How sinister are there on the Internet?

Wu Hanqing, a senior hacker, has many identities: he writes "" and the director of Alibaba Cloud Security.

In his mind, the first identity is as light as a fortune, and the second identity is as heavy as Taishan.

Defending Alibaba Cloud, 35% of Chinese websites, is located on its cloud computing platform and its residents. He feels that he is responsible for defending his soil and cannot lose it.

Looking at the black market and describing his own operational map is part of his requirements for his duties.

He told us a secret: "If you want to know what industries are in China's black market, you only need to look at the prohibited sales section of Taobao ." DDoS attacks, extortion, and the dark Network black market often result in attacks against servers on Alibaba Cloud.

From his perspective, the world is full of blood and rain.

Sinister world

DDoS

We define a large traffic attack, generally over GB. In fact, according to our information, there are already organizations in China that can launch a T DDoS attack. In addition, 80% of them are from the same organization. The actual control of these organizations mostly fled abroad.

The reason for these attacks is very simple: money. If someone buys it, someone will sell it. Brother Tao told Lei Feng that it only takes several hundred dollars to launch a 10 GB traffic attack.

In the DDoS attack industry, the most classic method is to attack private servers of games. Because private servers are illegal, they do not dare to turn to the police. Black is the general rule of the industry. In 2013, the root domain name of China's national top-level domain name ". cn" was once shared. This sensation was caused by a black market attack that accidentally hurt the underlying server.

Hackers who Master huge bandwidth resources make money on both sides of the organization, while collecting money for attacks, while extortion by attackers for higher interests. They even colluded with IDCs and spent money to buy all the idle bandwidth of the IDCs. The business scale exceeds the imagination of ordinary people.

Anti-DDoS pro, GB unlimited protection>

 

Extortion

Unfortunately, hackers will target all hot money industries. P2P and Internet finance are the industries in this round.

The credibility of the financial industry is very important. If the service goes down, it is likely to lose the trust of users and suffer a run, which may lead to bankruptcy. These are the perfect conditions for hacker extortion.

Brother Tao talked about two methods of black market:

· 1. Intrusion into P2P companies' servers to steal user information. Sell these high-value customer information for advertisement and black promotion from the next house.

· 2. Threats to DDoS attacks and extortion. If you make a compromise and pay for it, the other party will come back to continue to extort money in a period of time.

Understanding the purpose of a hacker is crucial to defense. "According to our judgment, the next industry to be targeted by Black Industries is probably the live broadcast industry. From the current situation, this has happened ." He said.

Attack and defense on the cloud

Cloud is the antidote

As a believer in cloud computing, brother Tao believes that this kind of computing revolution, which is quickly under attack, is, to some extent, an antidote to security. He gave an example: "I visited a regulatory authority. On a huge screen, they can monitor vulnerabilities in various systems in real time. However, they can't fix it very quickly. Because it corresponds to more than 1000 business subjects, their respective system models are different ."

However, if cloud computing is used as the basis, you can unify the Iaas layer and fix vulnerabilities in a short time.

In the first half of this year, Alibaba Cloud Security fixed 0.46 million vulnerabilities for tens of thousands of customers on the cloud. This achievement made brother Tao very proud. He said it was unimaginable before.

Cruel reality

Even with Alibaba Cloud, the defender is not dominant in the confrontation with the black market. He said:

"Unfortunately, attackers are still at the forefront. Because we cannot predict the next step of hackers ."

This directly causes the security product to passively wait for the attack to take the "fire fighting" action. For Alibaba cloud security, there is still a 12-hour period from the hacker's exposure of the attack intention to the blocked attack.

Internet attacks controlled by the black industry are like outbreaks. In most cases, infected hosts continue to spread malicious code around them. In the face of viruses spreading at the speed of light, every second is crucial.

In December 2015, thousands of customers' ECS went viral. Alibaba Cloud Security urgently notifies the customer and assists with the handling. It finds that hackers are using a weak password vulnerability to spread malicious code. "Fortunately, this vulnerability was fixed within 12 hours. If the response time is 24 or 48 hours, it will cause greater losses ." He said.

 

High-quality standard products

If you simplify the attack and defense of the Internet to a map, you can see countless nodes floating on the cloud, and the black industry and security personnel fight for these nodes.

In the eyes of malicious code spreading like plague, there are no large enterprises or small enterprises, only servers that can be attacked and servers that cannot be attacked.

"Almost all security companies are serving top 3% of their major accounts because they have ample resources to hire special forces. But the lives and deaths of many small and medium-sized enterprises that do not have a lot of security budget are not concerned ."

Dao believes that Alibaba Cloud security should provide security for small and medium-sized enterprises. In fact, there is only one inexpensive solution, that is, a software service platform (SaaS) that does not require too much labor costs, the so-called high-quality standard.

The following question becomes: how can we make such a platform.

Data and Computing

Train machines as security experts

An excellent security engineer can analyze the network logs to find out the clues of the server being attacked, and unplug an enemy's point from the black market attack and defense map.

However, for brother Tao's yundun, it faces hundreds of thousands of ECS instances, and manual troubleshooting is not one of its options. How to train machines into security experts is the solution.

A rocket wants to go to heaven. There are two core elements: engine and fuel. Machine learning is like a rocket. Its fuel is a huge amount of data, and its engine is powerful computing power.

For Alibaba cloud security, the daily incremental data is 300 TB, which is derived from the full data authorized by Alibaba Cloud customers. Computing resources are a huge advantage of Alibaba Cloud.

As a result, Alibaba Cloud security can detect 80% of intrusions by means of system-only computing. This metric is three times that of similar systems, said Brother Tao.

Protects against Web and CC attacks and data leaks>

Superior or inferior

To some extent, this detection rate is comparable to that of manual checks. Tao gave a scenario:

If a customer uploads a Webshell, it may take one week for security experts to analyze the full data. In reality, this is often not the case. They often judge intrusion based on experience rather than the complete evidence chain. In this case, mistakes may occur. For machines, it analyzes full data and presents a complete chain of evidence. These results are more accurate.

In terms of cost and magnitude, Alibaba Cloud Security and AI are not comparable. Objectively speaking, it is difficult to reproduce what brother Tao is doing without Alibaba Cloud.

Alibaba Cloud Security's big data can make a lot of association analysis, such as the relationship between two attack events and which servers a hacker organization is staring.

If the security lab leader by hackers is a special soldier, yundun is more like a standing army to protect Alibaba cloud security.

Brother Tao confidently told us that Alibaba Cloud Security has no obvious technical difficulties. However, many attacks have a single data dimension. In this case, the available data may only be an IP address. With limited data, how to use the computing power to mine attack-related information in a deeper level has become a key point.

Buy yundun, which brother Tao is proud of>

Represents my great works

Many people know brother Tao because they like the blackboard newspaper he wrote ".

"Brother Tao's blackboard newspaper" did bring me some prestige at the earliest. But I am not a writer. What I want is to make a good product that represents me.

Brother Tao explained the reason why he abandoned his "high valuation" public account in the hacking industry. However, the hacker was not born so "willful ".

He told us about Wang Jian, the manager of Alibaba Cloud.

At that time, it was rumored that Dr. Wang was about to leave.

"Bad" is the most extensive evaluation of Alibaba Cloud's performance in the first two years. As the manager of Alibaba Cloud, Wang Jian witnessed that his brother department had been honed by the knife. After Alibaba Cloud was dissolved, he split up the army, horses, and grass.

 

Even though I believe that cloud computing will certainly rise in the future, in the long wait for a long time, brother Tao finally cannot help but resign. Unexpectedly, Wang Jian did not go.

He said that he had been pushed to the dead corner several times, but he did not leave. Not only has he always believed that cloud computing has a bright future, but he has been constantly investing in his own business. Ma Yun does not understand cloud computing, but he finally chooses to trust his doctor.

Wang Jian's road finally saw the first road sign. Alibaba Cloud uses five thousand computers to connect to a huge server, which is a 5 K project. This technological innovation laid the role of Alibaba Cloud in the future.

"Dr. Wang has overturned my world view," said Dao. "when he invited me back to Alibaba Cloud, I really felt that this could be done ." This religious sense of mission makes brother Tao not care about his "blackboard newspaper", and the yundun will only have all of the above conversations.

Back to this sense of mission, we should stick to it and give up. It is easy to make a choice.

"Does this mean that your product is Alibaba Cloud security ?"

 

"I hope so ."