One-Third of All Cyberattacks Come From China
Chinese airmen during a full-military-honors arrivals ceremony at the ministry of defense in Beijing in July 2000.
CREDIT: Linda D. Kozaryn/U.S. Department of Defense
Fully one-third of all Internet-based cyberattacks originate in China, according to a new report from Akamai Technologies.
That fact may provide grim satisfaction to American political and military leaders who've long warned about the Chinese cyberespionage threat.
But they won't like the next statistic: 13 percent of such attacks come from the United States, putting it second on the list.
"Within the top 10, slightly more than 50 percent of attack traffic was generated by three countries: China, the United States and Russia," an Akamai press release stated.
Russia originated about 4.7 percent of attack traffic, followed by Taiwan at 4.5 percent, Turkey with 4.3 percent and Brazil at 3.8 percent.
About 30 percent of all attack traffic targeted Internet communications port number 445, which is used by Microsoft Windows machines to access each other's files and data.
Akamai's findings are part of its "State of the Internet" report for the third quarter of 2013. The Cambridge, Mass.-based company boosts Internet content delivery for its clients worldwide.
The ranking of China and the U.S. could partly be explained by demographics — after all, the two also have the largest online populations.
And cyberattackers from all over the world use U.S.-based server farms, which might also explain why Russia, almost synonymous with financial cybercrime, has such a small showing compared with the Big Two.
But one defining characteristic of presumed Chinese cyberattackers is that they often don't bother to hide their origins behind proxy servers and other obscuring techniques.
Unlike Russian-speaking crooks, who seem to strike from anywhere, Chinese attackers are content to let investigators trace the attacks back to China.
The Chinese government simply denies all accusations by stating that no one can definitively prove the source of any attack.
Akamai's report also partly analyzes the "Operation Ababil" attacks against U.S. banks, in which the websites of major banks were disrupted by massive distributed denial-of-service attacks.
The report confirms what's already been rumored: the attacks reached bandwidths of "up to 65 gigabits per second" and that "a significant portion (nearly 23 Gbps) of the attack traffic was aimed at the Domain Name System (DNS) servers."
Domain Name System servers are the massive "phone books" of the Internet, telling all Internet routers, from the one in your living room to those at the Pentagon, where to send traffic.
The Akamai report, however, fails to ascribe any attribution to the Ababil attacks, which is an interesting omission.
Since the attacks on the banks began in September 2012, American politicians and national-security figures have blamed Iran, without offering any proof.
Meanwhile, a previously unknown Islamic hacktivist group has claimed responsibility, and its posted schedules of which banks will next be attacked have never been wrong.