StrategyPage doesn't just report on Cyber War, sometimes we get caught in the middle of it. We got an electronic nastygram from China recently when, as we were installing a new server, at a hosting site (to improve response time, and lessen the workload on the volunteer staffers who maintain the server). There was a gap of a few days between the time the new server went online, and the hardware firewall (which is a bear to configure) got installed. Into that opening, some Chinese hackers got onto the server and tried to take it over. Actually, it was unclear what they were trying to do, but they did it at 2 AM, when one of our techies was trying to get onto the server to do some database maintenance, the hack attempt was noticed. There ensued a duel between our two guys and the Chinese. The Chinese lost, and we found out they were Chinese when we examined the tools and documents they left behind once they were locked out. Based on that, and the fight they put up, it appears it may have been a training exercise. When China trains its Internet warriors, it sends them out on training missions, to get into a vulnerable server and do the sort of things (like planting a rootkit) that one would do in preparation for a Cyber War. Of course, they could have just been part of a criminal gang, collecting zombie machines to use for extortion and other illegal Internet activities. But they way they were not all business when they were caught, and seemed a little green, indicated someone on some kind of training mission. Their tools and entry methods were more typical of a well equipped hacking enterprise. Actually, it could also have been a very elaborate bot (an automated hacking program). It did leave some code behind, and some modifications to some of our news databases. Whatever it was, it was apparently not completely set up before we cut off the hacker access and deleted stuff that was left on our server. We reformatted and reloaded from backups and were back in business in a few hours.
Those hackers have not been back. We piled up additional defense and tripwires, to hold us until the hardware firewall went online last week. None of these attacks got close to any customer data, which is kept on a separate server (at another location, there are actually three physically very separate servers running StrategyPage.)
As a practical matter, no server on the planet, that is connected to the Internet, is invulnerable to an attack. But if you put up stout enough defenses, you reduce the number of hackers skillful enough to get through, and increase the chances of the attacker getting caught. That's how financial institutions, which are the most attacked targets, maintain their defenses. The most skilled hackers want to avoid arrest, so they tend to avoid taking on these heavily defended servers. There are plenty of less well defended targets, and that's who the hackers are now going after. Well, except for one fellow, who we've tracked back to Montevallo University in Montevallo, Alabama. So, either we have a student from there doing this or (more likely) they have a school PC that was taken over by a hack, and turned into a zombie. He's hammering, futilely, at port 1305 on our main server. The hardware firewall just notes this for us, and life goes on.