Archive for December, 2007

Dec 31 2007

Happy New Year!

Published by under Uncategorized

Wanted to take this opportunity to wish everyone a Happy New Year and offer my special thanks to Jumper, Eastwood and J.D for giving me advise, encouragement and counsel.  You guys have made this a very enjoyable experience!  Be safe and have a great New Year!

4 responses so far

Dec 30 2007

Just Like Sudoku

Published by under Hacker Hunting


    Ever played Sudoku? There was a time when I couldn’t get away from the game.  Maybe it is my obsessive-complusive personality but finding out who hacked what is getting to be a lot like that.

Fair warning, this Chinese hacker hunt isn’t very satisfactory, no picture of the guy at the end of the trail.  Still, I did it, so you will have to suffer the disappointment with me.

Went back to an old favorite of mine, and started looking at the hacked websites.  I don’t bother with  internal Chinese hacks but the ones outside of China just annoy me.

Coming in at number 6 in the standings of Top 20 Users is Webshell with 689:


One of the websites outside of China, listed under Webshell’s credits is (Korean)

Webshell hacks

Here is the mirror of Webshell’s hack:


Translation: Whoosh, an amateur passed by. I am just a very young amateur.

Continue Reading »

5 responses so far

Dec 28 2007

Top Chinese Hacker of the Day

Proficient Windows Registry + BIOS


I know this has been slow going but…well, the holidays you know.  In the spotlight today:

  1. Real Name: Zhang Xinghu (张兴虎)
  2. Online Name: Flyingfox
  3. Organization:,
  4. Age: Unknown
  5. Known Hacks:
  6. Summary: Founder of China Youth Hackers Alliance.  In 2004 was a technical security advisor for a police station. Author of Proficient Windows Registry+ BIOS

Added to list of Top Chinese Hackers.

Comments Off

Dec 27 2007

Chinese Hackers Crash 2000 Blogs

Published by under Nationalism

(Scroll to the bottom of the link) Reporters Without Borders is claiming that it was probably mainland Chinese hackers who used a DDOS attack on Boxun’s website to shutdown dissident postings.  Not really familiar with Boxun but they have also posted the attacking IPs and the number of hits received.

Comments Off

Dec 27 2007

Sunwear Picture Claimed a Joke

Published by under Hacker Hunting

Received a comment from reader Kitty stating that, Chinese hacker Sunwear claims the article I wrote showing him in a People’s Armed Police uniform was a joke on a friend and not real. Kitty also claims this has stirred up trouble.

Actually, in an update posted on 26 Nov 2007, I make pretty much that same observation. I would also submit to kitty that it isn’t the picture that has caused trouble but Sunwear’s act of breaking into Japanese websites he does not own.  Just my two pennies worth.

Comments Off

Dec 27 2007

Chinese Hacker Interviews Hack in the Box Founder

Published by under Hackers Talking

  Started surfing Baidu and ran across this 2006 interview with Dhillion Andrew Kannabhiran (a.ka. L33tdwag), CEO and founder of Hack in the Box. The discussion was conducted by superlone, a member of Eviloctal (Chinese hacker group) and was sort of funny, weird, chilling, uncomfortable…  It is a bit longish but I think well worth the read.

Here is my favorite part:

superlone: as for chinese secuirty industry,how much do you know about it?about chinese hackers and the level of chinese hackers?

L33tdawg: well on the industry aspect i don’t really know for chinese hackers we are affiliated with XFOCUS which imho has some of the best researchers.remember that it was the XFOCUS guys who were the first to turn LSD’s RPC DCOM research into a working exploit targetting all Chinese version of Windows.

superlone: what other chinese seucurity groups or communities do you know besides XFOCUS?

L33tdawg:apart from XFOCUS, i know you are from i’m sure there are many, but seeing that i do not read or speak Chinese, it is a bit difficult to make contact.

Ahh, fun with Chinese hackers. Continue reading…or not.

Comments Off

Dec 26 2007

Chinese Hackers Must Get Tired During the Holidays

  Got to give Ed Dickson at Blogger News Network credit for working Storm Worm, zombies and scantily clad women in Santa attire into the same headline.  Of course the offending URL for this potential horror movie has a .cn trailer attached to it.  Now, in case you somehow missed out on getting your computer infected on Xmas, I’m sure our Chinese hacker friends will give you another shot at it come New Year’s.

3 responses so far

Dec 23 2007

The Demise of Hao Tian’s Blog

   Chinese Hacker Malware

  Elia Florio has written a very informative piece on a Chinese hacker named Hao Tian distributing a program that exploits vulnerabilities in MS Office for Word.

The attacker has only to bind an executable such as Backdoor or an Infostealer trojan, and the tool will do the rest. It will create a malicious MS Word file that can drop and run the chosen .exe file. No need to analyze buffer overflows, find return addresses, or program complicated shellcode. Zero knowledge, maximum result, and minimal effort.

Closely following the article, Hao Tian decided his registration was full and closed shop.

Close of Chinese hacker blog

Go read the full article on this Chinese hacker malware at Symantec.

4 responses so far

Dec 21 2007

Damn Pigeons! 灰鸽子


    First, let me start you off with a little background on the Gray Pigeon Trojan here.  Great stuff, they even upset their own people enough to force them to stop production.  A good thing too because that program was turning up in a lot of government systems, like here for example.

   However, just like every 80′s horror movie, the thing just refuses to die.  So,  the announcement posted on 2 Dec 07, at (previous link removed, page taken down by saying they were making a come back didn’t come as too much of a shock.

   The old disbandment message dated 21 March 07 is still  on the front page of the Gray Pigeon website (why does the one pigeon look like a hummingbird…who knows.):

Gray Pigeon Trojan

   Just as promised, their fresh postings on 18 and 22 Nov 07 promise a revival of the site.   The posting on 22 Nov 07 could use some IT input on the screenshots.

Gray Pigeon Trojan

The text is too much for my Chinese but maybe some of you IT guys could provide some insight.


5 responses so far

Dec 20 2007

Russian Hackers Move Out, Chinese Hackers Move In

Published by under China Russia Links

Hat-Tip: As always, Jumper

    Interesting article from SCmagazine on Chinese hackers filling the void after the Russian hackers packed up shop.  It doesn’t give enough detail to determine the particulars but raises a lot of questions.  Was this a voluntary surrender by the Russians?  Working in concert with one another?  Would love to hear more about it if anyone knows. 

Russian Hacker Move Out…And The Chinese Move in.

Comments Off

Next »