LinuxQuestions.org - LXer: Most Computer Attacks Originate in U.S.

I don't believe it.

My evidence isn't terribly systematic because it represents my experience with my own sites and only my own sites but my experience pretty much contradicts the claim that most attacks originate in the US.

For some time, I have been working to cut down the attacks on my sites, represented by spamming of message boards and attempted hacks/cracks. This has caused me to spend a lot of time reading site logs and following traffic.

Here is what I have seen. As I progressively tightened up my sites, mostly by denying access to entire nations that were (a) not my customers and (b) the apparent sources of my problems, I observed an interesting phenomenon. An attack would originate, most commonly in Eastern Europe, and would fail due to the nation of origin being banned. Then, often, the same attack would be attempted (as identified by referrer, target url, and time frames) from other IP addresses scattered all over the globe until they hit an IP address in a nation that was not banned. Commonly this IP turns out to be in the US since I can't/won't ban US IP ranges (though I will ban individual IPs if I can identify them as broadband) and I will quickly ban IP ranges from a non english speaking country (my marketplace is pretty much restricted to the english speaking world...maybe someday I'll expand beyond that but presently I lack the resources).

So, what we have is an attack that commonly originates in Russia and tries various vectors from around the world until it finds a way through. So, the attack then appears to originate from the US, when in fact the machine in the US is a zombie owned by some unwitting fool.

I really have no reason to believe that my experience is abnormal, but my data is certainly not comprehensive. Nonetheless, I think that I know enough to cry "BS" to the Wired article (which, BTW, comes with an AP tagline - and everyone knows how bad AP is.)