First of all: Does it matter if the Chinese Govt' is launching the attack or the kid next door? Personally, I would think if the Chinese Govt' has any sense at all, they surely look into cyberwar. Which respectable government doesn't ? In my opinion the real problem/story is the uphauling state of internet security. I am running DShield.org and regularly try to talk to people that show up as 'top attackers' in our list personally on the phone. Just a quote from a guy that identified himself as "MIS Department" for a public interest group (from memory, not word by word): Me: "I think your PC with the IP address xxx.xxx.xxx.xxx is infected with the Nimda virus and also used as an IRC proxy" MIS-Dept: "Are there any more number to an IP address or is this it?" (later he kind of suspected that his boss's desktop may be infected. It is still scanning nicely so far.) Other identified Nimda infections included a little mortage broker/bank and an office from a large tax preparation company. And thats just Nimda, which is pretty much 'in your face' as it scans quite actively. Don't get me started on all the home PCs used for botnet, ircs proxies or whatever the backdoor d'jeur is. I don't think a government effort will change anything. Somehow, the 'net' has to find a mechanism to deal with this. The problem is way too international. I am experimenting with a 'block list' lately of netblocks that are very active scanners. (if anybody is interested: http://feeds.dshield.org/block.txt). It kind of shows the problem. Next to the all-time favorite CN networks, there is your usual mix of AT&T Broadband, Chello NL, and two german universities. Anyway... How many systems are 'backdoored' at any time? My personal guess is 1 out of 1000. maybe 5000. (and thats before I had my coffee). -- ------- jullrich@dshield.org Join http://www.DShield.org Distributed Intrusion Detection System