Security

What can be done to combat overseas hackers?

A high profile technology firm, Computer Associates (CA), was hacked last week and, though the problem has been corrected, the hackers inserted code to redirect visitors to a Chinese Web site that was serving malicious code to the unsuspecting visitors.

A high profile technology firm, Computer Associates (CA), was hacked last week and, though the problem has been corrected, the hackers inserted code to redirect visitors to a Chinese Web site that was serving malicious code to the unsuspecting visitors. A similar attack was carried out on the Miami Dolphins Web site last year and prompted SANS to recommend that network administrators block the domains uc8010.com and ucmal.com, another site associated with similar attacks.

Malware Writers Hack CA’s Site (PC World)

Cyber attacks from China are becoming more and more common and are not limited to civilian victims. South Korean soldiers recently received phishing e-mails that their government claimed were coming from Chinese hackers and, though no military information was suspected to have leaked, the scam definitely targeted the Korean military. China has also been accused of hacking a Pentagon computer system in June, and China has been described as “Computer Crime Central” by StrategyPage.com. These and other accusations have complicated a Chinese firm’s buyout offer of 3Com, as a U.S. Congress subcommittee is looking into the national security implications of the deal.

S. Korea: China hacking soldiers’ e-mail (United Press International)

Austin Bay: Cyber acts of war (San Antonio Express-News)

China link puts 3Com takeover in doubt (The Register)

I have nothing against China or the Chinese, and in fact, my favorite celebrity is Chinese (Yao Ming). However, I was recently involved in a meeting in which a network administrator asked about the possibility of completely blocking the IP address range assigned to China, and the suggestion was not entirely without merit. The explosion of the Internet in China and the apparent slowness (or complicity) of the Chinese government in cracking down on their hackers simply adds fuel to the fire.

This is also not to say that China is alone in generating these concerns. Russian hackers have been accused of severe attacks on Estonia, one of the world’s most connected societies, and the tales of scams from various African countries are well documented on Snopes.com. These issues lead to the question, what can be done to combat the rash of hacking attempts originating from overseas?

77 comments
seanferd
seanferd

I see that you did post again, but I hope we didn't scare you off after your very first post! Welcome to TR Forums. It is sort of crazy here, sometimes. I see that you joined that same month that I did, in my current incarnation.

TheGooch1
TheGooch1

The overseas hackers are at least visible. However, the underseas hackers that live at depths that most submersible vessels cannot reach are very difficult to track down and apprehend. In addition, there are mobile underseas hackers that travel in International waters by way of nuclear submarine. If threatened by say, a US vessel, they'll relocate to Russian waters, knowing that if the US ship fires on them, it will give the Russians an excuse to fire back and take the USA to task in the United Nations court.

Absolutely
Absolutely

we should be combatting "crackers," not "hackers." Arg.

Jaqui
Jaqui

give the countries one weeks notice, after that, just nuke a city in it every time a hack attempt is made from that country. cost = 1 nuke it would only take one nuke to make them stop it. not one per country, one.

CharlieSpencer
CharlieSpencer

Why restrict the question to "overseas hackers"? How are they any more dangerous than violation attempts that originate within one's own borders?

Photogenic Memory
Photogenic Memory

They hack us; we hack them. The web is a nation without borders. Just because the hardware sits across a border doesn't mean it's inaccessible. The best thing to do is to be vigilante and back up your data. It's all you can do . Besides, you forgetting the hackers we have here?

Tig2
Tig2

That developed a sub-thread on the feasibility of blocking entire countries. A peer here does it for his home network on the theory that he does no business with China and therefore does not need to permit their IP range. The concept is not far-fetched at all. In my opinion, you SHOULD block traffic that is not necessary. I see nothing wrong with deciding that you don't do business with a country so you choose to block their IP range on your own network. Not just China but any country that you have no need to be in contact with. I would go as far as to suggest that this become an element of Best Practice. It may be the only way to combat overseas hacking efforts. Edit- "the" not "to"

Andy Moon
Andy Moon

Aside from the obvious solutions of firewalls, IDS/IPS solutions and user education, what can be done to reduce the impack of the increasing hacking attempts from overseas?

Editor's Picks