nanog mailing list archives

Re: NYT covers China cyberthreat


From: "calin.chiorean" <calin.chiorean () secdisk net>
Date: Thu, 21 Feb 2013 09:28:32 +0100


::This all seems to be noobie stuff. There's nothing technically cool 
::to see here

You mean the report or the activity?

You seem "upset" that they are using M$ only(target and source). They steal data!!! From whom to steal? From a guru 
that spend minimum 8 hours a day in from of *nix? 
Why to put so much effort to steal information from that guy, when there are thousands of people out there with 
vulnerable and easy to break M$.

They aren't looking to do something cool, but just a regular, plain old thief stuff.  Targeting M$ users if easy, 
involve less resources and it's "business" profitable. You need to look at this action from business perspective.

IMO, why to spend hours to break something (like *nix systems) that you don't even know if it contains valuable 
information. This is more like sniffing around to find something useful and not targeting exact system.

Somebody here mentioned that this unit is not their top unit. I'm sure that it's not. Maybe it was meant to be found. 

Cheers,
Calin


---- On Thu, 21 Feb 2013 01:29:48 +0100 Scott Weeks  wrote ---- 



--- Valdis.Kletnieks () vt edu wrote: 
The scary part is that so many things got hacked by a bunch of people 
who made the totally noob mistake of launching all their attacks from 
the same place.... 
------------------------------------------------ 


This all seems to be noobie stuff. There's nothing technically cool 
to see here. All they do is spear phishing and, once the link is 
clicked, put in a backdoor that uses commonly available tools. As 
I suspected earlier it's M$ against M$ only. 

The downside is nontechnical folks in positions of power often have 
sensitive data on their computers, only know M$ and don't have the 
knowledge to don't click on that "bank" email. 

Technically, it was 74 pages of yawn. Don't waste your time unless 
you're interested in how they found out where the attack was 
originating from and how they tied it to the .cn gov't. 

scott 





Current thread: