Krypt3ia

下载《瑞星2010中国企业安全报告》

3月10日，亚洲最大信息安全厂商瑞星公司发布《2010中国企业安全报告》，对国内企业和单位所面临的安全风险进行了深入剖析和解读。报告指出，政府、军队、教育科研等机关单位已经成为黑客攻击的重要对象；2010年，高达90%的传统企业内网（仅计算与互联网连通的企业网络）曾被成功侵入；几乎百分之百的互联网公司都遇到过渗透测试、漏洞扫描、内网结构分析等安全事件，而有85%以上曾被黑客成功获取一定权限。

瑞星安全专家表示，2010年，以百度遭到域名劫持攻击为标志，所有中国的大型公司和网站都遭到了严重的安全威胁。DDOS攻击、病毒植入、域名劫持、机密信息丢失、管理权限外泄等成为企业最易遭受的黑客攻击。

而在被攻击对象方面，软件系统不再是唯一选择，手机、U盘、移动硬盘、基础设施等都已经成为黑客的攻击目标或者跳板，企业急需量身定制全面、系统的整体安全解决方案。

政府、军队、教育科研机构等成为黑客攻击的重要对象

Translation:

March 10, Asia’s largest information security company Rising has released ” Security Report 2010, Chinese enterprises “, and units of domestic enterprises face security risks in-depth analysis and interpretation. The report notes that government, military, educational institutions and scientific research units have become an important target for hackers; by 2010, up to 90% of the traditional enterprise network (only the enterprise computing and Internet connectivity network) has been successfully invaded; almost one hundred percent of the Internet companies have encountered penetration testing, vulnerability scanning, structural analysis within the network security incidents, while 85% had been successful for certain privileges hackers.

Rising security experts said that the year 2010, Baidu has been marked by domain name hijacking, all of China’s large companies and websites have been a serious security threat. DDOS attacks, viruses implantation, domain name hijacking, loss of confidential information, disclosure and other management authority become the most vulnerable to hacker attacks.

The areas being targeted, the software system is no longer the only choice, mobile phones, U disk, mobile hard disk, infrastructure and so has become the target of hackers, or springboard, enterprises need to tailor comprehensive solutions to the overall security of the system .

Government, military, education and scientific research institutions have become an important target for hackers

Well, turn about is fair play is it not? Apparently, if you are to believe the data from this report, then it seems that China has been the target of some hacking. Of course who might it be that this report is claiming is at the top of the aggressor list?

Why the USA of course!

Now, that is convenient huh? Well, I can be sure that the USA has been trying to hack these entities in China, but, would the US be as silly as to just do it blatantly like the Chinese do? Maybe they would, maybe they wouldn’t. What it does say however is that now the game is on with the Chinese it would seem. I think though that this has been the case all along. The three letter agencies have been doing this since the start I think and as the world has become more networked, so has the spying. I mean, not only China has a corner on the cyber-espionage game.

Now, on the other hand, this report would amp up the rhetoric on the cyber-espionage topic wouldn’t it? After all, so far we have had so much attention on the likes of Night Dragon, Moonlight Maze, and Aurora as being pinned to the Chinese star. I am sure that the Chinese would love to be able to rationalize their efforts as reciprocity for the attacks by America on them. This is the game that is played and it is much like the games that the USSR used to play with America on the espionage playing field.

I guess the next question for me would be this;

Just how many servers do the alphabet agencies lease time on in other countries such as China to run recon or hack from? Obviously some of those cycles could be on the behalf of some agency or other and they would be none the wiser. A botherd is just a botherd, all that matters is that they get their money on the digital black market. I am sure too that there are plenty of nodes within the Asiatic sector as well as all over the rest of the world, that are acting as launch points for the US, not just servers within the confines of the country.

Well, at the very least this is an interesting albeit feeble attempt at attribution of attacks on China.

Attribution is a bitch and China must know that pretty well.

K.