their movies, work for their money)
DO NOT TRUST THE IRANIANS (But ignore their democratic progress and ignore their people's work for peace)
Here's the real answer:
DO NOT TRUST YOURSELF, because you're an idiot.
Distrust is for the weak. Optimistic skepticism and honest effort are for the strong.
Parent
Re:while of course this is fud (Score:4, Insightful)
Parent
A botnet that lives within one's own borders... (Score:3, Insightful)
...would seem to have some serious limitations.
all chineese botnet? (Score:3, Informative)
Assuming that this is true - all the bots would be contained inside China
If they unleashed the botnet on something outside China
1) Would it not just crush the internal network(s) inside China?
2) Would it not just crush the connections to the rest of the world?
3) Would it not just crush the massive control and filter systems?
4) Would it not just super easy to identify and quarantine?
What am I missing here?
Don't panic! (Score:4, Funny)
Don't panic, we will be ok! I have Windows Firewall!!!
Did Japan already do this? (Score:3, Insightful)
This reminds me of the 60's when there were actually people who believed that all of those little Japanese cars were programmed to fall apart when a signal came from Tokyo. We'd be stuck with no transportation and Japan would finally win the war.
I'm not saying this couldn't be done with computer software today. But obviously paranoia isn't limited by technology.
Oblig (Score:4, Funny)
*sigh* I thought it was the most well known classic blunder not to start a LAN war in Asia!
*DUCKS*
Re: (Score:3, Insightful)
"it could build one in "traditional" way using viruses etc."
yea, it's a huge vector for launching a traditional attack though. It hasn't got to go boom on day one, the attack could begin silently by spreading crap slowly over the course of years.
Other than that, I'm guessing Chinese Wikipedians are crapping themselves over this news.
No, the typo is yours (Score:3, Insightful)
No, all your computer belong to someone who wants to harm China. This is more of a threat to China itself, than anyone else.
From a point of view outside China, this botnet is not distributed. It all shares a few links (possibly saturating them if the botnets gets too crazy), shares netblocks, etc. This botnet isn't capable of doing anything that the Great Firewall operators aren't already able to do.
From a point of view inside China, the botnet is distributed and its crap looks like it's coming from ev