Huge cyberattack on China was lone hacker, official claims

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.scmp.com/news/china/article/1317101/huge-cyberattack-done-lone-hacker-official-claims

The biggest ever cyberattack on Chinese domain servers last month was
carried out by a lone hacker, according to a government official
responsible for internet security.

The explanation offered by the official shocked mainland internet security
experts, with many highly sceptical of the story. Beijing last month
reported what it described as the biggest ever cyberattack on Chinese
domain servers - those domain names ending with ".cn"

Wang Minghua, an operating officer with the National Computer Network
Emergency Response Co-ordination Centre of China, was quoted by Sina
Technology on Monday as saying a suspect in Qingdao , Shandong province,
had been detained.

Wang said the hacker used a real IP address - suggesting he had to be an
amateur. Wang said the man wanted to bring down a game server but
mistakenly attacked government servers hosting the country's domain.

The co-ordination centre declined to provide more information when
contacted by the South China Morning Post.

Wang's claim contradicts an earlier official statement. Two weeks ago, Li
Xiaodong, executive director with China Internet Network Information, told
the People's Daily the attack was launched "by a group of hackers for
commercial interest".

The attack, Liu said, was launched through a large number of zombie
computers - machines controlled remotely by hackers which allowed them to
hide their identities.

In last month's attack, traffic flow to the domain servers - mostly
government or official websites - increased nearly 1,000 times in less than
two hours, forcing down many websites.

Liu Qing, a cybersecurity expert in Shanghai, said a single hacker could
not have pulled off such an attack.

"Last month's attack could have cost more than a hundred thousand yuan, if
it was launched by a hacker in China," Liu said.  "I don't think an amateur
hacker could afford that."

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.