Feb 27 2008

Chinese hackers attack electric power plant…

Published by at 11:08 pm under Uncategorized

it belonged to them so why not.

It was reported on 26 Feb 08, that the Yili Electric Power Plant (located in Xinjiang) had recently carried out a live hacker attack exercise against its own network in order to raise the capability of network personnel to defend against outside attacks. The Yili Power Plant personnel playing the parts of the hackers had no determined time or target of the simulated attack, they could attack whenever or wherever within the network.

One of the more interesting aspects of the article, was that this was to increase the ability of network personnel to respond to emergency incidents in support of engineering project “SG186.” Here is a little about Project SG186:

Playing a critical role in the SG186 information infrastructure project under the Chinese Government’s strategic economic blueprint — the 11th Five-Year Plan, the SGCC data center faced an urgent need to optimize its information management to keep pace with business growth and the fast changing requirements of the China power industry. The top priority was to integrate all scattered, diversified and isolated data sources onto a unified storage and management platform, offering a centralized data service environment and analytics platform for all IT applications.

More on Chinese Project SG186

UPDATE: Added that this was a simulated attack, performed by personnel within the Yili Power Plant in case there was any confusion.

UPDATE TO UPDATE: Actually only added four words, which I have put in
bold, because the previous update made it sound like there was zero way you could have determined that before the additions.

8 responses so far

8 Responses to “Chinese hackers attack electric power plant…”

  1. undeground.(ms)on 28 Feb 2008 at 3:03 am

    Chinesische Hacker testen Elektro-Kraftwerk

    Wie gestern von The Dark Visitor berichtet wurde testen die Chinesen ihre eigenen Elektro-Kraftwerke auf Schwachstellen in Netzwerken und allem was dazugehört. Bilde sich jeder seine eigene Meinung, ich jedenfalls zweifle an das man mit nem 5 Jahrespl…

  2. Teri Bidwellon 01 Mar 2008 at 11:52 am

    Honestly, now, this article title is way too sensationalist. I saw nothing in the Nengyuan.net article you linked that confirmed the “hackers” were independents nor Chinese, nor that the word “hacker” was being used in any other context than “penetration tester,” for that matter.

    Given that the majority of your readers are not likely to take the time to follow your link into China or to translate the article and read it for themselves, they have only your highly editorialized rendition from which to make a judgment about it’s accuracy.

    The implication from your article is that China invited anyone and everyone to “go for it” on their data center servers, when in point of fact, the Nengyuan.net report is so vague, the “pen testing” contest could instead have been between ameri-euro security companies, not individuals, (and which frankly is what I would expect, given a highly reputable US-Sino company like Sybase smack in the middle of their infrastructure, and given current and previous contracts between China and France for securing the Olympic data centers, as an example.)

    No supporting documentation, links, references, nothing, in the Nengyuan.net article. For all the reported facts, it is nothing more than heresay.

    Here is the link for the 2006 CCW research you quoted, so people can learn more about the SG186 project than just a
    press release from one (probably among many) vendors involved in it.


    Look guys, I know there’s a dire need to get Chinese infosec news into the English-speaking world, but let’s not add unnecessary drama to the mix, mmkay?

    I endorsed this blog because of it’s reporting, not its editorialism. Prove it to me that this occurred! Give me documented facts, links, interviews with people who were there!

    Disclaimer: I am a former infosec employee of Sybase, Inc. This commentary and any/all opinions of the author do not represent the opinions or business dealings of Sybase, Inc.

  3. Heikeon 01 Mar 2008 at 2:00 pm


    Yes, the title was sensationalized but that is what I wanted. You must have really hated my title for the seven-year-old wizz kid story.

    Thought my summary of the article, NOT editorialized, pretty much made it clear this was internal testing. I guess rather than saying, “The personnel playing the parts of the hackers…” should have been “The Yili Power Plant personnel playing the parts of the hackers…”. Still, I don’t think it was that vague.

    Sorry if you somehow came to the conclusion I was TWISTING the artcle to imply, “China invited anyone and everyone to ‘go for it’…”.

    If you want more refs for this story, take your choice:


  4. Teri Bidwellon 01 Mar 2008 at 3:43 pm

    You’re right, I failed to see any humor in your post. Thanks for the changes to it, but unfortunately my quest is yet unmet.

    Half the new links are reproductions published after the NengYuan.net article and none of the others give sources, quotes, names of power company management, details about when it occurred, how it occurred, what the result was, or anything else that lends credibility to the 2/26 article you quote here to be interpreted as fact by your readers (if by no other virtue than the implied credibility of a 20 year army linquistics veteran who must certainly know the truth of this article).

    I challenge you to print on what basis you trust the NengYuan article enough to point fingers at reputable software vendors in the same context, knowing full well the degree of State media control on such delicate matters as national infrastructure.

  5. Teri Bidwellon 01 Mar 2008 at 4:34 pm

    I regret having not said one thing:

    There is a fine line to be walked between informing the uneducated public and poking fun at what infosec veterans already know. The space between is where hatred of people without fault is bred, and that is what I beg you to prevent.

  6. Heikeon 01 Mar 2008 at 8:02 pm


    You exhaust me.

    1) Show me one factual error in my summary of the article.

    2) I find it really weird that you think it is impossible a Chinese company perfomed a security drill to test its defenses against hacker intrusion.

    3) I do believe the article. Not because I have total faith in any reporting but it was reported widely enough to have credibility. Let’s reverse this bizarre little game, you prove the article is false. Do so and I will gladly remove it.

    4) What the hell is this about pointing fingers at reputable software vendors? If your rant is about Sybase, I never said anything or implied anything about them. They happen to have a small blurb in their press release that gave some details about China’s information security infrastructure…that is all. There was never ANYTHING in the article (my summary or the Chinese) that said anyone had done ANYTHING wrong. Where in the world did that come from? Because the word hacker was used?

    5) You seem to be the one who wants to editorialize this pretty insignificant post. You are the one who has made up entire meanings that have never been uttered.

    6) Breath in through the nose and exhale slowly.

  7. Teri Bidwellon 04 Mar 2008 at 1:35 pm

    Again you misunderstand my point. I am not questioning if the testing took place, I am questioning how you check the validity your sources.

    You have linked the word “hacker” to an instance of what most people would call normal security testing based on an unsourced article that’s otherwise uninteresting irrelevant to a blog about hackers.

    Don’t get me wrong, in general I laud the idea of reporting chinese hacker news in english. I just don’t think this was chinese hacker news.

  8. Kelvin32on 13 Oct 2009 at 5:11 am

    The similarly themed and named Canadian Now! ,