Archive for February, 2008

Feb 29 2008

Chinese hackers feature US Air Force Cyber Command

Published by under Hackers Talking,Uncategorized


While this registers about a zero-factor on my WOW o’meter, it does bring up one of my chief complaints, is there any reason I can’t Google “Chinese Cyber Command” in English and get almost 1,700 hits (which is what I got using Chinese to find US Cyber Command “美军成立“黑客”司令部“)? Oh yeah, we don’t do Chinese…@#$%!

The Chinese translation is actually US Military Establishes “Hacker” Command…so that is funny…but probably just to me.

The reason this “revelation” pegs absolutely nothing on my bar of “Oh my god they know!” is that the US Air Force has announced their new cyber command both far and wide. I also think it is a brilliant idea…one that the US Army should steal. Computers are ground-based operations and do not fly.

Comments Off

Feb 29 2008

Chinese hackers + Facebook + Buffer Overflow= Scupper?

Rob Rachwald from Fortify Software on Facebook vulnerability:

“Fortify Software, the application vulnerability specialist, says that buffer overflows are at the heart of a series of hacks against the Facebook and MySpace social networking sites.

The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language hacker sites, meaning that novices have been able to stage these attacks, and not just professional hackers,” he added.

Just want to add a couple of thoughts here:

  1.  When he says, “Several Chinese language hacker sites…” he really should add, “that thousands of Chinese hackers can download.” Using just the word several, sounds like only five or six guys/gals could find it.
  2. These guys aren’t novices, they get paid.  Some inexperienced yes, novices no.
  3.  Who uses the word scupper?

Verb 1. scupper – wait in hiding to attack

Comments Off

Feb 28 2008

Next Chinese Hacker to attack Pentagon…SEVEN-YEAR-OLD BOY


The kid is just barely seven years old and already goes by the name “Cowboy.” Christ.  Here are the stats on this rising child genious from Guangxi, China:

  1.  At the age of three, he was able to install both Windows 98 and Windows XP
  2.  At the age of four, he was learning DOS commands, installing drivers and downloading computer games
  3.  At the age of five, he was learning to install computer hardware
  4.  At the age of six, he started college-level classes in Visual Basic 6.0
  5.  At the age of seven, he crashed the entire New York City power grid

Okay, that last one I made up but you know it is only a matter of time. Got to watch my kid perform in a play about farm animals that took the class one week to learn…we are in so much trouble!

7 responses so far

Feb 27 2008

Chinese hackers attack electric power plant…

Published by under Uncategorized

it belonged to them so why not.

It was reported on 26 Feb 08, that the Yili Electric Power Plant (located in Xinjiang) had recently carried out a live hacker attack exercise against its own network in order to raise the capability of network personnel to defend against outside attacks. The Yili Power Plant personnel playing the parts of the hackers had no determined time or target of the simulated attack, they could attack whenever or wherever within the network.

One of the more interesting aspects of the article, was that this was to increase the ability of network personnel to respond to emergency incidents in support of engineering project “SG186.” Here is a little about Project SG186:

Playing a critical role in the SG186 information infrastructure project under the Chinese Government’s strategic economic blueprint — the 11th Five-Year Plan, the SGCC data center faced an urgent need to optimize its information management to keep pace with business growth and the fast changing requirements of the China power industry. The top priority was to integrate all scattered, diversified and isolated data sources onto a unified storage and management platform, offering a centralized data service environment and analytics platform for all IT applications.

More on Chinese Project SG186

UPDATE: Added that this was a simulated attack, performed by personnel within the Yili Power Plant in case there was any confusion.

UPDATE TO UPDATE: Actually only added four words, which I have put in
bold, because the previous update made it sound like there was zero way you could have determined that before the additions.

8 responses so far

Feb 26 2008

Chinese hacker Industry

Published by under Hacking for money

I’ve written before about the entrepreneurial nature of Chinese hackers but not sure if it is enough to make the point. This is a big industry with big profits and the money is not just made from illegal activities; they have created a market for anything dealing with Chinese hacker culture.

Just to give you a better example of what I am talking about, I have created a collage of the monthly magazine Hacker Handbook published by  Remember, this is just one hacker website and there are hundreds of them.


Nohack’s entire collection of hacker magazines is available for sale at Taobao.

One response so far

Feb 26 2008

Chinese hackers…a dozen roses


This film came out on 19 June 2006, so it is a little old but has one, two or
three interesting things:

Title: Hacker Apocalypse

Running time: 67 minutes

Written by: Li Feng  (Who also wrote Hero)

Backed by: The famous Beijing amatuer film organization BAERXIU Movie Club

Plot:  Tieke, the proprietor of a computer company, is also the brains behind a secret hacker organization.  He accepts a large sum of money from an unnamed organization  to make preparations for a large-scale invasion campaign on the Japanese network using a virus he created called “The broken-hearted rose.”

The movie was not well received by some hackers and DVD fans…they hacked the movie’s website twice.

There was a TV show in 2002 on CCTV6 called the Rose hacker.

There is also a real Chinese Rose virus/trojan (rose.exe).  Jingtian talks a little about on the Kaspersky forum here.

Of course the most famous Chinese hacker Rose, the Withered.

Why all this? Not sure, but started to see a lot of refs in Chinese to 
rose hacker/virus this or that and now you have too.

Comments Off

Feb 25 2008

The Atlantic on the Great Firewall

Published by under Censorship

The Atlantic has a great article on the Great Firewall of China (GFW).  It is full of technical details about the central component of Internet censorship in China.  The article discusses some of the censorship countermeasures such as proxy servers and VPN and suggests that the PRC government only has to make it difficult, not impossible.  The majority of users can’t be bothered to use a proxy so they stick with the sanitized official news sources.

One thing that I have found in my own research is that internal/domestic censorship is handled primarily by content providers themselves, not by the government.  There isn’t any official guidance on what should be censored on portals and boards (“bars”) so it is left up to the provider, who may be overly cautious in order to avoid trouble.  I have read that there are periodic meetings between propaganda representatives and the official content providers in order to inform them of what issues should be avoided and which stories should be prominently displayed.  This leaves those within the PRC who are not willing to use proxies with an unbalanced view of current events.

4 responses so far

Feb 24 2008

“Crouching Powerpoint, Hidden Trojan,” by Maarten Van Horenbeeck

Published by under Hacker Hunting,Nationalism

 I so wish I could steal that title from Maarten…

The really nice thing about having a blog is that you get to interact with people who are much smater than you; Jumper, Eastwood, 回声, Richard…you get the point.  Well, a new member of the “much smarter than me club” is Maarten Van Horenbeeck.  Maarten was nice enough to contact me and share some of his research on targeted attacks and information operations.  Maarten’s summary from his presentation at 24C3 on targeted attack patterns :

In essence, I looked into targeted attacks against the Falun Gong community, as they are still taking place today. I list some of the unique features (such as “domain parking”) some of these attacks have, and briefly touch on ways to better defend corporate networks. Naturally, there was too little time in one hour to cover it all. Finally, I show a small map that illustrates the complexity of a single attack series over a total of 8 months.

Being retired Army, I am a sucker for a good presentation and Maarten delivers in spades.


Want to share two more of the slides from his presentation because these pointed out that Maarten isn’t just a tech guy, he has researched Chinese strategy and truly understands it.  He also points out the targeting methodology of the attacks in the pre-attack stage.  This is something I have referred to as net reconnaissance, similar to probing operations.



Here is Maarten’s blog site, the rest of his presentation “Crouching Powerpoint, Hidden Trojan” and from the 243C conference (torrent vids included). Also, wanted to include this link to Chinese strategic thinking, Learning from the Stones.

Many thanks to Maarten for letting me share this!

3 responses so far

Feb 22 2008

Chinese hackers called, “immoral, robotic-like assassins”…by the PRC’s Bureau of Civil Administration?

Published by under Uncategorized


From an article in the China Philantrophy Times, which falls under the PRC Bureau of Civil Administration, discussing justice and fundamental ethics.  The article touches on immorality and the difference between “legally illiterate” and those who intentionally break the law.  One of the examples they use are Chinese hackers:

Recently, a Xinhua News article reported that due to young people’s worship of hacker technology and the pursuit of “illegal money (making money from hacking),” the country now has a large number of hacker websites that conduct training in hacker technology and supply free hacker tool downloads, which has constantly lowered the hacker threshold (made it easier to become a hacker). Now there are many hackers who are bringing up other hackers.  They master some insignificant skills in order to bully normal web users, as well as small and medium size websites.

Fang Binxing, a scholar at the Chinese Academy of Engineering, believes that the main reason Chinese hackers are increasing in number is due to the spread of hacker tools.

The technology expert’s argument of course makes a certain amount of sense but only on a technical level.   The basic reason is that many of these people who study, develop and use hacker technology don’t feel it is
wrong.  Their hearts have already been blinded (immoral), it is as if they are like robotic assassins.  It is only the technology that motivates them, they are only driven by benefit/profit (fun is also a form of benefit) that provides them their power.

Now to be fair and to take this example of hackers in the total context of the article, it is saying that here is case where
the youth have failed to see the difference between right and wrong. They know difference between the two in their hearts but the pursuit of fame, riches and power has led them to behave in an immoral manner. However, it does point out certain things we need to take note of:

  1.  The government is aware of the Chinese hacker community but does not control it
  2.  This is a warning from the government to the Chinese hackers that things are getting out of hand
  3.  These are not the actions of patriots, it is now bordering on criminal activity

The full article in Chinese is here

One response so far

Feb 21 2008

McAfee Sage 3

Published by under Chinese Malware

McAfee Avert Labs has released issue three of the Sage soft magazine.  Inside is a detailed overview of malware related to several regions of the world including China (I assume the discussion only includes the mainland).

The article provides some interesting background on Internet use in China as well as preferred methods of communication and payment.  It goes on to discuss malware threats and how online game password stealing malware seems to dominate there.  One interesting statistic:  some 70% of QQ users have reportedly had their QQ accounts stolen.

McAfee Sage Cover Page

Comments Off

Next »