Anti-black Villains outsmart of network

The intermediary transaction SEO diagnoses Taobao guest stationmaster buys the Cloud host technology Hall

As the Internet technology is not the end of the general, the action to combat hackers must change rapidly, the so-called "villains, outsmart", China's network against the Black still have a long way to go.

The elusive "Foreign government web site has been attacked by Chinese military hackers" is drawing to a close at the political level of China's threat theory. The network security that should be really reminded behind is often neglected in political discourse.

"Networked computers do not take security precautions, as long as they are open, they will one day become the prey of hackers." Hu Shansheng, the chief scientist of China National Computer Network Intrusion Prevention Center, admits that the situation of our country's information security is very grim.

What is China missing from the internet?

The more interconnected, the more dangerous

In the first half of 2007 alone, the host IP in mainland China was far more than 21 times times higher than last year, and the number of sites tampered with was 4 times times higher than the same period last year.

As a landmark event in China's internet last year, "Panda incense" virus has become a nightmare for many netizens. The virus began to rage from the end of 2006, and as of February, a total of 110,000 IP addresses were found to be infected.

In China's early hackers, the former "Green Corps" members of the Zhou Yi, the Internet really security measures only physical partition, "there must be a door, there is a seam, there is the possibility of intrusion."

This is not a boast, today's hacker technology is not the tactics of the Sino-American Hacker War, ping each other's web site, or throw a packet bomb, to plug the other side of the bandwidth and lead to network paralysis, "in the circle, that is the enemy 1000 self-destruct 800 of the outdated tactics."

Hackers now rely mainly on remote attacks, a server, looking for each other's program vulnerabilities, intrusion, and then spread the other network, another one is for individual users, remote implantation Trojan horse program. "Skilled hackers use trojans, are customized, the general virus software and firewalls will not have a response." ”

In order to reverse track and stealth, now hackers often use third-party attacks, that is, the selection of Cross-border or cross-border Third-party computers or servers as a springboard, once the other side tracking, it is almost impossible to trace back to the ultimate source of the attack.

If the early hacker attacks or out of mischief for the purpose of showing off, or out of national complex and patriotic sentiment, the internet after large-scale commercial, hacker crime has shown a tendency to benefit.

Take Shenzhen as an example, as one of the earliest cities to set up a network supervision Bureau, Shenzhen Network Supervision Bureau received every day online theft game accounts, QQ coins, and even the bank password cases reached 30 cases, and the trend of rising.

"Group, specialization trend is obvious, there is a special charge to steal online, there is responsible for the network summary, there is a line responsible for online fence." "An official of Shenzhen Municipal Network Supervision Bureau introduced.

More seriously, in the network many hacker crash software and the training course's operation, the hacker's threshold is getting lower, "the hacker software has been fool", only then hundreds of to thousand yuan can obtain and grasps, a network name Angel Kiss's trainer told the Southern Weekend reporter, uses his professor's invasion technology, With the help of Internet-accessible vulnerability scanning tools, a primary hacker can invade more than 10 websites a night.

"Use the hacker industry chain to describe, not too much, even in the escalating." "the official said.

Villains, outsmart?

China has never stopped the internet's anti-black pace.

Hu Shansheng Development of the "forensics Machine" has been promoted in southern China, can be like the aircraft "black box" like the record server changes, record the clues of the hacker invasion, and as "evidence" to extract, for verification.

Efforts at the national level have also continued, in February 1994, the "People's Republic of China Computer Information System Security protection regulations" issued. The Penal Code amended in 1997 increases the provision on computer-related crime.

Since 1998, the Ministry of Public Security has formally established the "Information Network Safety Supervision Bureau", since then all the Public Security Bureau has set up a network supervision departments. The National computer Network Emergency Technology Processing Center (CNCERT/CC), which was supported by the government in October 2000, was established as the core and established 31 branches.

And the folk level, as of this July, China has a network security emergency organization 57, including backbone network operating units, social security agencies, companies, universities and research institutes and so on.

Five years ago, Hu Shansheng also told Southern weekend reporters that they are actively calling for the formation of cyber anti-black forces.

An intensive anti-hacker network is becoming increasingly tight and trying to connect with international standards like the Internet.

In August 2007, the United States, Britain, France, Germany and other countries to criticize Chinese hackers wantonly attack foreign governments and military websites, the Chinese government on the one hand to accuse hackers from the Chinese military, the statement was clarified, but also to take the initiative, is willing to work with other governments to identify hackers to attack the truth, jointly

But as the Internet technology is not the end of the general, the efforts to combat hackers must change rapidly, the so-called "villains, outsmart", China's network against the Black still have a long way to go.

What is the lack of anti-black China network?

In the public eye, the cyber-security concerns of hacker crime have not abated.

First of all, ordinary netizens are not aware of security, Hu Shansheng said, even in high energy physics, such as scientific research units, computer poisoning or attack also occur.

Zhou Yi told South Weekend reporter, Hacker attack, need just a loophole, "a careless, often whole net all lose".

To improve the security awareness of Internet users, seemingly not a day's work, and improve the existing mechanisms of combat and deterrence, seems to be a simple journey.

Some legal experts pointed out that China's existing criminal law, although the addition of computer crime provisions, but the provisions only in violation of state regulations, intrusion into state affairs, National Defense Affairs, cutting-edge science and technology field of computer information system as a crime, its scope is too narrow.

Although the 2000 decision of the NPC Standing Committee on the maintenance of Internet security has made a forensic examination of the intrusion into the computer systems of individuals, enterprises and other organizations, the other general culpability clauses of the criminal law are compared. Experts recommend that, as long as the unauthorized (or not with the appropriate authority) of the illegal intrusion, whether the target is the core State departments of the system, or ordinary citizens of the personal system should be "illegal intrusion into the computer information system" conviction sentencing.

Secondly, it is difficult to exert the punishment function of penalty for the sentence of the crime of violating information system in the relevant law.

Shenzhen Network Supervision Bureau in the fight against computer crime has encountered judicial difficulties, such as "phishing" stolen similar to the QQ currency, such as the virtual currency, how to evaluate its value, the law has no relevant provisions.

Prior to this, the bureau has cracked the theft of QQ coins gang crime, QQ nearly billion, because the qualitative difficulties, can not be punished for theft, and finally to disrupt communication facilities and order.

In fact, China's current network Supervision Department is also established in accordance with the traditional provincial and municipal level, with the territorial management as the boundary, resulting in decentralized control, difficult to adapt to the increasingly cross-regional characteristics of hacker crime.

"To the local county level, even if the network supervision departments, but also often human, financial and technical deficiencies, the network security can not be a substantial guarantee." An official of the bureau said.

In addition, Hu Shansheng the Chinese network security personnel training model and appointment mechanism expressed concern.

In some of the country's most important departments, "to retain one or two of the network master is not easy?" These talents are very mobile, environment and treatment are real problems. If these ' cyber guardians ' are not settled, who will protect your network?

and the legal and computer complex talents are very scarce. "Some foreign universities in the computer department has specifically added law courses, directional training computer forensics talent, I am promoting domestic universities to do pilot." ”

What about our government website?

"SMEs are the easiest, the government is the most difficult. "Hacker Angel Kiss the difficulty of such a sort of intrusion on southern weekend reporters.

The natural source of concern about the attacks on foreign government websites this time is how safe is China's own government web site?

Up to now, the Chinese government at all levels of the implementation of "two network one station" construction, namely, extranet, intranet and portal structure.

"The external network mainly transmits some business information which can be disclosed, while the intranet transmits some internal documents which are not involved in the secret, and requires physical severing with the Internet." And the most important confidential secret documents by the security requirements of higher confidential network to bear. Luoyang Information Center officials to the reporter introduced.

In the national context, public security, taxation, finance and other vertical systems have special security projects to ensure intranet security, such as the Golden Shield project, "but in the horizontal connection is not enough."

"The ultimate place of information security depends on the degree of local attention and security awareness." "The official, for example, the government site in Luoyang, a hacker attack, after inspection only found that local technicians do not follow the specification, even firewall devices are not installed to the bare face open, of course, vulnerable to attack."

The state has implemented a 5 level protection system for local networks at all levels. "But the government's existing inertia is often heavy hardware, light management, there is no equipment, not commonly used, of course, there are security inputs and technical reserves of personnel issues."