Dec 17 2007

2005 Chinese Hacker Attack On The UK

Published by at 7:10 pm under UK Attacks

Small section from my book on the UK attack that took place in 2005:

Knowing the types of malicious programs developed and used by certain hacker groups can assist us in pinpointing the source of attacks. Just as traditional criminals develop modus operandi, so do cyber criminals. They will favor one set of techniques and tools over others and just as in traditional law enforcement, these techniques can be used to identify the individuals or groups responsible for the crime. While not foolproof, profiling of groups such as the Red Hacker Alliance may offer additional clues as to their involvement in cases of fraud or theft of sensitive materials.

In June of 2005, the National Infrastructure Security Co-ordination Centre (NISCC) released a report detailing Trojan e-mail attacks targeting United Kingdom “government and companies.” The briefing noted that the attacks were coming from the “Far-East” and Trojans used in the attack included Gray Pigeon and Nethief. Chinese hackers have taken credit for the creation of both of these two Trojan programs. Mark Sunner, the Chief Technical Officer for MessageLabs, said:

MessageLabs can confirm that the source of the IP addresses originates in China. But there’s a much bigger and broader problem here. The ‘China’ word is not meaningless but it doesn’t mean they are the perpetrators.

Other experts were also skeptical that the IP addresses alone proved the attacks were coming from China. However, on 23 October 2005, posted a story about the attacks on the British government and the speculation that the attacks were coming from the Far East. The article was apparently taken from the foreign press and translated into Chinese. The comments in response to the article from members of Hackbase, while not conclusive, are very suggestive:


41444: Awesome, I am very moved!! My thanks to the elder hackers, I hope you all can attack the US

Real Cow X: I want to express my sincere sympathy to the English government! ! ! ! Many thanks to the elder hackers

Well done!!: The English government has become the target of a Trojan e-mail attack!!!

By applying the hacker profile to this case, the evidence points very strongly to Chinese fingerprints present at the crime scene. The attack perpetrated against the UK government had: IP addresses that originated from China; used a backdoor to gain entrance to the computers, one of the preferred methods of the Red Hacker Alliance; and used both Gray Pigeon and Nethief, two of their favorite tools. In addition, members within the organization, when reading about the attack, expressed their admiration for the “elder hackers” who they seem to credit for the attack’s success.

One response so far

One Response to “2005 Chinese Hacker Attack On The UK”

  1. The Dark Visitor » Damn Pigeons!on 21 Dec 2007 at 9:13 pm

    [...]     First, let me start you off with a little background on the Gray Pigeon Trojan here.  Great stuff, they even upset their own people enough to force them to stop production.  A good thing too because that program was turning up in a lot of government systems, like here for example.  [...]