There have been a lot of stories surrounding the Chinese and hackers originating from their intelligence agency. Although we shouldn’t diminish the findings of a particular technology company that disclosed some of their own investigations, I think it’s necessary to draw some attention towards locations of the globe where many of the attacks actually originate from.
It’s fairly well known by most security professionals that the best hackers on the planet often originate from Russia, however, it could well be that it’s more newsworthy to talk about China. We trust the Chinese with many of our manufacturing facilities and research and development activities and they certainly have greater resources at their disposal if they truly intended to inflict harm.
There are certain political motivations driving the focus on China, but I think it’s fair to say that they are one of the many participants in the global stage of cyber security and intelligence gathering. In fact, the United States has a long history with its intelligence agencies for performing signals intelligence (SIGINT). It’s also useful to remember that as far as sophistication goes, the United States is unmatched with its intelligence gathering capabilities and extends this capability across the globe with an extensive array of spy satellites and listening stations with strong support of several other countries.
The fact that governments across the planet attempt to track each other’s military capabilities and monitor situations through signal intelligence and other intelligence gathering capabilities is neither odd nor newsworthy. These activities are a necessary function to enable transparency across borders between governments and be ready if another country is planning some sort of attack. However, I think it’s important to mention that all countries should uphold strong intellectual property rules in order to maintain fair competition, which creates a dynamic that encourages new developments and technologies and enables fair competition across the globe.
The ‘honey net”
Now let’s turn to some of the data often known “behind the scenes” that many security practitioners know and consistently defend against. Deutsche Telecom publishes a real-time dashboard of hacking attacks detected by its global network of attack sensors known as a “honey net”. As many practitioners know, in a “honey net” the reference to honey is an analogy to how one might attract a bear in the woods, the bear in this case being the hacker. For some fun, I used some statistics from the Deutsche Telecom dashboard located at http://www.sicherheitstacho.eu/ to provide data points for some basic analysis.
At the time of this writing, the total number of attacks detected over the last month globally were 30,144,538 when tallying the “Top 5 of Attack Types (Last month)” table. They also publish a table called “Top 15 of Source Countries (Last month)” with detected attack values which I found interesting. I wanted to extract percentages so I used those values and threw them into excel to calculate percentage values by top 15 countries and the following is my output.
Attacks by percentage of total global attack detections
Taiwan, Province of China
As you can see with this quick analysis, roughly 24.61 per cent of total detected attacks were from the top 15 attacking countries and roughly eight per cent of all attacks came from the Russian Federation and only half a per cent came from China. So the question is, who will you pay most attention to?
Lawrence Pingree is a Gartner analyst covering information security technologies and markets.