Archive for October, 2007

Oct 26 2007

Chinese hackers, capitalists?

Published by under Hacking for money

Given the popularity of hacking in China, there is a large market for magazines and books about the subject. Who better to provide these products than the hackers themselves? HackerXfiles produces a hacker magazine with a CD that retails for nine RMB or US $1.10. sells their magazine, Hacker Defense Online for 19.80 RMB or US $2.45.

Even Movie Deals?

On 23 August 2005, Chinese Educational Television reporter, Wang Zhonglang, interviewed RedHacker stationmaster Sharp Winner about his new book The Turbulent Times of the Red Hackers. During the course of the discussion, Sharp Winner made some interesting comments on the reasoning and commerciality of the enterprise. He stated that the original plan was to have the book published on their web site. However, after further consideration, he wanted to make it available to everyone so they could better understand the hacker culture. The theme of the book revolves around the Red Hacker Alliance defending the country against a large-scale computer attack, to include an overseas spy ring.

When asked about the book becoming a movie, Sharp Winner admitted that he was involved in negotiations with investors and if it could be settled, he would ask Zhang Yimou, one of China’s most famous directors, to shoot the film. He also detailed his plan to market numerous Red Hacker souvenirs, to include hats, T-shirts, sunglasses and even the props used in the movie. Asked about what was going on with the group, Sharp Winner replied that the group had established a club and future projects included promoting Red Hacker training and more books.

Comments Off

Oct 24 2007

Chinese hackers…using porn for Teh Buzz

The pairing of demographics and culture in the Chinese hacker community has produced another mechanism for making money in the form of pornography.

According to information contained in the 17th Statistical Survey Report on Internet Development in China (publishd in January 2006), conducted by the China Internet Network Information Center (CNNIC):

58.7% of Chinese online users were male

41.3% of Chinese online users were female

51.7% of Chinese online users were under the age of 24

Continue Reading »

Comments Off

Oct 22 2007

Chinese hacker network

Published by under Hacker Organization

Discussing network hierarchy is difficult at best and involves speculation on relationships that have not been defined by any known source. Preliminary evidence suggests the network operates on a peer-to-peer basis, without a centralized control mechanism. Experiments with various configurations of the net were unsuccessful in providing a clear-cut top-down structure. Searching through the individual web sites failed to turn up documentation showing a definitive command and control group. There were however hints that a rudimentary one might exist, or a least a deference to the older and larger organizations. These clues came from messages passed between the sites and in training conducted by the better-established organizations for their smaller downlinks. Despite these hints, all indications are that individual sites are maintained and run by separate entities and the aggregate is best defined as a peer-to-peer network.

Individual groups work in coordination with one another, but they do not act in response to orders from centralized leadership. During times of political conflict, when the alliance wanted to act in concert, they established the Chinese Emergency Conference Centers. But this was a cooperative and temporary collaboration. The individual sites should be viewed as independent cells within the larger organization. However, independence should not be confused with an absence of interaction. The various cells are in contact with one another and pass messages back and forth on a regular basis.

The Numbers Game

The number of people participating in these organizations is another subject that requires conjecture. This study provides only a very rough range of the numbers involved and should not in any way be construed as hard data. Of the 253 sites that were monitored, 90 were found to keep and post online records of the number of people registered with their organization.

One of the mid-sized groups in the Red Hacker Alliance, the 14,358-member assertion should be examined closely. China Black Hawk Union leadership does not mention if these members are currently active or if a portion (maybe a large portion) simply registered and have minimal or no involvement in the group activities. Revisiting the site on 1 September 2005 showed the membership increasing to well over 17,000.

Visiting each of the 90 sites that kept statistics and then adding up the total number of registered members showed a total of 1,197,769 participants. This presented an extremely large number, one that called into question the credibility of the data. In January of 2006, China Internet Network Information Center released a report that gave the number of Chinese citizens accessing the Internet at 111 million. That would mean that 1% of their online community was made-up of hackers. Fortunately, the web sites had another online tool that provided a better understanding of the actual number of active members. This counter (shown below) gives the current number of people active on the site at a given time. If another person were to log on during this period the counter would move up to 643 and if one of the members logged off the counter would move down. On 1 May 2005, the site ICEHACK furnished their online numbers as 642 and an all time high of online participants as 1,262. Their total claimed membership was 42,969.

By monitoring slightly more than 10% of the sites, at four different times throughout the day, over a one week period, it was determined that on average a site had approximately 2% of its stated membership visiting the site. The monitoring example below shows the numbers given on 11 October 2005 at approximately 11:00 pm in China. The time approximation is based off of survey start-time and the amount of time needed for the site to load (web sites in China are notoriously slow), to record the data from the selected site and move to the next site for collection. Note that the numbers recorded for this date and time were 1.6%, slightly lower than the week’s norm of 2%. To maintain a fair representation of the organization as a whole, sites were selected for monitoring from three categories, those that posted high, medium, and low memberships.

Does this mean that we discount 98% of the claims as exaggerations? No, it would be highly unreasonable to expect every member of the organization to be visiting any given site at the same time. Furthermore, the 2% that were noted at 11:00pm would certainly be a different 2% depending on the time monitored. This does however give us a reasonable number to use as our minimum. The range therefore would be from a minimum of 24,000 to a maximum of around 1.2 million. Even at the minimum end of the scale, this is a large group capable of organizing a variety of activities damaging to governmental and civilian organizations around the globe. It is probable that during times of political strife, these numbers rise dramatically higher and move closer to the upper ranges. Keep in mind that the range of 24,000 to 1.2 million only includes the sites that kept statistics and that the survey is limited in scope. Only 90 out of the 250 sites provided data on online members. This would obviously make both the minimum and maximum figures substantially higher; perhaps even double the range provided.

The alliance is young, it is dynamic, and the numbers it can rally against a problem on any given occasion are enormous. Given the right set of political circumstances, these numbers could swell to over one million. Even though the quality of participants may be highly suspect, the central core of 24,000 regulars should be able to direct them with excellent results.

In discussing more speculative numbers we can extend our minimum by taking the average time spent on the Internet by an individual and extend that over a conservative timeline. If we take the average time spent online by a Chinese user of approximately two and half hours per day, estimate they may use one hour of that on the site where they are a member and the rest for surfing, news, virtual gaming…etc, the hacker web site would change over a new two percent of users eight times in the same number of hours. Eight hours is used as the normal amount of time a person would have in a day after work and sleep. Using the rotating population and doubling it for the lack online statistics of 160 sites and we could be looking at a floating population of some 380,000 hackers that maintain some sort of consistent contact with the organization. Given the difficulty of determining exact numbers, this is very much inline with Taiwanese estimates of 300,000 plus mainland hackers.

Comments Off

Oct 21 2007

Founding of Javaphile

The group Javaphile was established in September 2000 by two Chinese hackers going by the online names of Coolswallow and blhuang (Liang Huang). All members of the group were said to be students of Jiaotong University in Shanghai. The group was later joined by thomasyuan who specialized in Unix programming. Initially the group was merely for Java language enthusiasts as the name implies. This attracted few members, since the Java language had only just been introduced to the country. Coolswallow joined the Red Hacker Alliance following the 2001 collision between the US reconnaissance aircraft and the PRC fighter. Coolswallow and thomasyuan would later initiate a program to reorganize the group into a hacker web site. Some notoriety was gained by the group in 2002 for the defacement of Lite-On, a Taiwanese IT company.

An examination of Javaphile, from the introduction of its web site to the defacements of Lite-On, Fox T.V., and others attacks show something slightly different from the normal Red Hacker Alliance cell. The graphics, language, and structure used by the group are not typical when compared to the majority of Chinese hacker web sites. The group’s homepage shows a picture of a Buddha head surrounded by tree roots, probably taken at Ayuthaya, Thailand. Coolswallow’s personal blog also contains references to Buddha and his/her personal translations and explanation of Tibetan Pali Buddhist engraved incantations.

Comments Off

Oct 21 2007

China Eagle Union

Wan Tao

Wan Tao

In April of 2000, Wan Tao joined’s Naval and Merchant Ships Forum with the online name of China Eagle in response to a posting by a person named Bailing who called for the establishment of a China Eagle club. Between the 19th and 21st of May, he made postings about the delay tactics used by advocates of Taiwanese independence and organized the “Anti-Taiwanese Movement of China Eagle Union.” In September, he participated in China’s first network security hobbyist conference at the Dragon Spring Hotel in Beijing and gave a speech called “Building Hacker Culture with Chinese Characteristics,” that was said to have defined the goals and direction of the Chinese hacker culture. The Chinawill web site was redesigned in October of 2000, and the members of the China Eagle Union finally had “a home online.” In December, Wan Tao attended the “Network Era Patriotism Discussion” held in Nanjing.

China Eagle even composed a theme song for their organization titled Power of the Night.

Power of the Night
Lyrics: By China Eagle Union’s LiZi


“We are flying against the wind in the night. We are the China Eagles of the night. We use our black night eyes to greet the approaching light. We are flying freely through the net. We are the China Eagles of the net. We use the lonely nighttime of the net to greet the approaching daybreak. Feel the power of the night. Use my black eyes. The hot-blood slowly thickens in the night. Searching for hope in the middle of the night. We are the China Eagles. We want to be the elite of China. It doesn’t matter how hard the enemy’s shield is, we want him to know our sharpness. We are the China Eagles. We want to be the elite of the nation. All the just people have given us strength and courage. We can fight forever and never rest.”

China Eagle forced the shudown of the “Water Lilly Association,” a web site for Taiwanese independence, after placing a defacement showing Taiwanese Vice President Lu’s head pasted on a Play Boy.

Comments Off

Oct 20 2007

Evolution of the Red Hacker Alliance

Based on available data, it is the author’s opinion that the Red Hacker Alliance first came into existence in 1998. This was the year that ethnic riots in Jakarta, Indonesia served as a catalyst to bring together existing independent hacker elements and fuse them into a cohesive unit under the banner of nationalism. During this time period, previously independent web sites actively formed connecting links with each other and coordinated attacks against Indonesian government web sites to protest the brutal treatment of ethnic Chinese. Sharp Winner’s comments related to the event demonstrate that this is the earliest appearance of the concept and term Red Hacker:

“A group of patriotic youth active on the net engaged in attacks on Indonesian government web sites, under the alias ‘China Redhackers.’ This patriotic action received a great deal of reporting and praise in the domestic and overseas media. The name China Redhackers began here.”

Chu Tianbi’s historical account claims that it was after the 1999 US bombing of the Chinese Embassy in Yugoslavia that created the alliance and when their first web site appeared:

“The second day after the bombing of the Chinese embassy, the first Chinese Red Hacker web site appeared, and a new type of hacker was born – the Red Hacker.”

While there is room for argument about the conceptualized birth date of the Red Hacker Alliance, Sharp Winner and Chu Tianbi are in agreement that it predates Lion’s founding of the Honker Union of China in 2000. Studying Chu Tianbi’s words carefully also reveals that the alliance is not made up of one entity/web site, he clearly tells us that this was when “the first Chinese Red Hacker web site appeared,” not the only, just the first.

The Years 1995-2006

The years 1995 and 1996 were far too tenuous for the neophyte hackers to be declared anything close to an alliance and there is nothing to suggest that communications and links were taking place with other hackers. Linkage between individual cells must be established in order to satisfy one of our primary preconditions for establishment of the Red Hacker Alliance. The only fixed web site we are told about during this time is Gao Chunhui’s homepage that was dedicated to cracking software code. It is also difficult to cast them ideologically as an alliance in these formative years. Individuals from 1995 to 1996 likely held the same nationalistic views as current members but those views cannot be applied to a shared group mentality. The thinking was still “I” am a Chinese hacker not “we” are patriotic Chinese hackers.

Two key elements that disqualify the year 1997 as the birth date of the Red Hacker Alliance are once again the inability to definitively state that there is unifying nationalism and linkage. We are aware Goodwill has founded the Green Army and that there are at least seven other rudimentary hacker sites operating but little else is known about the relationship between these groups. Wan Tao has also registered the site Chinawill under the name “Voice of the Dragon.” At this point in their history, there has not been that one galvanizing event that would spark their sense of “National Humiliation” and transform them into a collective organization.

By 1998 all the elements that define the current organization are present and functioning. The Jakarta riots have produced unity of spirit, which embodies the Red Hacker Alliance and the “Chinese Hacker Emergency Conference Center” was used as a conduit for communications. The emergency conference center provides us with further proof that additional hacker web sites existed at this time, as it would have been unnecessary to establish it for internal communications among its members. Therefore, we can only presume that the purpose of its construction was for external coordination with outside elements; perhaps the seven rudimentary sites that had been set up in 1997.

From 1999 to 2005, we see an expansion of the Red Hacker Alliance with the addition of the Honker Union of China, the reinvention of Chinawill to China Eagle, Javaphile, and the Ultra Right-Wing Chinese Hackers Opposed to Japan Alliance. Not only are more names added to the roster but the frequency of attacks increases along with the publicity that the group attracts. It is highly likely that the actual number of Chinese hacker sites enlarges well beyond what is reported in the open press during this seven-year period. This is practically certain, given that by the middle of 2005 over 250 web sites were linked directly to the Red Hacker Alliance. What is also likely is that the Chinese hackers themselves are somewhat unaware of the extent and numbers of web sites making up the alliance. No information to date suggests that there has ever been a census performed by the Red Hacker Alliance on the composition of their group.

Hopefully, the arguments presented here will convince readers that this is the evolution of a movement and an organization, that there is merit in understanding the intrinsic nature of the body. Just as the moral contained in the ancient saga of the Blind Men and the Elephant, in which each man touches a different part of his body and comes away with a different view of the character of an elephant, we must look at the whole of a thing to fully understand it.

Comments Off