Wanted to take this opportunity to wish everyone a Happy New Year and offer my special thanks to Jumper, Eastwood and J.D for giving me advise, encouragement and counsel. You guys have made this a very enjoyable experience! Be safe and have a great New Year!
Ever played Sudoku? There was a time when I couldn’t get away from the game. Maybe it is my obsessive-complusive personality but finding out who hacked what is getting to be a lot like that.
Fair warning, this Chinese hacker hunt isn’t very satisfactory, no picture of the guy at the end of the trail. Still, I did it, so you will have to suffer the disappointment with me.
Went back to an old favorite of mine, zoneh.cn and started looking at the hacked websites. I don’t bother with internal Chinese hacks but the ones outside of China just annoy me.
Coming in at number 6 in the standings of Top 20 Users is Webshell with 689:
One of the websites outside of China, listed under Webshell’s credits is http://www.photozone.co.kr: (Korean)
Here is the mirror of Webshell’s hack:
Translation: Whoosh, an amateur passed by. I am just a very young amateur.
Continue Reading »
Proficient Windows Registry + BIOS
I know this has been slow going but…well, the holidays you know. In the spotlight today:
- Real Name: Zhang Xinghu (张兴虎)
- Online Name: Flyingfox
- Organization: www.54hack.org, www.yl.net.cn
- Age: Unknown
- Known Hacks:
- Summary: Founder of China Youth Hackers Alliance. In 2004 was a technical security advisor for a police station. Author of Proficient Windows Registry+ BIOS
Added to list of Top Chinese Hackers.
(Scroll to the bottom of the link) Reporters Without Borders is claiming that it was probably mainland Chinese hackers who used a DDOS attack on Boxun’s website to shutdown dissident postings. Not really familiar with Boxun but they have also posted the attacking IPs and the number of hits received.
Received a comment from reader Kitty stating that, Chinese hacker Sunwear claims the article I wrote showing him in a People’s Armed Police uniform was a joke on a friend and not real. Kitty also claims this has stirred up trouble.
Actually, in an update posted on 26 Nov 2007, I make pretty much that same observation. I would also submit to kitty that it isn’t the picture that has caused trouble but Sunwear’s act of breaking into Japanese websites he does not own. Just my two pennies worth.
Started surfing Baidu and ran across this 2006 interview with Dhillion Andrew Kannabhiran (a.ka. L33tdwag), CEO and founder of Hack in the Box. The discussion was conducted by superlone, a member of Eviloctal (Chinese hacker group) and was sort of funny, weird, chilling, uncomfortable… It is a bit longish but I think well worth the read.
Here is my favorite part:
superlone: as for chinese secuirty industry,how much do you know about it?about chinese hackers and the level of chinese hackers?
L33tdawg: well on the industry aspect i don’t really know much.as for chinese hackers we are affiliated with XFOCUS which imho has some of the best researchers.remember that it was the XFOCUS guys who were the first to turn LSD’s RPC DCOM research into a working exploit targetting all Chinese version of Windows.
superlone: what other chinese seucurity groups or communities do you know besides XFOCUS?
L33tdawg:apart from XFOCUS, i know you are from www.eviloctal.com.well i’m sure there are many, but seeing that i do not read or speak Chinese, it is a bit difficult to make contact.
Ahh, fun with Chinese hackers. Continue reading…or not.
Got to give Ed Dickson at Blogger News Network credit for working Storm Worm, zombies and scantily clad women in Santa attire into the same headline. Of course the offending URL for this potential horror movie has a .cn trailer attached to it. Now, in case you somehow missed out on getting your computer infected on Xmas, I’m sure our Chinese hacker friends will give you another shot at it come New Year’s.
Elia Florio has written a very informative piece on a Chinese hacker named Hao Tian distributing a program that exploits vulnerabilities in MS Office for Word.
The attacker has only to bind an executable such as Backdoor or an Infostealer trojan, and the tool will do the rest. It will create a malicious MS Word file that can drop and run the chosen .exe file. No need to analyze buffer overflows, find return addresses, or program complicated shellcode. Zero knowledge, maximum result, and minimal effort.
Closely following the article, Hao Tian decided his registration was full and closed shop.
Go read the full article on this Chinese hacker malware at Symantec.
First, let me start you off with a little background on the Gray Pigeon Trojan here. Great stuff, they even upset their own people enough to force them to stop production. A good thing too because that program was turning up in a lot of government systems, like here for example.
However, just like every 80′s horror movie, the thing just refuses to die. So, the announcement posted on 2 Dec 07, at hx99.net (previous link removed, page taken down by hx99.net) saying they were making a come back didn’t come as too much of a shock.
The old disbandment message dated 21 March 07 is still on the front page of the Gray Pigeon website (why does the one pigeon look like a hummingbird…who knows.):
Just as promised, their fresh postings on 18 and 22 Nov 07 promise a revival of the site. The posting on 22 Nov 07 could use some IT input on the screenshots.
The text is too much for my Chinese but maybe some of you IT guys could provide some insight.
Hat-Tip: As always, Jumper
Interesting article from SCmagazine on Chinese hackers filling the void after the Russian hackers packed up shop. It doesn’t give enough detail to determine the particulars but raises a lot of questions. Was this a voluntary surrender by the Russians? Working in concert with one another? Would love to hear more about it if anyone knows.
Russian Hacker Move Out…And The Chinese Move in.