A high profile technology firm, Computer Associates (CA), was hacked last week and, though the problem has been corrected, the hackers inserted code to redirect visitors to a Chinese Web site that was serving malicious code to the unsuspecting visitors. A similar attack was carried out on the Miami Dolphins Web site last year and prompted SANS to recommend that network administrators block the domains uc8010.com and ucmal.com, another site associated with similar attacks.
Malware Writers Hack CA’s Site (PC World)
Cyber attacks from China are becoming more and more common and are not limited to civilian victims. South Korean soldiers recently received phishing e-mails that their government claimed were coming from Chinese hackers and, though no military information was suspected to have leaked, the scam definitely targeted the Korean military. China has also been accused of hacking a Pentagon computer system in June, and China has been described as “Computer Crime Central” by StrategyPage.com. These and other accusations have complicated a Chinese firm’s buyout offer of 3Com, as a U.S. Congress subcommittee is looking into the national security implications of the deal.
S. Korea: China hacking soldiers’ e-mail (United Press International)
Austin Bay: Cyber acts of war (San Antonio Express-News)
China link puts 3Com takeover in doubt (The Register)
I have nothing against China or the Chinese, and in fact, my favorite celebrity is Chinese (Yao Ming). However, I was recently involved in a meeting in which a network administrator asked about the possibility of completely blocking the IP address range assigned to China, and the suggestion was not entirely without merit. The explosion of the Internet in China and the apparent slowness (or complicity) of the Chinese government in cracking down on their hackers simply adds fuel to the fire.
This is also not to say that China is alone in generating these concerns. Russian hackers have been accused of severe attacks on Estonia, one of the world’s most connected societies, and the tales of scams from various African countries are well documented on Snopes.com. These issues lead to the question, what can be done to combat the rash of hacking attempts originating from overseas?