Recently, there have been a lot of stories surrounding the Chinese and hackers originating from their intelligence agency. Although I do not want to diminish the findings of a particular technology company that disclosed some of their own investigations, I do believe it is necessary to draw some attention towards locations of the globe where many of the attacks actually originate to be fair. It is fairly well known by most security professionals that the best hackers on the planet often originate from Russia, however it is more newsworthy to talk about a country such as China whom we trust with many of our manufacturing facilities and research and development activities and have greater resources at their disposal if they intended to inflict harm.
There certainly political motivations for talking about China and I think it’s fair to say they are certainly many participants in the global stage of cyber security and intelligence gathering. In fact, the United Stateshas a long history with its intelligence agencies for performing signals intelligence (SIGINT). I would like to point out that as far as sophistication goes, the United States is unmatched with its intelligence gathering capabilities and extends this capability across the globe with an extensive array of spy satellites and listening stations with strong support of several other countries. It does not strike me as odd or newsworthy that governments across the planet attempt to track each other’s military capabilities and monitor situations through signal intelligence and other intelligence gathering capabilities. These activities are a necessary function to enable transparency across borders between governments and be ready if another country is planning some sort of attack. I do think however it is important to mention that I believe that all countries should uphold strong intellectual property rules in order to maintain fair competition which creates a dynamic that encourages new developments and technologies and enables fair competition across the globe.
Now lets turn to some of the data often known “behind the scenes” that many security practitioners know and consistently defend against. Deutsche Telecom publishes a real-time dashboard of hacking attacks detected by its global network of attack sensors known as a “honey net”. As many practitioners know, a “honey net” the reference to honey is an analogy to how one might attract a bear in the woods, the bear being the hacker in the case of a “honey net”. For some fun, I used some statistics from the Deutsche Telecom dashboard located at http://www.sicherheitstacho.eu/ to provide data points for some basic analysis. At the time of this writing, the total number of attacks detected over the last month globally were 30,144,538 when tallying the “Top 5 of Attack Types (Last month)” table. They also publish a table called “Top 15 of Source Countries (Last month)” with detected attack values which I found interesting but I wanted to extract percentages so I used those values and threw them into excel to calculate percentage values by top 15 countries and the following is my output.
Attacks by percentage of total global attack detections.
|Taiwan, Province of China||907,102||3.01%|
As you can see with this quick analysis, roughly 24.61% of total detected attacks were from the top 15 attacking countries and roughly 8% of all attacks came from the Russian Federation and only half a percent came from China. So the question is, who will you pay most attention to?