The Dark Visitor

could we come up with something besides the Chinese flag.

This was a hack of the Matushita Electronics Company (panasonic.com.cn, that still seems to be down) website located in China by H4ck3rsBr.  The hacker uses all the prerequisite Japanese imperialism slogans and denouncements.  Internet security analyst Chen Sanyan thought it was probably a university student on vaction.  He stated that Winter and Summer breaks were their busiest times of the year.

A commenter on the defacement was kind enough to point to http://hi.baidu.com/h4ck3rsbr/blog/ as the possible source:

Continue Reading »

您好，Heike invited me to start contributing to the blog. I have setup email for myself at jumper (at-sign) thedarkvisitor (dot) com. I have enjoyed reading the blog and I hope my future contribution is meaningful. 谢谢！

UPDATE: Jumper adds the following on this post:

I doubt that the mystery poster is Charlie Chung-Ping Chen. Charlie Chung-Ping Chen researches processors. It is certainly possible that he made the transition during his four year absence from the web but I think it is a stretch. At any rate, he hasn’t responded to Gordon. I assume Gordon contacted him by his university email and his status at the university is listed as “leave of absence”.

I tried to find out more about the powerpoint and didn’t have much luck. There isn’t any intro slide and the person who posted the presentation hasn’t posted anything else. It is very amusing that the poster’s handle is Deep Throat.

This thread was first brought to my attention by Jumper who has been collecting postings from an individual in Taiwan named Charlie Chen who is fairly elusive.  The same theme runs through all of Chen’s postings concerning a PRC government run organization of eight Chinese hacker groups dedicated to cyber espionage.

Did a little checking and came across an article by Gordon Housworth who is just as curious about the mystery poster as Jumper.  Gordon did a ton of research and from what I can tell has a good handle on the identity of our mystery man.  He was also able to locate a 26-frame slide show associated with Mr. Chen.

Bsmith provides a detailed update on the uc8010-dot-com, ucmal-dot-com situation.

On or around 4 January, there was an automated attack on thousands of websites. Initial reports were that 70,000 legitimate sites had been compromised, but now the number is estimated at 94,000 sites. These included Fortune 500 corporations, state government agencies, and schools. These sites were infected with malicious code that attempts to engage in click fraud and steal online game credentials from people who visit the destinations.

Read it…Chinese hackers compromise 94,000 sites!

Never heard of this, don’t know what to make of it, not sure I even care.  Anti-Fans, a phenomenon that began in Korea where large numbers of “Anti-Fans” seek to just trash and even poison celebrities.  Number one targets are singers and dancers.  So, the good news…it has spread to China!

This is the Taiwanese band F-4 and they got hacked by Chinese anti-fans for referring to Taiwan as a country while fiming a commercial for tourism.  (Have to admit, a lot of boy-bands here in the US could use a good hacking…just kidding…sort of.)

Chinese actress Zhao Wei targeted by Chinese anti-fans for…too much hotness? No, she wore the Japanese flag.

 Artist Wang Xinling, just a little too cutesy for some fans. They are anti-fans due to her winky-hand-movey antics on stage.

And for the most disturbing of all, they claim to be the Bin Laden for celebrities.

A posting at Sam, Saman, Samantha’s blog sums up my feelings quite well.  But, just because they seem to have gone way past the deep end of the pool, doesn’t mean they can’t make a semi-rocking video!  Enjoy (fair warning, the thing loads slow, slow, I mean really slow):

This was posted by Jumper today, but obviously deserves a place other than just in the comments!   Jumper, this is…no words…just floored:

This reminds me of some comments I have collected from blogs. I’m pretty sure these are all from the same Taiwanese person:

From theregister.co.uk:

There are a least 8 China Hacker Groups. we call them as HuBei Jun(Jun for military troop)

ShangHai Jun, Beijing/TienJing Jun, GuoDong Jun, FuJian Jun, SiChuan Jun, JianSu Jun, SiAnn Jun.

Through incidents handling and investigation with law enforcements,

we found some evidences to prove the china hackers (targeted attack/ spearing phishing)

were come from government (military,intelligent dept and public security).

We have inspect the tools, from the begining trojaned e-mail, backdoor, and realy tools in the way stations.

At first, using Microsoft word (*.doc) file with exploit, to drop backdoors or download spyware from other way stations.

And the backdoor connect back to way station, when hacker came from China (fixed IP or ADSL) to remote controlling victims.

What they want is to collect the contact list files (outlook, MSN …) to build a huge database about relationships for future use,

from the contact list, hackers can send a ‘well-make’ trojaned mail to the others in the contact list, then victims

will trust the e-mail’s subject and fake e-mail source, open it and been compromised. And, periodically jump back to collect the lastest

documents in all file types. Even steal your mail account to have a copy of your mail boxes.

From the official document shows, the cyber operation was directly sponsored or supported by General Staff Department Sec. Four. And the evidences shows they:

(1) Organized: have principle, formal check-in/out time,

in our domain name (used by backdoor) observations, they start to work at 0700 GMT+8 Round 1, 1150 Lunch, 1400 Round 2, 1730 Take a break,

then, depends on group, have night team, to hack foreign countries.

(2) the Tools. not common seen in public Internet .

some hacker groups using the same military produced/purchased hacking tools.

(3) the source IP we sniffer from incident handling, can be directly mapping to military regions of China.

the story is on going everyday!
Continue Reading »

Asahi.com reports that Chinese hackers have increased their attacks on Taiwan.  The Taiwanese Ministry of Justice has provided a timeline of suspected major attacks from mainland hackers.

・1999: Taiwanese government Web sites were illegally accessed, leading to data leaks.

・2003: Cyber attacks were mounted on a total of 650 government and private sites, including that of the Ministry of National Defense. The hackers were apparently operating mainly out of Hubei and Fujian provinces.

・2004: During the campaign period for the Taiwanese presidential election, the in-house computer networks of the presidential office and the National Security Council came under attack, leading to leaked data.

・2005: A failed attempt was made to infiltrate a computer network of the Taiwanese military’s command route.

・2007: Trojan horse spyware was embedded in a computer of a National Defense University teacher, leading to a leak of simulation data on military maneuvers.

The report goes into some detail on “Internet Forces” and their use of Trojans and social-engineering.  Isn’t social-engineering so last year?  NOT!  Chinese hackers, “Internet Forces.”

  You can see the international pressure beginning to mount on Beijing in regards to Chinese hackers.  The US. France, Germany, Japan…and the now the Brits have made it a part of their rounds to complain to Beijing.  Prime Minister Gordon Brown will use his upcoming visit to China to protest the recent
intrusions.  Beijing will soon have to do something to reign in their patriotic youth.  While it is true that other nations have their share of hackers, Chinese hackers seem to be doing their best to get noticed at the highest seats of power.  This might be grea for personal reputation but a lousy long-term strategy.  Read Chinese hackers really upset one Prime Minister.

Saw this article and had some reservations about posting it for a couple of reasons.  1) The title is Chinese Cyberwarfare which this most certainly is not.  You can classify them as cyber attacks, intrusions or whatever but this does not even come close to cyberwarfare.  2) This paragraph:

China’s information warfare expertise likely stems from a group that refers to itself as the “Red Hackers Alliance.” The Alliance operates as a government- or party-backed organization that specializes in network security, software development and patriotic hacker training.

The Red Hacker Alliance does not operate as government or even party backed organization. I will have an article published in Iosphere magazine in the next couple of months that refutes this entire idea.  Am I saying that the Chinese do not have a cyber militia or branch of the PLA that deals with hacking?  No, of course they do.  The US has a branch
of the military dedicated to cyber operation too.  However, the Red Hacker Alliance is not a part of the government or
the military. Will the alliance stay a civilian organization?  I don’t think so but that is for another day.

Didn’t mean to come down so hard on the article, it really is a pretty good summary of some of the 2007 Chinese hacker
attacks.  2007, Chinese hacker year in review.

  With the increase in the number of attacks by Chinese hackers, I may never have to do my own research again.  Yesterday we had attacks on the Pennsylvania state government and today they decided to go after Cleveland…I said Cleveland.  Nobody is safe.  The hackers exploited un-patched SQL injection vulnerabilities that forced end users to visit sites that pay third parties a fee in exchange for sending them traffic.  It really is all about the money.  Read it before the people paying for Adsense go broke!