Chinese Hackers Targeting NYPD Computers 212
Mike writes "A network of hackers, most based in China, have been making up to 70,000 attempts a day to break into the NYPD's computer system, the city's Commissioner, Raymond Kelly, revealed Wednesday. Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking 'in much the way the Pentagon has been.' The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files. China's foreign ministry spokesman Qin Gang denied involvement in computer espionage. 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies,' he said last month. The obvious question is, why are the Chinese so interested in the NYPD computer network?"
Track an IP? (Score:5, Funny)
Re:Track an IP? (Score:5, Funny)
Re: (Score:2)
Re: (Score:2, Funny)
Someone should create a GUI interface using Visual-Basic
Get with the times, man. Haven't you seen CSI? They make 'em with Flash now.
Re: (Score:3, Informative)
Re: (Score:2, Interesting)
Qin Gang denied involvement in computer espionage. 'Some people outside of China are bent on fabricating lies of so-called Chinese computer spies,'
"So-called Chinese computer spies"? Let's just shut off the routers involved and see exactly which country complains.
It probably won't be China doing the complaining, because China will be cut off from the net about that time.
Re: (Score:2)
This probably will eventually happen.
"Sorry, until you clean up and police your own users' bad behavior, we cannot allow them access to (country/region)"
Make the "Great Firewall" a reality and see how fast they comply.
Re:Track an IP? (Score:5, Insightful)
Re: (Score:3, Insightful)
No shit.... I cringe every time I see one of these stories. Not only are they stupid, but whoever is giving the statements shouldn't be doing computer forensics. My humble opinion, since I don't work for any of the places reporting this crap, is that they overheard an IT guy saying "Someone in China is trying to get in. That IP belongs to a provider [insert city in China]". I've actually made that mistake. Saying it, not believe it, that is. I see a brute force attempt, and someone as
Re: (Score:3, Interesting)
Well it is more than Botnets.
http://www.redorbit.com/news/technology/1661861/cyberspies_hack_computers_in_103_countries/ [redorbit.com]
Some respected ppl in Canada have seen things
that make it appears its not as minor as one
might think.
To make matters worse counterfeit chips were
made to put into Cisco gear and used to
penetrate the pentagon among other places.
http://it.slashdot.org/article.pl?sid=06/10/24/1819200 [slashdot.org]
So any one piece looks mildly nefarious, but
when you dig deeper than what I have here
you start to see a pattern
Re: (Score:2)
most of the bots in a botnet are compromised computers in the US. So we should isolate the US from the rest of the world until they can manage to secure their own systems. And until US companies and reduce the number of insecure OS releases they produce.
Re: (Score:2)
This just makes me want to cry.
user@mybox~$ nslookup
So here's my real world example from just now. They were actually caught and automagically blocked for spamming, so I don't mind posting their info.
user@mybox~$ nslookup 212.80.95.26
Server: x.x.x.x
Address: x.x.x.x#53
** server can't find 26.95.80.212.in-addr.arpa.: NXDOMAIN
user@mybox~
Why so interested? (Score:3, Funny)
Re: (Score:2)
Why? (Score:4, Interesting)
Who trusts IPs, though?
Re: (Score:2)
I don't know if there's anything specific to China, but NYPD has been doing some international "outreach". For example, as per the article below, I think Mumbai is outside of their jurisdiction...
http://www.newsweek.com/id/182526 [newsweek.com]
Re: (Score:2)
Why? (Score:4, Interesting)
Re:Why? (Score:5, Insightful)
Re:Why? (Score:4, Funny)
They are trying to "fix" their parking tickets that their ambassadors have received at the UN.
Re: (Score:2, Interesting)
Pentagon needs an enemy. Now it's chinamen coming through cyberspace. And we get thousands upon thousands of news items like this. All blaming random port scans on chinese with no proof or basis in reality to lay it on them than anybody else.
More likely it's Pentagon or CIA goons themselves trying to get a defence budget raise through chinese zombie machines they've captured with the help of Microsoft Windows and Cisco.
Re: (Score:2)
Foreign Ministry Spokesman (Score:5, Insightful)
Hey, I'm sure he's lying too...
Re: (Score:2)
> They took master lessons from the last US President's administration.
That's odd. I thought they were fairly good at it.
Re: (Score:2)
You're right. Bush's administration had such a soft target in the senate and house at that time, that the tremendous success they enjoyed can't be counted as them being good at it.
Re: (Score:2)
Chinese organized crime? (Score:2)
Re: (Score:2, Interesting)
Human trafficking? Drugs? Two obvious ones off the top of my head.
Exactly. This isn't necessarily the Chinese government, but perhaps some criminal enterprise that has an ajenda with the NYPD. We know the Great Firewall of China is relatively effective of keeping unwholsome content out of China, but what about the reverse? It is not so inconcevable that there are a bunch of pirated Win2k machines in internet cafes around the country that are members of some huge botnet.
Re: (Score:2)
Or even an agenda ?
It's not that I'm a grammar nazi as such, but come on ... you usually learn to stop spelling things as they are pronounced when you are six-and-a-half.
They're not... (Score:5, Insightful)
The obvious question is, why are the Chinese so interested in the NYPD computer network?
They're not. The bot herder is probably in New York, and controlling the bots by tunneling so it looks like he/she is in China.
Haven't you seen the movie Hackers?
Re:They're not... (Score:5, Funny)
It's actually the Chinese pretending to be a New Yorker pretending to be the Chinese business mafia.
It all comes down to logic. Are they the kind of criminals that would initiate the attacks from someone else's IP address block, or have they deduced that we would see through the ruse and would therefore host the attacks from their own IP address block?
It appears we have made one of the classic blunders, which is never get involved in a technical war in asia.
My guess is it's probably someone looking for inside information on investigations of financial companies in New York. That's where there are hundreds of millions to be made.
the real reason why there were so many (Score:5, Funny)
is that once they hacked the computer systems, an hour later they needed to hack it again!
Re: (Score:2)
The trick is to bulk up on prawn crackers and fried rice, so there's no way you can finish the beef in oyster sauce in one sitting.
Actually, you know the irony ? ... I moved from UK to Asia about 12 years ago, and the Chinese food STILL tastes better when served in silver foil containers at 3am in Manchester.
God I miss pineapple rings in batter with golden syrup ... you simply can't get it here :-(
I just block most countries (Score:5, Informative)
They should do what I, and others do. Just block all traffic from certain countries.
With most of my sites, I'm not interested in international traffic and all I get is spammers and content scrapers. I cam across this tip on blocking spammers and scrapers using IPFilter on Solaris [howtonotma...online.com] and just update my ipf.conf file from time to time if I notice anything strange coming in, which I check from time to time. I also grab lists of ip ranges to add as well.
While it bothers me a bit to limit access to sites in principle, I really don't get any benefit from international traffic that outweighs the nuisance of the few that ruin it for everyone else.
Re: (Score:3, Insightful)
I imagine they do or could use mostly use zombie PC's within *this* country.
Re: (Score:2)
From the article
Sources said Internet Protocol addresses of computers attempting to breach the NYPD's files have been tracked to China, the Netherlands and the Ukraine.
what about that other trapped in a computer movie? (Score:2, Informative)
The Thirteenth Floor.
Here's an experiment Hollywood does every year:
make the same movie twice, then see which version the public loves.
It came out at the same time as the Matrix, but was a lot more interesting, but with fewer really awesome fights.
Re:what about that other trapped in a computer mov (Score:2)
make the same movie twice,
Put a superstar and other known actors in one, and a bunch of guys people would say "hey isn't that the guy from that thing?" in the other
then see which version the public loves.
Re: (Score:2)
I don't know that I'd block based on country (Score:5, Insightful)
Just based on ISP. Some ISPs are just massive trouble spots. They don't care what their users do and don't respond to complaints. Now, that will mean blocking some countries, like China, since their state ISP is a problem spot.
I really think that we need to start just shutting off people who won't play nice on the Internet. I'm not talking demanding perfection, but there are massive differences in ISPs. I work for an ISP, effectively, working for a large university. When we receive a complaint about a computer doing bad shit, the appropriate person gets notified and if the problem isn't cleared up, the connection is shut down. We also take some proactive steps to watch the network and see if someone is doing something bad. That's all I'm asking for is ISPs that will respond when they get contacted by someone saying "Hey you've got a system doing bad shit."
However many providers don't. You contact them and they ignore you, or lie. The Chinese ISP is one of the liars. They say "That IP isn't ours," even though APNIC shows it is, to any complaint.
So we need to just start blocking these people. If enough sites/networks do that, well then maybe they'll start playing well with others.
Re: (Score:2)
I was getting bad activity from a server with ServerBeach. I used their abuse email to send them my logs of the activity and they were very responsive and took the server offline. They kept me informed, without giving me personal information about who was running the server. Others seem to have had similar experieces with them.
Other places, like ThePlanet, I don't even bother reporting stuff anymore. Nothing happens. I just check ARIN to see if they added any more ip address blocks that I might need to bloc
Re: (Score:2)
>I'm not interested in international traffic and all I get is spammers and content scrapers.
Why do I get an urge to do a facepalm? As an American expat who has lived in both Europe and Asia, I have nothing good to say about my experiences with geolocation.
Obvious questoin (Score:5, Insightful)
The obvious question is, why are the Chinese so interested in the NYPD computer network?
No, the obvious question is why are the NYPD's computer people so dumb that they're reporting the generic, worm-generated port, web and ssh scans that everybody sees from China and everywhere else as an out-of-the-ordinary hacking attempt?
Re: (Score:2)
Re:Obvious questoin (Score:4, Insightful)
This was my first thought too.
Seriously, if I look at the logs for a couple of servers I can see hundreds of brute force ssh attempts a day. Add to that a scan of the apache logs to see all the attempts there and I could get close to a thousand attempts on a bad day on a single server.
Now you can possibly ignore the SSH attempts by only having public key logins, and ignore anything in the apache log that relates to IIS, or other web apps you're not actually running.
If, however, you're looking for a budget increase, it sure sounds good to say you thwart thousands of hacking attempts per day.
It's a bit like the old days when web page popularity was measured in 'hits' and therefore the site with the most 1 pixel transparent gifs was the de facto winner.
Re:Obvious questoin (Score:4, Insightful)
Because they can get Homeland Security funding to protect them from the Red Terrorist Menace?
Really, if you have a server on them big tubes and you're not getting 70,000 login failures a day, you need to improve your page rankings.
Re: (Score:2)
Really, if you have a server on them big tubes and you're not getting 70,000 login failures a day, you need to improve your page rankings.
Really, if you have a server on them "big tubes" and leave ssh open to the world, you need to keep your day job.
Re: (Score:3, Insightful)
There is no reason that a NYPD network should even open a socket for a connection originating in Asia.
A Japanese traveler about to visit New York on business decides to check the crime stats at http://www.nyc.gov/html/nypd/html/crime_prevention/crime_statistics.shtml [nyc.gov] to get a perspective on what to watch out for with respect to crime in New York.
A US soldier stationed in Korea is about to end his tour of duty and wants to check out the job openings at http://www.nyc.gov/html/nypd/html/careers/careers.shtml [nyc.gov]
Re: (Score:2)
A gangster who fled to the Philippines wants to check if he made the NYPD's Most Wanted List: http://a056-crimestoppers.nyc.gov/crimestoppers/public/publicMWGallery.cfm [nyc.gov]
Re: (Score:2)
Oh, we have our ways. In the end, most of you will be happy telling us your passwords. the rest of you will be your little parts we cut, burnt, and ripped off to "encourage" you to talk.
But don't worry, we've started using waterboarding to clean your wounds. Don't mind the fact that it's salt water. Or was that sulfuric acid? Oh, I can never remember, I disavow any knowledge of what the screams are in the next room.
Yeah that seems REAL LIKELY (Score:5, Insightful)
Right people in China are attacking the NYPD computer systems.
That seems way more likely than people in NY using proxies in china.
Re: (Score:2)
Shows how vulnerable computer systems are (Score:3, Insightful)
Time to actually use the US "hackers" to teach important US computer users something about security, and demand more of it from the manufacturers.
Or start using OpenVMS for all important stuff. That OS is nice:)
Re: (Score:2)
Or buy a normal machine and run SIMH
http://simh.trailing-edge.com/ [trailing-edge.com]
on it.
Re: (Score:2)
Great idea! Cheap hardware, too - just go to your local junkyard and grab a VAX sold 10 years ago for scrap :P
You can't have it! Mine, or I will help you not.
I love DCL, but you know what I miss the most? That KESU architecture. Kernel, Exec, Super, User. The fact that Dave Cutler (architect of VMS and WNT) didn't have the hardware to back that when he developed NT for the Intel processor is, I believe, the ultimate source of the endless Windows server security grief.
WNT:='F$ROT1("VMS") (yes, I know it's a bogus lexical on your system...=)
The Secret Stash! (Score:5, Funny)
The Chinese are trying to find out where the best and tastiest donuts in the NYC area are located.
Unfortunately for them, I happen to know the information they seek is loaded on an air gapped mainframe in the heart of Police HQ which is guarded by automatic defense systems and can only be accessed by the Chief of Police and Rudy Guiliani.
Yeah, they forgot to update who the mayor is... this is the police here, not the NSA, okay?
Re: (Score:2)
You really have an outdated, stereotypical view of the NYPD.
They are very helpful and compassionate and willing to share with the community.
Go up to any officer and just ask. "I'm jonesing for some fresh donuts, I hear you guys know all the best spots all over the city."
He (or she) will probably be kind enough to invite you to the station house to share some of their private stash.
Re: (Score:2)
You really have an outdated, stereotypical view of the NYPD.
I can't speak for the GP, but I have been waiting forever for the next Duke Nukem game... oh, wait, they were the LAPD. Nevermind.
WTF??? (Score:4, Insightful)
"The hackers are apparently using a botnet to make up to 5,000 attempts a day at various unsecured portals into the NYPD's files."
So, can someone explain why NY's finest have "various unsecured portals" which give access to their files?
Please tell me it's just sloppy editing, (again)...
I thought that everybody serious these days, (CIA, FBI...) had at least two internet portals - a 'public face' for external users and wannabee hackers and a private one protected by *very* state of the art stuff. Of course, most of the real stuff would be on secure intranet.
OK, OK, just me being naÃve again...
Like the Chineese can handle the truth!! (Score:3, Insightful)
"Qin Gang denied involvement in computer espionage."
. And the Chinese gymnasts in diapers are still 16.
It's the Triads! (Score:5, Funny)
It will take an epic alliance of Tony Stark and Peter Parker to put aside their past differences, fighting over the woman they both loved, and both lost, to put a stop to this criminal masterplot to end the world as we know it.
Starring: Jackie Chan as the Mandarin
Zac Efron as Peter Parker
and Robert Downey Jr. returns as Tony Stark.
Re: (Score:2)
Revised cast list:
The Mandarin: Chow Yun-Fat
Peter Parker: Jake Gyllenhaal
Mary Jane (option 1): Maggie Gyllenhaal (for some Luke-Leia weirdness)
Mary Jane (option 2): the cross-dressed resurrected corpse of Heath Ledger for some Brokeback Mandarin action
Tony Stark: Robert Downey Jr, but in his most drug-addled condition.
Jim Rhodes: Jackie Chan in blackface
Only then would we g
Re: (Score:2)
Nah, gotta be Jet Li ... even his smile is sinister as fuck !
Re: (Score:2)
Re: (Score:2)
the important thing is fitting inside lucy liu somehow
There, fixed that for you !
That's so cute! (Score:5, Interesting)
Awwww. The NYPD thinks they're special. :rolleyes:
I must be special, too, because I log tons of probes. Hundreds, sometimes thousands a day.
Re:That's so cute! (Score:4, Informative)
I must be special, too, because I log tons of probes. Hundreds, sometimes thousands a day.
That was my first thought, too. I got so sick of looking at the log entries for my faux SSH daemon (on port 22) that I quit logging it. Sure, it's fun for a while, 'till you realize that you aren't frustrating anybody, just occupying 0.02% of cpu time on a hacked bot.
Hundreds/thousands of "hack attempts" per day when you include obvious overrun attempts (8k of "xxxxx" in the apache logs) attempts at accessing Windows sharing (connections to ports 137-139) dictionary hacks on port 22, (none of my stuff allows passwords anyway, and don't work on port 22) and so on.
Yawn. Welcome to the wild, wooly Intarnets!
Mod Parent Informative (Score:2)
Parent is 100% right. This is a non-story.
Anyone who goes to the trouble of checking their logs for nearly all Internet-facing services would be very, very familiar with this.
Re: (Score:2)
Ya no shit. The number of scan bots out there is staggering, and they are very tenacious. They don't seem to have checks to say "This system isn't vulnerable, leave it alone."
For example I host some servers on my home connection, since I have a nice business class line. One of my friends had a server there that had a broken mail server. Basically he'd been messing with some mail filtering tool, don't remember what, and decided to stop playing with it. The end result was port 25 was open, but wouldn't do any
the NYPD ain't special (Score:5, Insightful)
Any company with ssh or, really, any common password-protection scheme exposed to the net is going to see thousands of brute-force attempts per day. The majority of the botnet may be in China or Eastern Europe, but that does not indicate that the actual hackers are either Chinese or Russian. It just means those countries have crap IT security overall.
There is nothing special to see here. The NYPD is inflating its importance, probably for more funding.
Re: (Score:2)
I have no doubt that's part of it. If I made $0.75/hr I could not afford a retail copy of Vista, so I would pirate. But I wouldn't visit their update site, cause their "genuine advantage" crap might lock me out of my system. Result: tons of unpatched systems in the third world.
Microsoft feeds the botnet operators with their policies.
Just drop China (Score:3, Insightful)
If I were the IT Director for the NYPD I would be hard pressed not to just drop all traffic from China. Or for that matter half a dozen other popular sources of malicious activity. If you really must have the website for the NYPD open to these other countries then put it on a standalone network segregated from anything important. I mean duh...
System tracing (Score:4, Insightful)
Serious question. How concrete are the info on these cyber warfare news? It seems almost always Chinese or Russian being reported as the perps, followed by posts claiming we* do the same to them, etc. With botnet and other multiple indirections involved, how credible are the tracing info?
* "We" as in the most baddest, most awesomest country in the world. I won't insult your intelligence with further elaboration.
Re: (Score:3, Insightful)
The attribution in these articles is like saying because someone made a threatening call to you from a payphone in chicago that the city of chicago was threatening you specifically. It COULD be, but it could also be someone who lives there but is just a guy with no affiliation with the city. It could also be someone who doesn't liv
Re: (Score:2)
brute force attempts *yawn* (Score:2)
I've gotten a hell of a lot more than that in a single day. Coming from a botnet, so rate limiting by IP didn't work. They tried about 5 times per common english name as a login in mostly alphabetical order, hitting machines that had SSH open to the world.
It used to happen every couple of weeks, with thousands of attempts per machine. They'd probably still be trying if the security folks hadn't decided to outlaw us being so promiscuous.
Mafia? (Score:2, Insightful)
Re: (Score:2)
Has anyone else gotten this error? (Score:3)
To me, the summary looks like this:
"A network of hackers, most based in China, a href="http://www.nydailynews.com/news/2009/04/22/2009-04-22_international_hackers_lauching
I really, really, really Wondered, how this went trough all of the firehose, the Slashdot "editors" and everything... Maybe all people at /., are already dead and replaced by very small shell scripts. And the comment submitters are programs too... ...because, that would explain A LOT!
(Oh, and the preview is broken too. The layout has huge free space in them, and the line breaks are missing.)
Re: (Score:2)
I really, really, really Wondered, how this went trough all of the firehose, the Slashdot "editors" and everything...
Yes, the firehose is quite a trough. I personally just figured that the hackers tried to take the story down, but only managed to fuck up the summary. YOU CAN'T STOP SLASHDOT, BABY. Let's show them who's boss, and slashdot China.
But anyway, you put "editors" in "quotation marks" so "obviously" you "get it".
Looks like they got /. (Score:2)
Marketing Opportunity (Score:2)
>have been making up to 70,000 attempts a day
Myself, I set up a targeted marketing campaign and feed them 70,000 ads a day.
Really? (Score:2)
I track probes coming into my home router. I usually see hundreds of probes per day with IP addresses in China banging on the usual ports (7212, 9090, 1026, 1027) as well as the ports do jour (55657). Some of these Chinese IP addresses I've been seeing for a year or more. Go to a site like http:..isc.sans.org/ [http] and look at the stats for the 221.208.x.x block. 221.192.x.x seems to be popular these days as well.
Depe
The Great Firewall of China (Score:2)
International area? (Score:3, Interesting)
Kelly suggested that 'perhaps it is because of the NYPD's reach into the international arena' that they are being targeted for computer hacking
WTF is the NYPD reaching into the international arena? That's not their job. They shouldn't be doing anything outside of NY.
Re: (Score:3, Insightful)
fixing traffic tickets for their UN diplomats (Score:2)
that's what the Chinese are up to, ya sure ya betcha then. Sven.
doesn't NYPD patrol the docks? sounds like China wants their lead and mercury exports to look like baby toys and prime beef.
The Nigerians are looking for the gold (Score:2)
They read about it on the Interwebs [911review.com], and co-opted their spam partners [net-security.org] to do the dirty work.
Really. Scouts honor.
Quick! Call Jack Bauer! (Score:2)
OK, let's address this calmly. Who has to be tortured to make things right here?
TOR ? (Score:2)
The other day I saw a comment in an article that said most TOR exit nodes seem to come out in China. Now we see "most hack attempts come from China" ... well duh ...
Any unsecure proxy is going to get spidered in 24 hours, and then it'll be the source of all attacks until such time as the server admin realises and shuts it down.
IP addresses are a useless guide to *who* is actually using the connection, regardless of the country it is located in.
New Slogon for Department of Defense (Score:2)
Closed Gates, Open Windows!
You know it's bad when its secretary has a name "Gates"...
So do I (Score:2)
The NYPD might do something about it. (Score:2)
The NYPD might be able to do something about this. They have a sizable anti-terrorism operation, over a thousand people. David Cohen, the NYPD's Deputy Commissioner for Intelligence, used to head Clandestine Services at the CIA. Sooner or later, many of the world's conflicts spill over into New York City, and the NYPD has to deal with it. So the NYPD has more capability to deal with external threats than most departments. They're also bigger than the FBI.
The NYPD is well-connected with infrastructure
Kind of a misleading statistic (Score:2)
I have a bone to pick with the phrasing of this and other articles like it.
When people first read it, they go ZOMFG 70000 WTF, which is clearly the article's intent. However, it's not like there are 70,000 Chinese people sitting in a room all trying to hack the gibson or whatever. I'd bet this is the work of maybe 10 people at the very most. Another thing to keep in mind is that a login 'attempt' is not really a very big deal in of itself. It's much more accurate to say there is one attempt to hack into the
Re: (Score:2)
Duh! It's a botnet. Nobody is saying there are 70K Chinese people doing this.
And YES, every login attempt is serious. Especially if they are using methodical attacks. It's not like they are trying to login as c00ldude 70K times. They are trying 70K possibilities, which eventually might find a match.
I feel the pain (Score:2)
We have spent the last 2 weeks fending off Chinese hackers. They started with a legit login, extracting valuable data from our subscription-only site. Once we locked that down, the attacks started with methodical login attempts. We've blocked IPs, but they have jumped around, apparently using a botnet.
Thanks to the prevalence of stolen Microsoft operating systems in China, unpatched copies of windows abound, leaving them open to botnet slavery.
Crash Override called... (Score:2)
Nationality an issue here? (Score:2)
I fail to see why it's relevant to suggest that the hackers in question were mostly Chinese. It's not like there is any proof they were put up to it by the Chinese government, so it seems to matter little - if anything - whether they're based in China, Russia, the Netherlands (where I happen to live) or the US even.
This is just politics and Slashdot merrily joins the choir that sings the anti-Chinese song. Excellent journalism, as usual.
The only issue here is that China seems to be doing little to fight thi
It's not a fear thing... (Score:2)
You can mod this down. But its not a fear thing, its an awe thing. I mean seriously, look at how much more the USA can do than a European nation, and that is how much more the Chinese should be able to do. It's just an awesome thing.
Re: (Score:3)
KAK ALL?
What exactly are you trying to spell? I don't understand.
Oh... you're trying to make a reference that corporate America is like the Soviet Union. Which makes absolutely no sense. If you're going to use the Russki "K" reference, at least make sure that it's in reference to some kind of fascism, otherwise it's just plain out of context.
Geez.
Let me give you a hint: if you want to troll, at least be a *good* troll. You know, a