Racist Attribution of Hackers
I've thought a lot about hackers recently. It's a pretty common tactic for people to discuss hackers as being "Russian" or "Chinese". And there's a pretty common to see people advocating for blocking IPs from specific countries. (Now, there's definitely good reasons to limit your attack surface by doing things like limiting a service that is only offered in one country to that country, but defining why you only offer your service in that country is equally important). These discussions mostly claim that we need to protect ourselves from "Chinese Hackers" or otherwise dealing with the world of Cyberwarfare. Accusing countries of attacks, and then making the leap to assume that the attacks are state sponsored.
I think it's a pretty established fact (as far as our metrics go) that the majority of attacks come from China. Of course, the second most common location for attacks to originate from is the United States. However - looking at the maps of the Internet (or a language map we can pretty easily see that - the internet is mostly in China (there's more English speakers, but they're also fairly spread out, not concentrated in the US). This means, that assuming the majority of internet users are in China, we should also expect that the majority of attacks will come from China. This wont even correlate with the actual location of the attacker - since it's well established protocol (so well established it's taken as read in the movie Hackers) that you should never hack from your own computer. Based on the huge number of botnets that exist - I am not sure how attribution is going to work. This tends to come into the fore whenever security people discuss Hacking Back (the practise of DDOSing or otherwise attacking the people who are attacking your own network), people assume that the attack sources are simply insecure and unpatched systems that have been taken over by the actual attackers.
Despite this, whenever people discuss these attacks - they begin by discussing how it's all about Chinese and Russian hacker mobs. The data basically points to racism and jingoism as the primary source for attacks. Things like Titain Rain basically existed for the US to blame China - with the concept that only a Nation State could really battle the US computer infrastructure. Which basically believes that a (functionally) unlimited Defense Budget also means that an attacker can never get in without an equally large attack budget, something we know not to be true from examples like the Sony hackers, or even Edward Snowden's successful infiltration of the NSA (even if it did start out as entering the NSA legitimately). (All this is not to say that China doesn't support attacks like Operation Aurora, not of course that the US would do that).
Basically, I am fairly certain that attributing that majority of attacks from a country to people within that country is likely foolish, or at least, hubris. I am also fairly certain that attack demographics should basically follow the same demographics as the internet itself. This is not unexpected. Similarily - a lot of the countries where attacks come from don't speak English, meaning access to a lot of software doesn't exist. For the most part - China and Russia have a completely separate internet (this map of the most popular websites by country shows that Russia and China are mostly using Baidu and Yandex to search in their own language). China has explicitly cut itself off, and a lot of the internet has cut off those places entirely - blocking them at the firewall level. Basically - these racist theories of attribution are splitting the internet - and continuing problems that the internet really should be breaking us out of - communication and dialouge across country lines.
Of course - my theory that the attackers are not primarily from locations attributed to them could be wrong. But, since, there's no good way to attribute, I can't say - and it makes more sense to not accuse people from other places randomly - I really don't like racist implications.
