McAfee: China leads world in hacked computers

Published 16 February 2010

A new study finds that more personal computers in China — about 1,095,000 computers — than in any other country have been hacked to make them zombies, then grouped into botnets to engage in massive e-mail attacks on Web sites; the prevalence of botnets is a sign of how vulnerable computer networks are to infiltration

More private computers were commandeered by hackers for malicious purposes in China in the last quarter of 2009 than in any other country, including the United States, according to a new study by an Internet security company. These “zombie” computers are often grouped into “botnets,” or armies of infected computers that can be used to send spam e-mail or attack Web sites, according to McAfee, a Silicon Valley security firm. The company, which said it collects information about Internet-based threats that target more than 100 million computers in 120 countries, said that in the last three months of 2009, about 1,095,000 computers in China and 1,057,000 in the United States were infected. Those numbers are in addition to ten million or so previously infected computers in each country, McAfee said.

Washington Post’s Ellen Nakashima writes that the prevalence of botnets is a sign of how vulnerable computer networks are to infiltration, a subject of increasing international debate as companies and governments seek to defend their computer systems from intruders.

Last month, Google announced that its networks had been penetrated by attacks originating in China. The Chinese government denied any involvement, saying that hacking in is against the law. There was no indication that the attack involved botnets, experts said.

Some experts have said that Clinton’s call for accountability and norms is complicated by the fact that the United States has so many infected computers. “The government could crack down on botnets, but doing so would raise the cost of software or Internet access and would be controversial,” Jack Goldsmith, a professor at Harvard Law School, wrote in a recent opinion piece in the Washington Post. “So it has not acted, and the number of dangerous botnet attacks from America grows” (“Can We Stop the Global Cyber Arms Race?” (1 February 2010 Washington Post).

Stewart Baker, a cyber expert and former assistant secretary for policy at DHS, said he would like to see a few leading nations develop “effective national norms aimed at eliminating zombie computers.” Companies could be encouraged or required to comply, he said.

Nakashima writes that one Internet service provider has begun a voluntary service to notify customers when their computers have been infected by bots, viruses and other online threats. Philadelphia-based Comcast, which has fifteen million non-commercial customers, began the program last fall. Such initiatives, some experts said, could start to clear out the “noise” in the networks and could help