Many security "researchers" often puzzle me with their methods of injecting statistics into the game. For years now, this has been a headache for me, trying to debunk who to pay attention to, who to consider an outright CSFP - Certified Security FUD Professional, which sites to follow, blogs to read, etc.

Today, the topic is China. Like everyone else we too at Infiltrated are going to jump on the Moo Goo Gai Pan Bandwagon. The problem with China? They're obviously secretly training all children in their families in the art of cyberwarfare, I know this to be true because Symantec and my government tell me so.

Chinese hackers have been keeping themselves busy during the last couple of days, launching massive SQL injection attacks affecting over 100,000 web sites.The SQL injection attacks serving the just patched Internet Explorer XML parsing exploit, are launched by several different Chinese hacking groups, and with several exceptions, are primarily targeting Asian countries which is a pretty logical move given the fact that its a password stealing malware for online games that is served at the bottom line.Which is the most targeted country?According to some stats from Symantec, China ironically remains the most actively targeted country by the IE exploit, ironically in the sense that it was Chinese researchers that leaked the exploit at the first place. Moreover, the 100,000 web sites cited as being infected by Symantec, should be taken as a very conservative metric, since more domains are being injected and as previous campaigns, the number of affected sites could change pretty fast.

Huh? You lost me... You mean to tell me it wasn't the RBN. I'm glad there are experts on the case!

"The destination IP of the exploit server was the same in all cases, and it's a known RBN IP address" [2]

By the way... Who made them experts again? Insert another industry buzzword: "Security Theatre Experts" now known as STE's.

The problem with STE's is, everybody wants to be heard and everyone wants to make a name. But let's take a 50k foot view of it all right now and go back dissecting this piece by piece:

According to some stats from Symantec STOP... Symantec isn't any defacto anything. Never was and never will be. For this sake, let's label them an expert on the subject matter, so Symantec is telling me "oh noes... The Chinese!", but is there anyone else supporting Symantec's view? Certainly not the US Government. It's the US Government's view that China is hellbent on "cyberwarfare" when it's convenient for media purposes. Here we have it again verbatim:

Kimberly Zenz, an expert on cyberwarfare at VeriSign iDefense, a computer security company that is investigating the attack, notes that it is not clear that agent.btz was designed specifically to target military networks, or indeed that it comes from either Russia or China (two countries known to have state-sponsored cyberwarfare programmes that regularly target American government computer networks). [3]

STOP... So we now note that they're not clear on where these came from or why, they just decided to throw in a curve ball... "But we've know these other times..." Who gives a damn really, don't yellow cake us again. There are those in the US Government who still shout "China!" because of idiotic comments like this. Those in government don't know, they're relying on experts... WHO DON'T KNOW!

Whenever something unexplainable is occurring, it has always been more "credible" to name an enemy, to cite a source, the problem is, who the hell is Symantec or Dancho Danchev to make these assumptions. Does Dancho have any TS clearance, does he have access to military networks. All he has is his own little scope, nothing more. I run a blacklist which was linked on a post from Arbor Networks, does this make my site an industry "expert" on botnets? If so, between 60 to 70 percent of attackers I can infer are all US based attackers.

So let's try to pull it all together for a moment - what the experts are literally saying...

China has hackers who made security exploits to steal video game currency. This was a mere false flag operation, they were never meant to steal currency. They were meant to be given to the RBN to attack US Military machines because the RBN isn't concerned with money at all. They're concerned with cyberwarfare. You can trust me, I'm a self proclaimed security expert.

There are plenty of different perspectives to view information when it comes to this topic. NO ONE, (rinse and repeat) no one is an expert, yet many try to whore their names and their perspectives as absolutes. This tends to taint the well of information, how can anyone believe any point of view on this situation when so many "experts" declare so many different things. It all boils down to popularity... "I wonder if I write... Mao hacked my blog... Will I attract a huge following... Get offered a job at Booz!"

Cadet Prayer

"Strengthen and increase our admiration for honest dealing and clean thinking, and suffer not our hatred of hypocrisy and pretence ever to diminish. Encourage us in our endeavor to live above the common level of life. Make us to choose the harder right instead of the easier wrong, and never to be content with a half truth when the whole truth can be won. Endow us with courage that is born of loyalty to all that is noble and worthy, that scorns to compromise with vice and injustice and knows no fear when truth and right are in jeopardy." [5] (note thanks to Jeff LastnameUndisclosed for this)

[1] http://blogs.zdnet.com/security/?p=2328
[2] http://blog.fireeye.com/research/2008/12/on-the-new-explorer-xml-0-day.html
[3] http://edwardlucas.blogspot.com/2008/12/cyberwarfare.html
[4] http://asert.arbornetworks.com/2008/12/distributed-ssh-brute-force-attacks/
[5] The Army and Navy Hymnal