Net net - what we have here is, so far, relatively low tech exploits with a huge element of brute force, and the only innovation being in the delivery mechanism - very well crafted spear phishes They don't particularly need to hide in a location where they're literally bulletproof (considering how many crimes have the death penalty in china, said penalty being enforced by a bullet to the head and your family billed for the bullet, if I remember correctly) Now there's a light shone on it all, despite the official denial, you'll simply see this office building shift to an even more anonymous business park halfway across the country (or maybe inside an army base that people just can't wander into and photograph), and the exploits will simply start to cover their traces better. Sure they'll evolve - let them. The point here is that they're going to evolve anyway if we let them operate with impunity from a location where they're bulletproof. --srs On Thursday, February 21, 2013, Scott Weeks wrote:
--- Valdis.Kletnieks@vt.edu <javascript:;> wrote: The scary part is that so many things got hacked by a bunch of people who made the totally noob mistake of launching all their attacks from the same place.... ------------------------------------------------
This all seems to be noobie stuff. There's nothing technically cool to see here. All they do is spear phishing and, once the link is clicked, put in a backdoor that uses commonly available tools. As I suspected earlier it's M$ against M$ only.
The downside is nontechnical folks in positions of power often have sensitive data on their computers, only know M$ and don't have the knowledge to don't click on that "bank" email.
Technically, it was 74 pages of yawn. Don't waste your time unless you're interested in how they found out where the attack was originating from and how they tied it to the .cn gov't.
scott
-- --srs (iPad)