Is China Creating the World's Largest Botnet Army? 195
david_a_eaves writes "The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army."
Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."
Correct me if I am wrong... (Score:5, Insightful)
Would it be easier to just sever the undersea fibre cable to China if it's really such a grave threat?
geographically centralized Botnet (Score:2, Insightful)
Should make it easier to block during an attack....
Re:It is a problem (Score:4, Insightful)
For the sake of argument, lets assume the transit providers drop China's interconnects. 0% CPU overhead.
Re:Correct me if I am wrong... (Score:5, Insightful)
This is economic warfare. The question is which is worth more economically to the US, a connection to China which opens Chinese citizens to the world's press or severing the connection and avoiding any potential complications.
So the question is which one is worth more? Personally im willing to bet that being connected to them is worth more to the US than it is to China.
A China based botnet army only threatens China (Score:2, Insightful)
Or just block their IP space (Score:5, Insightful)
The only reason botnets are so effective is they are distributed. When they come from all over the place, you have to do a ton of individual blocks. If they are all from the same IP space, ok just black hole China's space and that's it. Wouldn't take a block from very many top level providers and they'd be doing nothing at all.
Re:Correct me if I am wrong... (Score:0, Insightful)
It's spelled both ways fuckwad.
A botnet that lives within one's own borders... (Score:3, Insightful)
...would seem to have some serious limitations.
Re:Yawn (Score:3, Insightful)
"it could build one in "traditional" way using viruses etc."
yea, it's a huge vector for launching a traditional attack though. It hasn't got to go boom on day one, the attack could begin silently by spreading crap slowly over the course of years.
Other than that, I'm guessing Chinese Wikipedians are crapping themselves over this news.
Re:It is a problem (Score:5, Insightful)
To be able to block, at the very least the packet header has to be examined. If remote attacker can generate packets faster than you can examine and drop them, you've just been DoS'ed.
You also have to look at the packet header in the course of regular routing decisions. Would it really take more CPU to look at the packet header and drop it into /dev/null than it does to look at the packet header and send it out a different network interface?
Re:It is a problem (Score:3, Insightful)
That's not what really causes the extra CPU usage. It's the sheer volume of the packets you now have to handle. It's not as if these botnet computers are generating traffic like the would during a normal transaction. They're transmitting as fast as they can.
No, the typo is yours (Score:3, Insightful)
No, all your computer belong to someone who wants to harm China. This is more of a threat to China itself, than anyone else.
From a point of view outside China, this botnet is not distributed. It all shares a few links (possibly saturating them if the botnets gets too crazy), shares netblocks, etc. This botnet isn't capable of doing anything that the Great Firewall operators aren't already able to do.
From a point of view inside China, the botnet is distributed and its crap looks like it's coming from everywhere.
All your computer are belong to US.
Re:Correct me if I am wrong... (Score:2, Insightful)
Re:It is a problem (Score:3, Insightful)
Really, we need to rethink being so close to our adversaries online. I mean, isn't that obvious?
It's like we're waiting for the cyber-911 (god that's terrible) before we have the mandate to act.
They have to come over the same sets of pipes. You can't get around that.
At some point, you can shut off mega.undersea.cable01 and all traffic stops.
Cut the ties that bind the C&C with the bots, and monitor what happens next.
If sh!t hit hit the fan, the USAF/NSA/??? would step in and do this. The question is,
under what circumstances, and what good does that do us in the long term?
You can't disconnect CN forever. This problem will remain as long as we're tied to them.
If we treat our enemies as trusted friends and get screwed, whose fault is it? Exactly.
I think there's a word for this in Cantonese, but my pronunciation suffers.
Re:And Windows? (Score:2, Insightful)
Already done. They call it Windows Update.
Re:oOooo Scary! (Score:3, Insightful)
And if they're running pirated, unpatched copies of windows, equally as fragile.
Re:The "least of our worries" ? (Score:3, Insightful)
Re:The "least of our worries" ? (Score:2, Insightful)
Iranians are in a democratic process to elege a new presidente.
Re:Correct me if I am wrong... (Score:3, Insightful)
Re:Look.... (Score:3, Insightful)
You don't even need to cut the cables. They have to come out somewhere.. switch the routers off.
If you can't do that, advertise high priority routes so that all traffic to china gets null routed (they can do the same to you, theoretically, if they get in first).
Re:while of course this is fud (Score:4, Insightful)
TRUST NO ONE!
DO NOT TRUST THE CHINESE! (But eat their food, wear their clothes, use their electronics)
DO NOT TRUST THE USA! (But obey their laws, enjoy their movies, work for their money)
DO NOT TRUST THE IRANIANS (But ignore their democratic progress and ignore their people's work for peace)
Here's the real answer:
DO NOT TRUST YOURSELF, because you're an idiot.
Distrust is for the weak. Optimistic skepticism and honest effort are for the strong.
Re:It is a problem (Score:3, Insightful)
You can be DOSd with legitimate traffic just as easily as a botnet. Too many packets is too many packets.
Re:The "least of our worries" ? (Score:2, Insightful)
Really? The Iranians have the opportunity to vote out Kammenei? That's news to everyone on planet Earth!
Achmenuttyjob is the Iranian government's equivalent to White House press sceretary Gibbs.
Re:while of course this is fud (Score:4, Insightful)
Re:The "least of our worries" ? (Score:1, Insightful)
You got it, buddy. Anything else?
Re:That would be like... (Score:3, Insightful)
Why would you assume they actually moderated in the first place, rather than simply claimed that they did in order to make Teh Funny?
Re:It is a problem (Score:3, Insightful)
Re:Correct me if I am wrong... (Score:3, Insightful)
Let's be charitable (Score:3, Insightful)
The Chinese government obviously understands their people better than we do. No other government anywhere, at any time in human history, has directly controlled so many people as the current Chinese government. Success counts for something. Obviously in some basic ways they're brilliant at being a government.
So let's grant for argument that they're telling the truth: That pornography is among the most dire current threats to the continuity of their control of their population. We need to get funding from our own government to build a massive distributed porn collection, that in times of crisis can be forwarded by every available channel and modality to China. Thus can we destroy them!
Did Japan already do this? (Score:3, Insightful)
This reminds me of the 60's when there were actually people who believed that all of those little Japanese cars were programmed to fall apart when a signal came from Tokyo. We'd be stuck with no transportation and Japan would finally win the war.
I'm not saying this couldn't be done with computer software today. But obviously paranoia isn't limited by technology.
Nope, it's this simple: (Score:2, Insightful)
2, Start your own company (using someone else's name of course) selling filter software (with OpenCV (BSD licensed) binary lib without any proper credit).
3, Win the contract in the government <sarcasm>public bidding</sarcasm>.
4, Enjoy mandatory installation across the country.
5, The one-year free trial expires.
6, ???
7, PROFIT!
Re:M$ made largest botnet, Cisco the next Echelon (Score:3, Insightful)