Archive for March, 2008

Mar 30 2008

Chinese hacking, pornography, prostitution and…foot fetish

Published by under Hacking for money

 legs.JPG

 Legs and foot video from Zhang’s site (NO, I am not going to link where I found it!)

So going to regret this post, I’m sure.  Don’t even want to see the search hits that bring people to it.

The Public Security Bureau of Binzhou City, Shandong recently broke a case
involving use of the internet to disseminate obscene material; the chief suspect named Zhange was arrested.

Beginning in January, the bureau began receiving numerous reports about a pornography website. After receiving the reports, the bureau immediately opened an online investigation and found that the suspect Zhang had opened the “Foot Fetish Stocking Club” (that is as close as I can get for this translation). It was believed that the club was used as bait for prostitution. The website held over 20,000 obscene pictures.

On 20 Feb, suspect Zhang was arrested while in the act of disseminating pornographic information. Zhang confessed that he and others had used hacker methods to break into the Binzhou district ELEMENTARY SCHOOL server to setup the porn site.

Really can’t take any more of this post.

One response so far

Mar 29 2008

Yes…we are the net police. Or, some type of honeypot. We’ll get back with you.

Published by under Hacker Hunting,Hackers Talking

First, I’ll be gone until next Wednesday, another conference.  However, found this and thought it was amusing:

Back in November I was just looking through zone-h.cn and found Chinese hacker Merciless Wind. Well, it seems Mr. Mercilesss finally noticed the posting:

thelaw.JPG

Merciless wonders if zone-h.cn is being monitored by the NET POLICE!

One commenter thinks it may be some type of honeypot.

Personally, I prefer net police.  I’ll have to ask Jumper which he prefers but I can’t imagine him wanting to be referred to as honeypot.

Comments Off

Mar 27 2008

Chinese hackers would like to introduce you to Disk Wizard and the Mechanical Dog

diskwizardvirus.JPG

This seems to be one of the most popular articles currently floating around on Chinese hacker websites concerning the increasing resilience of new viruses and the virus industrial chain.  This will be extreme gist because I’m kinda pressed for time today:

  1.  Little Wu, expert gamer, depressed because all his virtual property is getting stolen
  2.  Little Wu isn’t alone, past couple of days all the online gamers have been worried about a new virus called the  Disk Wizard
  3.  Disk Wizard is considered 10 times more serious than last year’s king of viruses Panda Burning Incense
  4.  According to reports, Disk Wizard can prohibit the use of any anti-virus software
  5.  Disk Wizard can prevent the user from going into safe mode to remove the virus and from accessing their anti-virus webpage to request help
  6. CNCERT estimates the virus industrial chain earning 238 million YUAN a year and causing losses of 7.6 billion YUAN
  7. Reported that the author of Mechanical Dog made 100,000 YUAN a month, more than four times the amount of top programmers
  8. Engineer from Kingsoft said that Trojans such as Mechanical Dog and others were working together to deliver the viruses
  9. Disk Wizard is cable of downloading AV Terminator (Mechanical Dog)
  10. These types of Trojan download tools have become the most popular platforms for virus manufactures and also their most profitable
  11. Due to lack of oversight, it is becoming more common to see viruses for sale on the Internet
  12. Very easy to find malware for sale postings all over the place, use 
    QQ number to contact seller
  13. Estimates that by 2010 China’s online gaming industry will earn 30 billion YUAN
  14. CNNIC reports China already has 40 million online gamers, making up 20% on their online population
  15. Report claims that laws need to be clarified to go after virus manufactures, now it is only a misdemeanor

I really want to find a larger version of that chart at the top of the page, spent about 2 hours trying to locate it with no luck. If anyone finds it, please let me know.

Comments Off

Mar 26 2008

PLA Cyber Warfare

Published by under Uncategorized

 gameover.JPG

Reading back through The Science of Military Strategy, published by Military Science (PLA academic wing) 2005, there were a few passages that are of interest. Does this have anything to do with Chinese hackers? Yes, no, maybe. It does provide insight into the official thinking of the PRC military on cyber warfare and information operations. Could the Red Hacker Alliance, a civilian organization, be instantly inducted into a military operation? Yes, without a doubt.

Chapter 16, under strategic information operations – Cyber Warfare:

“Cyber warfare is a general name for all kinds of operational actions taken in cyber space.  Regarding computer systems and networks as the main targets, cyber warfare uses advanced information to disintergrate, damage, or destroy key computers and computer networks as well as information stored in them.  Cyber warfare is a brand new operational pattern that has developed in the context of global cyberization.Cyber warfare consists of two types: cyber attack and cyber protection.   Cyber attack includes virus attack and hacker attack.  Computer virus attack refers to operational actions that use computer virus to destroy or tamper information stored in computer systems so that the computer systems cannot work properly. In the military field, the core equipment of military information systems and cyberized weapons are all likely targets of computer virus attack. Computer hacker attack refers to those actions taken by hackers to intrude upon and destroy the opponent’s cyber systems.  For example, when NATO was launching air attacks on Yugoslavia in 1999, the computer experts of Yugoslavia intruded into the command and control system of US Roosevelt aircraft carrier and caused its temporary communication failure. With the rapid development of cyber attack means, cyber protection becomes increasingly important.  As the core equipment of modern command and control systems, computer systems must be protected so that they can effectively defend against the attacks of hackers and ensure the proper functioning of command and control systems.  As a pattern of operations, cyber warfare does not involve civilian cyber attacks that are not used for military purposes.

(all emphasis mine)

That last sentence has always puzzled me, it is either worded very badly or very well…can’t decide. It seems to imply that they won’t use cyber attacks on civilians but actually limits nothing as long as it is for military purposes. Sigh.The graphic I picked for this article…yeah. I found it in a blog that had the caption “Taiwan will lose this unprecedented information war very miserably.”

11 responses so far

Mar 25 2008

Once again, NEVER hack inside the PRC

RMB 

I found this article this morning from the English language Shanghai Daily.  The article reports that three hackers and an idiot were jailed for using trojan horse programs to steal bank login credentials and then transferred the money to the idiot’s own account.

Yu then used a laptop they bought together to log onto the accounts,
targeting accounts with a great deal of money.


He transferred the money to his own online account. Yu, Chen and Zhao
then drew money out of Yu’s accounts using ATMs in different areas.

They allegedly stole 127,800 Yuan from three victims.  See also Heike’s posts about Hacking for Money and Never Hack Inside China, Ever.  These guys are probably not the  immoral, robotic-like assassins that the PRC government is concerned about.

Update:  I’m having trouble loading the page.  You can find a mirror of the article on the infosec news list archive on Neohapsis here.

2 responses so far

Mar 24 2008

Member of National People’s Congress calls for crackdown on Chinese hacker underground virus industry

 chain.JPG

Representative Chen Wanzhi, of the National People’s Congress, has recommended getting control of the underground Internet industrial chain.

“Our country has already formed a clear division of labor in the underground Internet industrial chain.  Some medium and small size companies have even had to pay ‘protection money’ to ensure their e-commerce.”  Rep. Chen further called for getting control of the manufacture and sell of Internet viruses.

Chen warned that the “network security situation is grim” and that the appearance of viruses such as Panda Burning Incense, Gray Pigeon, and AV Terminator were just the tip of the iceberg for the country’s virsus industry. He said that the Gray Pigeon virus is like an invisible thief hiding in the user’s “home” watching their every move.

CNCERT statistics showed that the country (China) had 21 times the number of Trojans implanted in the first half of 2007 than it did in all of 2006. Rep.  Chen felt that personal benefit was the driving force behind the rise and that the threshold for becoming a hacker was getting lower.  There are classes everywhere teaching how to use Gray Pigeon; “a person who doesn’t know anything about computers, except how to type, can become a hacker in one day.”

The Hunan police had arrested one hacker who specialized in stealing network banking funds. The gang member had been in control of over 1,000 bank accounts and stole over 400,000 YUAN.  According to an investigation by an unnamed company, in 2006, the theft of Chinese internet users’ online banking credit cards, had led to the loss of over 100 million YUAN.

Rep Chen said that the virus industry had formed into a chain where some manufactured the Trojans, some spread the Trojans, others stole bank information and third parties disposed of the stolen goods and provided money laundering. Each circle in the manufacture and sell of viruses has their own method of making money and this has made it virtually impossible for web users to guard against the “Underground Internet Economy.”

This has been a gist of the article and there is much more that I would be 
willing to translate if there is interest.

Comments Off

Mar 24 2008

Blogging

Published by under Uncategorized

This is the first blog that I have contributed to.  I spend a lot of time looking at our stats and referrers and I have collected a few gems that I thought TDV readers might enjoy.  After all, you are a diverse bunch with people coming from exotic locations such as Ohio, Maryland and Kansas (no wonder we don’t get any ad click-throughs):

The Dark Visitor’s Visitors

 People come to The Dark Visitor for many reasons.  Lately, everyone is looking for Xiao Chen’s secret website.  Everyone else seems to be looking for “H0rt0n Hears a Wh0″.  Maybe we should use mod_rewrite to redirect these referrers to baidu.cn where they can probably download it in a few clicks.

H0rt0n Hears the wrong thing

Then there is the just-plain-weird category:

What the deuce?

If anyone else has some funny blog stat stories, please feel free to share.  I hope you don’t mind the diversion from our favorite topic.

6 responses so far

Mar 23 2008

Chinese hackers and the Year of the Rat

Published by under Uncategorized

 rat.JPG

Ran across this article in the South Asia Analysis Group and thought if true, it could make for some very interesting  times in the months ahead.  The author, B. Raman, is listed as “Additional Secretary (retd), Cabinet Secretariat. Govt. of India, New Delhi and, presently, Director, Institute For Topical Studies, Chennai.” It is put together in a rather unusual way and is not cited…so I debated posting it…but in the end, decided to leave it up to you as to its worth:

2. As I was browsing through various blogs, chat rooms etc, I came across the following write-up: “Today begins the year of the Rat, which not only ushers in the celebrated Chinese New Year, but restarts the entire twelve-year cycle of the Chinese Zodiac. ….Being the animal that kicks off the Zodiac cycle, the rat is associated with leadership and conquerors…..In life, rats are known for their suave personalities and charm. But get them in competition, they become smart, controlling, aggressive and calculative. Get in their face and it’s even worse. Rats can get quick-tempered, aggressive and even dangerous to others.”

3. There were many references to a new computer virus disseminated by Chinese hackers, which they had named “the Trojan Rat”. There were also references to a football team called “the Trojan Rats.”

4. There were also ominous (for the Chinese, if they had seen them) references to the Trojan Rats, which would keep the Chinese foxed and busy throughout the year of the Olympics. Many were planning to let loose Trojan Rats all over China as the Beijing Olympics approached and during the Olympics.

More here…

2 responses so far

Mar 23 2008

Chinese hackers and Tibet

Published by under Nationalism,Tibet

Chinese hackers have been targeting groups such as the free Tibet
movement and Fa1un GOng for years now. Since I have been away for the last couple of days, our good friend Greg was kind enough to send links to some very good information covering the attacks.

From Thomas Claburn at Information Week:

The attacks on mailing lists and online forums contain information related to recent events in Tibet and may appear to come from a trusted person or organization.

A shadow war against organizations supporting Tibetan protesters has erupted in cyberspace, mirroring efforts by Chinese authorities to quell unrest in the Tibet.
More here…

A great article from our friend Maarten Van Horenbeeck:

There is lots of media coverage on the protests in Tibet. Something that lies under the surface, and rarely gets a blip in the press, are the various targeted cyber attacks that have been taking place against these various communities recently.

These attacks are not limited to various Tibetan NGOs and support groups. They have been reported dating back to 2002, and even somewhat before that, and have affected several other communities, including Falun Gong and the Uyghurs.

More here…

Brian Krebs at the Washington Post (an excellent investigative reporter):

 Human rights and pro-democracy groups sympathetic to anti-China demonstrators in Tibet are being targeted by sophisticated cyber attacks designed to disrupt their work and steal information on their members and activities.

Alison Reynolds, director of the Tibet Support Network, said organizations affiliated with her group are receiving on average 20 e-mail virus attacks daily. Increasingly, she said, the contents of the messages suggest that someone on one or more of the member groups’ mailing lists has an e-mail account or computer that has already been compromised.

More here…

I’ll be looking into this myself over the next couple of days to see if there is anything worth adding.

Comments Off

Mar 23 2008

Cyber warfare/crime “Top 10″ issue facing world security

Published by under Uncategorized

Just returned from a conference on the “Future Operational Environment,” with representatives from 13 different nations briefing the challenges facing their countries out to 2020. Cyber warfare/crime was listed as one of the top 10 issues facing world security from just about every speaker who took the podium. Among the other issues cited, in no particular order, were:

  1.  Globilization
  2. Non-state militaries
  3. NGOs
  4. Resources (Energy and Water)
  5. Demographics
  6. Terrorism
  7. Urbanization
  8. Migration
  9. Cyber conflict
  10. Transnational Crime

3 responses so far

Next »