Chinese Hackers Targeting NYPD Computers 212
Mike writes "A network of hackers, most based in China, have been making up to 70,000 attempts a day to break into the NYPD's computer system, the city's Commissioner, Raymond Kelly, revealed Wednesday. Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking 'in much the way the Pentagon has been.' The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files. China's foreign ministry spokesman Qin Gang denied involvement in computer espionage. 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies,' he said last month. The obvious question is, why are the Chinese so interested in the NYPD computer network?"
Foreign Ministry Spokesman (Score:5, Insightful)
Hey, I'm sure he's lying too...
They're not... (Score:5, Insightful)
The obvious question is, why are the Chinese so interested in the NYPD computer network?
They're not. The bot herder is probably in New York, and controlling the bots by tunneling so it looks like he/she is in China.
Haven't you seen the movie Hackers?
Obvious questoin (Score:5, Insightful)
The obvious question is, why are the Chinese so interested in the NYPD computer network?
No, the obvious question is why are the NYPD's computer people so dumb that they're reporting the generic, worm-generated port, web and ssh scans that everybody sees from China and everywhere else as an out-of-the-ordinary hacking attempt?
Yeah that seems REAL LIKELY (Score:5, Insightful)
Right people in China are attacking the NYPD computer systems.
That seems way more likely than people in NY using proxies in china.
Shows how vulnerable computer systems are (Score:3, Insightful)
Time to actually use the US "hackers" to teach important US computer users something about security, and demand more of it from the manufacturers.
Or start using OpenVMS for all important stuff. That OS is nice:)
WTF??? (Score:4, Insightful)
"The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files."
So, can someone explain why NY's finest have "various unsecured portals" which give access to their files?
Please tell me it's just sloppy editing, (again)...
I thought that everybody serious these days, (CIA, FBI...) had at least two internet portals - a 'public face' for external users and wannabee hackers and a private one protected by *very* state of the art stuff. Of course, most of the real stuff would be on secure intranet.
OK, OK, just me being naÃve again...
Like the Chineese can handle the truth!! (Score:3, Insightful)
"Qin Gang denied involvement in computer espionage."
. And the Chinese gymnasts in diapers are still 16.
the NYPD ain't special (Score:5, Insightful)
Any company with ssh or, really, any common password-protection scheme exposed to the net is going to see thousands of brute-force attempts per day. The majority of the botnet may be in China or Eastern Europe, but that does not indicate that the actual hackers are either Chinese or Russian. It just means those countries have crap IT security overall.
There is nothing special to see here. The NYPD is inflating its importance, probably for more funding.
Just drop China (Score:3, Insightful)
If I were the IT Director for the NYPD I would be hard pressed not to just drop all traffic from China. Or for that matter half a dozen other popular sources of malicious activity. If you really must have the website for the NYPD open to these other countries then put it on a standalone network segregated from anything important. I mean duh...
System tracing (Score:4, Insightful)
Serious question. How concrete are the info on these cyber warfare news? It seems almost always Chinese or Russian being reported as the perps, followed by posts claiming we* do the same to them, etc. With botnet and other multiple indirections involved, how credible are the tracing info?
* "We" as in the most baddest, most awesomest country in the world. I won't insult your intelligence with further elaboration.
Mafia? (Score:2, Insightful)
Re:Obvious questoin (Score:4, Insightful)
This was my first thought too.
Seriously, if I look at the logs for a couple of servers I can see hundreds of brute force ssh attempts a day. Add to that a scan of the apache logs to see all the attempts there and I could get close to a thousand attempts on a bad day on a single server.
Now you can possibly ignore the SSH attempts by only having public key logins, and ignore anything in the apache log that relates to IIS, or other web apps you're not actually running.
If, however, you're looking for a budget increase, it sure sounds good to say you thwart thousands of hacking attempts per day.
It's a bit like the old days when web page popularity was measured in 'hits' and therefore the site with the most 1 pixel transparent gifs was the de facto winner.
Re:I just block most countries (Score:3, Insightful)
I imagine they do or could use mostly use zombie PC's within *this* country.
wouldn't be nice if... (Score:1, Insightful)
there was a way to monetize the incoming traffic from zombies and autoprobes?
lol
I don't know that I'd block based on country (Score:5, Insightful)
Just based on ISP. Some ISPs are just massive trouble spots. They don't care what their users do and don't respond to complaints. Now, that will mean blocking some countries, like China, since their state ISP is a problem spot.
I really think that we need to start just shutting off people who won't play nice on the Internet. I'm not talking demanding perfection, but there are massive differences in ISPs. I work for an ISP, effectively, working for a large university. When we receive a complaint about a computer doing bad shit, the appropriate person gets notified and if the problem isn't cleared up, the connection is shut down. We also take some proactive steps to watch the network and see if someone is doing something bad. That's all I'm asking for is ISPs that will respond when they get contacted by someone saying "Hey you've got a system doing bad shit."
However many providers don't. You contact them and they ignore you, or lie. The Chinese ISP is one of the liars. They say "That IP isn't ours," even though APNIC shows it is, to any complaint.
So we need to just start blocking these people. If enough sites/networks do that, well then maybe they'll start playing well with others.
Re:Obvious questoin (Score:4, Insightful)
Because they can get Homeland Security funding to protect them from the Red Terrorist Menace?
Really, if you have a server on them big tubes and you're not getting 70,000 login failures a day, you need to improve your page rankings.
Re:Why? (Score:5, Insightful)
Re:System tracing (Score:3, Insightful)
The attribution in these articles is like saying because someone made a threatening call to you from a payphone in chicago that the city of chicago was threatening you specifically. It COULD be, but it could also be someone who lives there but is just a guy with no affiliation with the city. It could also be someone who doesn't live there but is passing through. They could also be rerouting the call. And whichever of those actors it might be may be targeting you specifically, or they could just be randomly dialing numbers.
It's dumb FUD spreading.
Re:Obvious questoin (Score:3, Insightful)
There is no reason that a NYPD network should even open a socket for a connection originating in Asia.
A Japanese traveler about to visit New York on business decides to check the crime stats at http://www.nyc.gov/html/nypd/html/crime_prevention/crime_statistics.shtml [nyc.gov] to get a perspective on what to watch out for with respect to crime in New York.
A US soldier stationed in Korea is about to end his tour of duty and wants to check out the job openings at http://www.nyc.gov/html/nypd/html/careers/careers.shtml [nyc.gov]
Re:Track an IP? (Score:5, Insightful)
Re:Track an IP? (Score:1, Insightful)
Re:International area? (Score:3, Insightful)
Re:Track an IP? (Score:3, Insightful)
No shit.... I cringe every time I see one of these stories. Not only are they stupid, but whoever is giving the statements shouldn't be doing computer forensics. My humble opinion, since I don't work for any of the places reporting this crap, is that they overheard an IT guy saying "Someone in China is trying to get in. That IP belongs to a provider [insert city in China]". I've actually made that mistake. Saying it, not believe it, that is. I see a brute force attempt, and someone asks, "who does that IP belong to?" "oh, it resolves to some place in China." Suddenly it's the Chinese attacking. A 5 second conversation usually takes 30+ minutes to explain, even though it took less than 10 seconds to set a firewall rule against their block by hand.
I see these "oh my gosh, the Chinese are attacking" attacks every day. Well, not just China. They come from all over the freakin' world. But hey, China is the evil Communist nation bent on destroying the American economy by providing substandard underpriced merchandise. Oh ya, and they have nukes to kill us off when they're done.
It's "the reds are coming" cold war US vs Soviets game all over again, except this time we have IP's, and we can even see where the block is.
You know, from my own logs, the Americans are coming too. As are ... well ... just about every country that has a freakin' netblock. But with the population of China, they come in just above the United States, mostly because Americans will eventually take their POS computer to the store and ask why it's going so slow. Or more like they'll buy a second one and a hub, so they can have both online and transfer things from one to the other over the next year or two, and never consider that the "old" one is doing malicious things.
The biggest ones I notice are brute force attempts against SSH (one of the few services I leave public). Next would be SQL injection attempts via HTTP. whoowhoo, it's obviously a foreign government conspiracy. If they can just crack my little web server, they'll have the secrets to .... well .... not too damned much. Anything interesting is already up on my sites. :)