It was a year ago that Reuters reported an increase in cyberattacks by groups in China targetting official and corporate sites in Vietnam.
“Chinese Foreign Ministry spokeswoman Hua Chunying said China opposed all forms of illegal internet activities or stealing of secrets and also opposed any accusations from any side against any country on the issue without cast-iron proof.
Vietnamese Foreign Ministry spokeswoman Le Thi Thu Hang said cyber attacks should be severely punished in accordance with the law and that it was important for countries to secure their networks.
Vietnam denies allowing cyber espionage although it has also been accused by FireEye of carrying out attacks.”
Strong words from government spokeswomen specially if your country has been the brunt of cyber espionage. So why is it then that over the past few months attempted breakins to my site originating from Vietnam have skyrocketed?
Tell me that, Ms Foreign Ministry spoeswoman Le Thi Thu Hang. Why is Vietnam attacking me and shouldn’t the attackers, according to your own words, be “severely punished in accordance with the law”?
Over the past few months I have noticed an increasing volume of cyberattacks originating from within Vietnam. Little do they know (apparently they know little as demonstrated by their attempts) that I have long since blocked all communications originating from Vietnam as well as all unauthorized ssh attempts from anywhere. However this has had little impact on their attempts to break in.
Almost exclusively the attempts to break in are relying upon ssh attacks. These attacks are specifically targetting attempts to break in and gain control of a computer. It’s not like they are trying to putz with a website or send millions of spam messages. Instead an ssh attack is an attempt to gain complete control of a computer. If successful the perpetrator would be able to access all your data, infect the system to report back other secret data, such as bank account password, and then use the computer to launch attacks against other computers both in your home and elsewhere.
Here’s a quick summary of some of the fruitless attempts and how they compare to the Chinese attempts. I use China to contrast because for years it has held the mantle for the most persistent attempts to break into my server:
|Date||# of Vietnamese attacks||# of Chinese attacks|
So when did this all start?
Vietnam has for quite some time run small numbers of attacks against my system. A year ago the attacks were under 100 per day, a smaller number than the number of attacks originating from China and as such mostly ignored in the background noise of attacks against my system.
However on December 5, 2017 something changed. On that day the number of attacks went from sub 100 per day to 947, then followed by 3028, 2403 and 2957 the next few days.
Since then the number of attacks has sustained itself from 1500 or more attacks per day.
So what the fuck Foreign Ministry spokeswoman Le Thi Thu Hang, how the hell can you sit there all high and mighty and denounce cyberattacks and threaten that the perpetrators will be severly punished when it is your own infrastructure, located in Vietnam, that is persisting in a sustained series of ssh attacks against my servers? Are you merely a pawn in some other country’s use of your infrastructure to launch their own attacks? This would mean you have no control over your systems and are helpless to defend yourself in this form of cyber warfare. Yet knowing that you could not be helpless in this endeavour, then I can only surmise that you must be complicit in these attempts to break into my computers.
And should you want records of the attacks, you could ask someone not in Vietnam to look at any of my pages, such as this onei for December 10, 2017 showing attacks from IP addresses located in places like, 392 from Hanoi (220.127.116.11), 138 from Hanoi (18.104.22.168), and so on, and so on, etc.
All I can say is PISS OFF and good luck splatting against a firewall blocking all your attempts.