Forgot your password?
typodupeerror
Security The Internet

Is China Creating the World's Largest Botnet Army? 195

Posted by timothy
from the economies-of-scale dept.
david_a_eaves writes "The Chinese government is mandating that all computers sold in China come with Internet blocking software. Rob Cottingham writes an excellent piece noting how the censorship application of this software should be the least of our concerns. This new software may create an opportunity for the Chinese Government to appropriate these computers and use them to create the worlds largest botnet army." Update: 06/11 21:26 GMT by T : J. Alex Halderman writes "My students and I have been examining the Green Dam censorware software. We've found serious vulnerabilities that can be exploited by any web site a user visits with the software installed. We also found that some of the blacklists seems to have been taken from the American-made filtering program CyberSitter. We've posted a report and demo."
This discussion has been archived. No new comments can be posted.

Is China Creating the World's Largest Botnet Army?

Comments Filter:
  • by Lead Butthead (321013) on Thursday June 11, 2009 @03:24PM (#28298531) Journal

    Would it be easier to just sever the undersea fibre cable to China if it's really such a grave threat?

    • by phantomcircuit (938963) on Thursday June 11, 2009 @03:40PM (#28298797) Homepage

      This is economic warfare. The question is which is worth more economically to the US, a connection to China which opens Chinese citizens to the world's press or severing the connection and avoiding any potential complications.

      So the question is which one is worth more? Personally im willing to bet that being connected to them is worth more to the US than it is to China.

      • by Shakrai (717556)

        The question is which is worth more economically to the US, a connection to China which opens the Great Firewall of China to the world's press

        Fixed that for you.

      • Re: (Score:3, Informative)

        by John Hasler (414242)

        Last year exports to the USA accounted for about 24% of Chinese exports but only about 13% of USA imports. USA exports accounted for about 6.5% of Chinese imports but only about 4% of USA exports. I wouldn't be so sure about who is dependent on who.

        • by TubeSteak (669689)

          Last year exports to the USA accounted for about 24% of Chinese exports but only about 13% of USA imports. USA exports accounted for about 6.5% of Chinese imports but only about 4% of USA exports. I wouldn't be so sure about who is dependent on who.

          First off, we're talking about the economy, where a few percentage points are the difference between a good year and a bad year.

          Second your 2008 numbers are wrong [census.gov]

          USA imports from China = 16.1% of total imports
          USA exports to China = 5.5% of total exports
          Which works out to a combined 12% of total trade

          Third, in a world of Just In Time inventory systems, it would not be trivial or cheap to find new suppliers.
          And that's assuming you can even find such a massive quantity of unused manufacturing capacity to make

          • Re: (Score:3, Insightful)

            by c_forq (924234)
            Just in time inventory? Using China as a supplier? Sorry, not happening without a middleman. Shipping isn't reliable enough, unless you are using air and paying out the nose. Unless your JIT means something different to you than to my customers (several my of my customers have NO warehousing space, they need parts for their assemblies when they need them - any earlier and they can't store them, any later and they have a worker doing nothing).
    • This. Or firewall them off at your network's edge.
      • Re: (Score:3, Funny)

        by dotgain (630123)
        Yeah, I thought 'conf t, int gi0/1, shut, end, wr' seemed a bit easier than diving for a cable.
    • by Sycraft-fu (314770) on Thursday June 11, 2009 @03:42PM (#28298841)

      The only reason botnets are so effective is they are distributed. When they come from all over the place, you have to do a ton of individual blocks. If they are all from the same IP space, ok just black hole China's space and that's it. Wouldn't take a block from very many top level providers and they'd be doing nothing at all.

    • we could "accidentally" drop anchor on it....
    • Re: (Score:2, Insightful)

      by markkezner (1209776)
      If you do cut the cable, the traffic will try to route around the damage, clogging the "tubes" elsewhere and disrupting a lot of services.
    • by mbone (558574)

      You mean the ones that go through Japan ? Or the one that goes through Russia ? Yeah, that will go over well.

    • Re: (Score:3, Insightful)

      by CastrTroy (595695)
      Wouldn't it be easy for the people buying the computers to wipe the hard drive and install their own software, without the internet blocking software on it?
      • by shermo (1284310)

        Presumably China will implement a DMCA style anti-circumvention law.

      • by Eccles (932)

        The Chinese law requires the software be provided (even on a CD, not installed), not that it has to be installed on every PC. So you just buy a PC without it installed.

      • by selven (1556643)
        If people are knowledgeable enough to know that the software is there, and that it can be removed in that way, and knowledgeable enough to download the windows torrent to reinstall, China can't do much about them anyway.
    • What if one of its (hypothetical) purposes is as a massive distributed computer? Y'know, for cracking encryption and such? Simulations? Doesn't really matter if it's disconnected from the rest of the planet - there's still a crapload of computer power available there...

  • Is this a problem? (Score:2, Interesting)

    by ArcherB (796902)

    How hard is it to block all traffic based on the country of origin, China in this case?

    • For the sake of argument, let's assume this is the case. (And to correct me if I am wrong here.) To be able to block, at the very least the packet header has to be examined. If remote attacker can generate packets faster than you can examine and drop them, you've just been DoS'ed. Multiply the number of packets by the number of computers in China...

      • Re:It is a problem (Score:4, Insightful)

        by OverlordQ (264228) on Thursday June 11, 2009 @03:36PM (#28298723) Journal

        For the sake of argument, lets assume the transit providers drop China's interconnects. 0% CPU overhead.

      • Re:It is a problem (Score:5, Insightful)

        by Shakrai (717556) on Thursday June 11, 2009 @03:52PM (#28299035) Journal

        To be able to block, at the very least the packet header has to be examined. If remote attacker can generate packets faster than you can examine and drop them, you've just been DoS'ed.

        You also have to look at the packet header in the course of regular routing decisions. Would it really take more CPU to look at the packet header and drop it into /dev/null than it does to look at the packet header and send it out a different network interface?

        • Re: (Score:3, Insightful)

          by caladine (1290184)

          You also have to look at the packet header in the course of regular routing decisions. Would it really take more CPU to look at the packet header and drop it into /dev/null than it does to look at the packet header and send it out a different network interface?

          That's not what really causes the extra CPU usage. It's the sheer volume of the packets you now have to handle. It's not as if these botnet computers are generating traffic like the would during a normal transaction. They're transmitting as fast as

          • Re:It is a problem (Score:5, Informative)

            by tattood (855883) on Thursday June 11, 2009 @06:51PM (#28301855)
            The interconnect routers are all using hardware ASICs for their routing. It is absolutely NO problem for a core Internet router to block an entire subnet/country without a single hiccup.
            • by tattood (855883)
              In re-reading your comment, you have a point. If the interconnect link is 1 gigabit (for example) and the router on the other side is trying to send 2GBps through that single link, some of the packets will be dropped, creating a (sort-of) denial of service.
        • Re: (Score:3, Insightful)

          by Hatta (162192)

          You can be DOSd with legitimate traffic just as easily as a botnet. Too many packets is too many packets.

      • Re: (Score:3, Insightful)

        by Anonymous Coward

        Really, we need to rethink being so close to our adversaries online. I mean, isn't that obvious?
        It's like we're waiting for the cyber-911 (god that's terrible) before we have the mandate to act.

        They have to come over the same sets of pipes. You can't get around that.
        At some point, you can shut off mega.undersea.cable01 and all traffic stops.
        Cut the ties that bind the C&C with the bots, and monitor what happens next.

        If sh!t hit hit the fan, the USAF/NSA/??? would step in and do this. The question is,
        u

        • Cut the ties that bind the C&C with the bots, and monitor what happens next.

          Wait, you mean Kane is behind all this? Aw crap, we're screwed.

    • Re: (Score:2, Funny)

      by Anonymous Coward

      How is this troll? Did this guy beat a mod in an earlier slashdot debate?

    • by Tony Hoyle (11698)

      How hard is it to block all traffic based on the country of origin

      A quick look at the spam trap shows more being relayed by bots in the US than China. Shall we start there?

      • This was a bit inane. Clearly, if we are speculating that China's government is building a huge botnet, we might extrapolate that in the near future, the condition you state will change dramatically. In that case, it might well be worthwhile for many transit providers and/or hosts in the rest of the world to start dropping all packets from China IPs into the bitbucket.
  • Should make it easier to block during an attack....

  • by vancondo (986849) on Thursday June 11, 2009 @03:26PM (#28298583) Homepage
    Well if they are it's certainly more threatening than a bunch of terracotta warriors.
    -
    - - VanCondo [vancouvercondo.info]
  • by CmdrSammo (1086973) on Thursday June 11, 2009 @03:29PM (#28298617) Homepage
    Obama: Hey Ballmer, you mind if we borrow 90% of the world's computers for a quick cyber war?

    Ballmer: Finally, the moment I've been waiting for! *Throws ceremonial war chair at wall*
    • Re: (Score:2, Funny)

      by Anonymous Coward
      Ballmer: Sure, you have have them after Tuesday, five months from now.
    • In all seriousness, that's not a bad idea.
  • by starglider29a (719559) on Thursday June 11, 2009 @03:29PM (#28298619)
    A few million Stormtroopers standing on the surface of the Death Star with ThinkGeek green lasers.

    Archimedes would be proud!


    (Think before you mod me offtopic.)
    • by mcgrew (92797)

      (Think before you mod me offtopic.)

      Think? You must be new here!

  • by qortra (591818) on Thursday June 11, 2009 @03:29PM (#28298621)

    The goal, authorities say, is to protect children from pornography

    Of course, that morsel isn't for the Chinese people. They could tell their own people "we're creating a botnet to terrorize you", and nothing would happen. In fact, it's for the benefit of people in other countries. Social conservatives everywhere will exclaim "what an excellent goal!" Those people have simply failed to realize that governments will use whatever power they have for whatever they want, and never exclusively for its "intended purpose". The US does this too, but they've been moving more slowly because more people fail to notice when the power shift is gradual.

    • by wytcld (179112)

      The Chinese government obviously understands their people better than we do. No other government anywhere, at any time in human history, has directly controlled so many people as the current Chinese government. Success counts for something. Obviously in some basic ways they're brilliant at being a government.

      So let's grant for argument that they're telling the truth: That pornography is among the most dire current threats to the continuity of their control of their population. We need to get funding from ou

  • by qoncept (599709) on Thursday June 11, 2009 @03:33PM (#28298667) Homepage

    Let me get this straight.

    China further on intruding on its citizens who are already exploited and given no voice is a valid concern -- until it causes the rest of the world the slightest discomfort?

    • by Stargoat (658863) <stargoat@gmail.com> on Thursday June 11, 2009 @04:07PM (#28299271) Journal

      Let me get this straight.

      China further on intruding on its citizens who are already exploited and given no voice is a valid concern -- until it causes the rest of the world the slightest discomfort?

      And what exactly would you have the rest of the world do about it? Chinese are already subject to an oppressive dictatorial government, as are North Koreans, Vietnamese, Cubans, Laotians, Burmese, Iranians, Zimbabweans, and in general around half the total world population.

      • Re: (Score:3, Insightful)

        by qoncept (599709)
        What I would have the rest of the world do about it is escalate "it" from the "least of their worries" to something just a bit higher.
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        Iranians are in a democratic process to elege a new presidente.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          Really? The Iranians have the opportunity to vote out Kammenei? That's news to everyone on planet Earth!

          Achmenuttyjob is the Iranian government's equivalent to White House press sceretary Gibbs.

  • by kubitus (927806) on Thursday June 11, 2009 @03:33PM (#28298671)
    The US is in the dominant position regarding hidden backdoors and establishing Trojan Boot loaders into routers.

    I advice any government to use in their networks only SW they can compile by themselfes!

    And even more important: use routers ( and switches ) where they compiled the firmware/software themselves!

  • Look.... (Score:3, Interesting)

    by Darkness404 (1287218) on Thursday June 11, 2009 @03:35PM (#28298709)
    Look, in a "cyber war" you don't fight with DoS attacks, you fight by simply severing the undersea cables. If we were really "attacked" by China this way (which, we won't be, it would end their economy and their leaders seem to be halfway sane unlike that of North Korea) we could simply sever the lines.
    • Re:Look.... (Score:5, Interesting)

      by 99BottlesOfBeerInMyF (813746) on Thursday June 11, 2009 @03:43PM (#28298867)

      Look, in a "cyber war" you don't fight with DoS attacks, you fight by simply severing the undersea cables.

      Well, severing the cables would be expensive. More likely we'd just filter incoming traffic from that address space. If every computer in China today started sending a DoS attack at something in the US or Europe, an IT guy would get beeped and would authorize their automated system to blackhole that traffic at the core routers. Basically, it would just cut off traffic originating in China and the rest of us would go on as usual except there would be some interesting network security articles. Heck, with some of the systems in place, companies with regular traffic to china might not even have their normal traffic disrupted since it had been previously mapped out as normal and white-listed.

      • Its not expensive, didn't you read about all those ships that just dropped anchor in the wrong place... its only expensive to fix, not break. In the case of "cyberwar" I assume we don't care about fixing it.
        • Re: (Score:3, Insightful)

          by Tony Hoyle (11698)

          You don't even need to cut the cables. They have to come out somewhere.. switch the routers off.

          If you can't do that, advertise high priority routes so that all traffic to china gets null routed (they can do the same to you, theoretically, if they get in first).

      • Re: (Score:3, Funny)

        by T Murphy (1054674)

        except there would be some interesting network security articles

        If it is a big enough story to be covered everywhere, the whole internet will be slashdotted. THAT is their true plan.

      • by g-san (93038)

        Hopefully they haven't discovered spoofing.

    • Re: (Score:3, Informative)

      by illiter4te (1574849)

      Look

      at this... under sea map of fiber connections [guardian.co.uk] How do you propose the US cut off those connections?

    • by Atrox666 (957601)
      Why would China attack? They already own the US why would they break their new toy?
  • by DrData99 (916924) on Thursday June 11, 2009 @03:36PM (#28298719)
    Did I miss something or isn't this essentially the same story as this:http://it.slashdot.org/story/09/06/11/1347219/Chinese-Govt-Spyware-Puts-Computers-At-Risk?art_pos=9 [slashdot.org]
  • I mean, if this is true, what if the Russians found a way to activate the botnet first?
  • Stating The Obvious (Score:3, Interesting)

    by BigBlueOx (1201587) on Thursday June 11, 2009 @03:38PM (#28298751)
    From the FA:
    Conceivably, everything from hospitals to electrical power grids could be targets.

    Here's a thought! Make sure hospitals and electrical power grids AREN'T ON THE INTERNET! This is hard? VPNs and darknets are hard??

    Choir, consider yourself preached to.
  • I hope everyone's spam filters are up to date, because I'm sure crimeware authors would exploit it first..
  • I think it is bad enough that the Chinese government is forcing people to have censorship software installed on their computers which obviously will have to know what sites they are visiting and probably what else they are doing on their computers without having to engage in idle speculation on what else it can be used for. In any case, the idea that it will be used as a botnet is kind of weird and imho unlikely. You'd think that the Chinese government would have enough computing resources to do what it ne
    • Re: (Score:3, Insightful)

      by cyphercell (843398)

      "it could build one in "traditional" way using viruses etc."

      yea, it's a huge vector for launching a traditional attack though. It hasn't got to go boom on day one, the attack could begin silently by spreading crap slowly over the course of years.

      Other than that, I'm guessing Chinese Wikipedians are crapping themselves over this news.

  • by nuckfuts (690967) on Thursday June 11, 2009 @03:41PM (#28298821)

    What makes a botnet potentially devastating is that it can create traffic that's indistinguishable from legitimate traffic. When a large enough number of computers from random locations request a page from your webserver, how do you sort the bad requests from the good? It's the slashdot effect on steroids.

    If all the traffic was originating from within a particular country, it would be straightfoward to drop that traffic and let other traffic through.

    It's interesting to note that in the early days, it wasn't possible to determine geographic location based on IP address. Address blocks were originally assigned rather haphazardly. As the number of networks grew, routers had to store larger and larger routing tables. Eventually this led to a push to reorganize address block allocations in a more hierarchical fashion, which ultimately made geolocation possible.

    • by philgross (23409)
      I was going to add the same comment. The point of a botnet is that the computers, being hijacked consumer/corporate pcs, are from all over the world and indistinguishable from random traffic IPs. If you're getting attacked by an all-China botnet, just cut off a well-defined set of addresses and the threat vanishes.
  • All we have to do is filter them out at our end of the intercontinental cables and the army can't get in here. The same applies to everyone else so a Chinese botnet army only threatens China.
  • Massive botnets have already been infiltrated and subverted. So those computers meant to ban pornography, and maybe anti-government web sites could any day be used to send anti-government propaganda with maybe simple commands... not sure how comfortable are chinese with double-edge swords, but this could be a good example.

    Anyway, i would be more worried about the US government botnet construction kit, a.k.a. microsoft windows, that seems to be putting that power to individuals, groups and foreign government
  • trusting the chinese government at their word is equally foolish. there are no deep nefarious plots and twisty hidden meanings in this piece of censorware most probably. but at the same time, the chinese government is certainly no paragon of virtue that we should trust is motivated by exactly what they say

    not that western nations are any more trustworthy. its just that there is this idiotic notion i often encounter that says "western critics are complaining the chinese have hidden purposes, so since i don't trust western mouthpieces, i'll believe the chinese at their word that they are completely virtuous and innocent in their motivations"

    you know, like iran is enriching uranium for peaceful purposes. "that's what they said, that's what i believe. because i won't be a naive idiot for the west. i choose to be a naive idiot for the west's enemies"

    hey, here's a radical idea: how about you trust no one and be a naive idiot for no one? that is: distrust the west, distrust china, and distrust iran, all at the same time

    thunderclap

  • by John Hasler (414242) on Thursday June 11, 2009 @03:48PM (#28298951) Homepage

    ...would seem to have some serious limitations.

    • by Culture20 (968837)
      Unless the entire botnet is just the initial C&C system for a wider array of international botnets.
  • all chineese botnet? (Score:3, Informative)

    by bizitch (546406) on Thursday June 11, 2009 @04:03PM (#28299215) Homepage

    Assuming that this is true - all the bots would be contained inside China

    If they unleashed the botnet on something outside China

    1) Would it not just crush the internal network(s) inside China?
    2) Would it not just crush the connections to the rest of the world?
    3) Would it not just crush the massive control and filter systems?
    4) Would it not just super easy to identify and quarantine?

    What am I missing here?

  • Can you say DDoS? Obviously the top priority of the military in all other nations of the world should be learning how to hijack that beast.

  • No, they're just creating skynet.

  • by C_Kode (102755) on Thursday June 11, 2009 @04:23PM (#28299531) Journal

    Don't panic, we will be ok! I have Windows Firewall!!!

  • I'll believe this. I don't really believe the Chinese government gives a rat's ass about their youth beyond them being more slave labor in a country that doesn't value the lives of their citizens. I also wouldn't put it past them to make their net-nanny software appear to be uninstallable, but that does leave behind a 'bot for them to control. Cut the cables now and isolate them, it seems to be what they want anyways -- to be isolated.
  • It would do the same amount of damage as the year 2000 bug.

  • just imagine a Folding/SETI@home team they could create with this.
    it would obliterate any other team.

  • So is China the new Russia now? I don't understand the fearmongering.
  • it's useless. China in general is poorly connected to the rest of the world (chokepoints are handy for censorship), and if the botnet is centered in China, then the rest of the world could easily blackhole China. I call bullshit, alarmist rhetoric.

  • by Kineel (315046) on Thursday June 11, 2009 @06:36PM (#28301671)

    This reminds me of the 60's when there were actually people who believed that all of those little Japanese cars were programmed to fall apart when a signal came from Tokyo. We'd be stuck with no transportation and Japan would finally win the war.

    I'm not saying this couldn't be done with computer software today. But obviously paranoia isn't limited by technology.

  • Oblig (Score:4, Funny)

    by Voyager529 (1363959) <voyager529@yah[ ]com ['oo.' in gap]> on Thursday June 11, 2009 @08:20PM (#28302711)

    *sigh* I thought it was the most well known classic blunder not to start a LAN war in Asia!

    *DUCKS*

Nobody said computers were going to be polite.

Working...