The Dark Visitor

In an article posted today (21 Nov 07) on cnhacker.com, a Chinese hacker going by the pseudonym“Name81″ apparently had an online breakdown after suffering Taiwanese Independence Syndrome. The combination of Chen Suibian’s moves to join the UN and US arms sales to Taiwan caused him to hack 32 websites in the United States. Here is his blog site:

No mention as to which websites were hacked but he did have a nice little anti-US rant on his blog.

UPDATE: Kept looking a little more and these seem to be the sites he claims to have hacked

UPDATE: All hacks have the same IP address 209.225.105.101 and location Racine Wisconsin.

Continue Reading »

Best (maybe only) English Language Video Documentary on Chinese Hackers

Hat-tip to Jumper

This video was produced by iDefense; these guys are the best in the business when it comes to research on Chinese hackers. It also features Lion (Lin Yong) leader of the Honker Union of China.

Hat-tip again to Jumper

He informs me that it was produced by Discovery…still great video!

Top 10 Chinese Hacker Sites According to Alexa

      While I’m not sure I agree with these sites being the most popular overall, they are according to Alexa search.

In case you have trouble reading the list (had to modify it to fit) the list was as follows:

1. cnhacker.com
2. hackbase.com
3. hackerxfiles.net
4. juntuan.net
5. forum.eviloctal.com
6. bbs.7747.net
7. hhacker.com
8. nsfocus.net
9. netxeyes.com
10. chinaeagle.org

Chinese Hacker Documentary

        The documentary below was posted on Youku (Chinese Youtube) in May of 2007. It is a CCTV 10 documentary that features Wan Tao, the leader of China Eagle, covering the history of the Red Hacker Alliance. The clip is 36 minutes long, so I’m not going to translate it but I did want to post it to show an example of what we can learn using open source information. All of the history that he talks about here is covered in my book but it is interesting to note how open they are about the subject. You can see just about all the defacements seen in the video at the my Flickr site located on the right in the navigation buttons.

        If you are just interested in seeing an honest to goodness famous Chinese hacker, Wan Tao begins speaking at 2 minutes 24 seconds into the video and then throughout. Warning, it loads really slow. One of the other reasons I don’t want to spend a lot of time translating.

More…Where are they now?

        Meet Lion (true name Lin Yong), a Chinese hacker who at the age of 22, established the Honker Union of China in 2000. At that time, he had only a little over one year of Internet experience. After leading his faction in many cyber conflicts, he would disband his organization in 2004. He was also responsible for coining the word “Honker” as a term to identify the group to Westerners. So, where is he today? Couldn’t find him on World of Warcraft like his buddy Goodwell but I did check out a few links on his old blog and it looks like he was still working at XSec (We are Red Hat) as late as December of 2006. Lion also used the online name of nop, that I believe stands for “no operation” in computer programmer ease. In this screenshot (modified to fit better), we can see nop’s posts on the site:

The site also left an e-mail address for him at nop@xsec.org

    Couldn’t find anything more recent. Guess I could drop him an e-mail and ask what he was up to but…I don’t think I would dare open up any reply he sent. Oh well.

Asymmetric cyber threat

Fairly good article on Cyber Warfare possibilities and how the Chinese might be involved but I’m not so sure it is “asymmetric”. God, that word can be annoying…but hey, he who is without sin…

One asymmetric threat to our military forces and the nation is “cyber terrorism.” Our advanced technologically based military forces — dependent on our satellites, critical infrastructure computers, the Internet, secure software programming, computer-driven telecommunications, air traffic control centers and other sophisticated sensor systems — are tempting targets for cyber terrorism.

Continue reading more…

China’s Most Famous Hacker…Playing World of Warcraft?

Left unknown, Center Wan Tao (Founder China Eagle), Right Goodwell

Here is a little history on Goodwell from his days as founder of the Green Army:

The Green Army was founded by a Shanghai hacker going by the online name of Goodwell, it was reported to have had a membership of around 3,000 people from Shanghai, Beijing, and Shijiazhuang. The other four key members of the group went by the pseudonyms Rocky , Dspman (HeHe), Solo, and LittleFish. It also attracted others, considered to be part of China’s first generation hackers, the likes of Xie Zhaoxia, Brother Peng, PP (Peng Quan), Tian Xing (Cheng Weishan), IceWater (Huang Lei), and Little Rong. The group disbanded in 2000 and its rise and fall was described as “confusing” by insiders who consider it one of the enduring symbols of the Chinese hacker movement. The Green Army is said to have hacked “uncountable foreign web sites.” Indeed, many of China’s top hackers were past members of this group.

So, where is he now you ask? Apparently he is spending quite a bit of time playing World of Warcraft and doing a bang up job. In an interview with wow.duowan.com, Goodwell was congratulated for his world record breaking move from level 60 to 70 in under 24 hours. There were some details in the article about how he achieved this feat but it had a bunch of World of Warcraft stuff I don’t understand…but he did it…without hacking…he said. During the interview,which was conducted in September of 2007, he intruduced himself as the founder of the Green Army Hacker Organization Goodwell (Real name Gong Wei).

Picture of Goodwell’s Character on WOW

Screen name: Silver Dragon

Real name: Goodwell (Gong Wei)

Occupation: Hunter

Faction: Tribe

Server: 7th Region? An Geluo

Guild: Green Base

Apparently, there were some problems when his guild (over 2,000 players) was located on the 5th Region server (Unsure of the the translation for servers as regions) for moving up too quickly in ranking. So, they changed their name from the Chinese for Green Army Corps to the English word Greenbase. He Just can’t seem to let go of the old days…and that should scare you WOW players.

Group photo of Greenbase Faction after breaking record

chinese hackers

Chinese hacker xyzreg claims to have broken Kaspersky Anti-Virus Technology

卡巴最新查毒技术被中国黑客攻破

        In the headlines on Hackbase, one of China’s largest hacker websites, claims are being made that a Chinese hacker/researcher named xyzreg has broken Kaspersky’s newest anit-virus technology. His announcement was made at the Chinese 2007 Security Focus Summit. During the summit he demonstrated how to penetrate the security software defenses of Kaspersky, Norton and McAfee. He has posted the method for breaking Kaspersky 7.0 on his blog.

More details as I can find them.

UPDATE: Found xyzreg’s blog. I will post the information but please remember I am just a linguist and this might as well be in Chinese…wait…anyway here is what he posted:

[2007/11/09 13:46 | by xyzreg ]

It only took me several lines (10 or so) of code and I broke it, it didn’t even take all my skill.

DWORD fpid,epid;
void VMM()
{
PROCESSENTRY32 pe;
HANDLE hkz=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
pe.dwSize=sizeof(PROCESSENTRY32);
if (Process32First(hkz,&pe))
{
do
{
if (pe.th32ProcessID==GetCurrentProcessId())
{
fpid=pe.th32ParentProcessID;
}
if (stricmp(pe.szExeFile,”explorer.exe”)==0)
{
epid=pe.th32ProcessID;
}
}
while(Process32Next(hkz,&pe));
}
}
Main Function:
VMM();
if(fpid!=epid)
return 0;
You don’t understand? Then don’t look at it. It’s common sense, common sense…

UPDATE: The real name of xyzreg appears to be 张翼(Zhang Yi).

MORE UPDATES: Zhang Yi attended the Xcon 2007 Conference that I was at in 2006.

Cybermageddon, isn’t that just great…

    Russian hackers moving to Chinese servers, what could possibly go wrong? Popcorn…check, large soda…check, order shotgun and can goods…check.

Russian Cyber Hackers Relocate to China

    The Russian Business Network (RBN), recently making headlines for the massive amounts of malicious and criminal content passing through its servers, has suddenly moved it’s St. Petersburg base to other countries.

    According to Trend Micro, the hackers now have new chunks of IP addresses, with RBN-like activity developing on newly registered blocks of Chinese and Taiwanese IP addresses with phrases like, “Great locale for a proxy Estonian webwar attack” and “The CHINESE are launching cybarmageddon!”

Continue reading more…

Alicia Keys Myspace Hack by Chinese? NO!

Attacking national security is one thing but hitting our R&B singers is going too far!