I can't help but see irony in all the news reports this morning about China suffering one of the worst DDoS attacks it has ever seen. China is usually seen as the place where attacks begin, a perception bolstered by findings in Akamai's most recent "State of The Internet" report.
Of all the reports on the weekend DDoS against China, this passage from The Wall Street Journal's article explains things best, in my opinion:
The attack, which was aimed at the registry that allows users to access sites with the extension ".cn," likely shut down the registry for about two to four hours, according to CloudFlare, a company that provides Web performance and security services for more than a million websites. Though the registry was down, many service providers store a record of parts of the registry for a set period of time, meaning that the outage only affected a portion of websites for some users.
The article quotes CloudFlare Chief Executive Matthew Prince, who said the company observed a 32-percent drop in traffic for the thousands of Chinese domains on the company's network during the attack compared with the same time 24 hours earlier. The article also notes that while China is among the best there is at carrying out attacks, it's in a much weaker position to deal with attacks that come its way. From the report:
China has one of the most sophisticated filtering systems in the world and analysts rate highly the government's ability to carry out cyber attacks. Despite this, China is not capable of defending itself from an attack, which CloudFlare says could have been carried out by a single individual.
Our most recent "State of The Internet" report fingered China as the country from which most attack traffic originated:
During the first quarter of 2013, Akamai observed attack traffic originating from 177 unique countries/regions, consistent with the count in the prior quarter. China remained the top source of observed attack traffic,though its percentage declined by nearly a fifth from the prior quarter. This decline is likely related to Indonesia making a sudden appearance in the second place slot, after a 30x increase quarter-over-quarter.
China topped the list in the previous "State of the Internet" report as well. At the time, SecurityWeek reported:
The fact that China remained at the top of the list isn't so surprising. Earlier this year, Mandiant released a hefty report outlining evidence its researchers had gathered linking an "overwhelming" number of cyber-attacks to China, even to a specific military group. Even the Verizon's 2013 Data Breach Investigation Report called out China for cyber-espionage and other targeted attacks. Verizon claimed China was behind 30 percent of data breaches in its report. "Looking at the full year, China has clearly had the most variability (and growth) across the top countries/regions, originating approximately 16 [percent] of observed attack traffic during the first half of 2012, doubling into the third quarter, and growing further in the fourth quarter," Akamai said.
Below is a chart from our latest report on countries that produce the most attack traffic.