Hacking in America has really gained a lot of attention this year already. February alone seems to be the month of hacking. There was an interesting article posted on Yahoo today though (http://finance.yahoo.com/news/china-says-u-routinely-hacks-130252420.html), basically saying that China is trying to play victim in their mind games.
I had a discussion with a friend earlier today on it, and here’s one thing that, as an outsider, I don’t understand: if China’s “Great Firewall” exists, why is it allowing all of these hacking attempts in to them to begin with? Lets think about this for a moment.
Logically, most hacking attempts on the government, based on the article, is going to be with inbound traffic. Now there’s two scenarios that can be played out on this: 1) USA proxies attacks through other countries (possibly allies) and 2) USA doesn’t care and attacks them with little/no proxying.
We’ll make this a bit more difficult and go with #1, and for sake of ease we’ll assume USA uses Tor. There is still no real way that the attacks should be allowed through. Mind you, I’m thinking about this in similar manner to having a firewall on my home network and Billie Joe down the street is trying to hack. Proper configuration eliminates roughly 90-95% of the risks out there. One can then deduce that China’s firewall is not properly configured.
Throw in the possibility that a 0-day attack is used. Most well known software seems to be developed in America (Apache, IIS, mongoDB, MySQL, PostgreSQL, etc…) This would give America an advantage in that regard. This would mean that the risk now lies on the server where the software’s installed. Again, proper configuration eliminates a large chunk of attacks. It is then possible to come to a logical conclusion that China either knowingly or unknowingly is leaving holes in their network.
They’re basically baiting other people to hack into them.
Next article, we’ll focus on the outbound traffic and see if we can come to any other conclusions.