The Dark Visitor

An interesting article in the Washington Post this morning about China-based hackers targeting a group of Darfur supporters called “Save Darfur Coalition”.  The article indicates that the Save Darfur Coalition is critical of the PRC role in Darfur. 

 The allegation fits a near decade-old pattern of cyber-espionage and cyber-intimidation by the Chinese government against critics of its human rights practices, experts said. It comes as calls for a boycott of the 2008 Beijing Olympics have been mounting since China’s crackdown on Tibetan protesters last week. “

This reminds me of the targeted attacks on members of Fa1un G0ng reported by Maarten Van Horenbeeck.  Also see Maarten’s CCC presentation here.  Heike reported on Maarten’s presentation earlier.

I saw this blog (Politically Motivated Computer Crime and Hacktivism) about Tibet supporters recieving email malware in my feed reader today and thought it might be interesting to TDV readers.  The original article is here.

“We are getting virus attacks that are just shameless… claiming to be desperate people inside Tibet. The emails are well-written and emotional, pleading for us to open the images,” she told AFP.

“At the moment we are having to use outside emails because our email accounts are not working, we have to direct everything through our outside emails,” he told AFP.

Hopefully more to follow (looking for malware samples)…

Sorry guys, will be off for the next couple of days.  The people who pay my bills are sending me out and about.  Normal postings will begin again on Sunday.  Jumper will keep you guys updated if anything happens within the world of Chinese hackers.

Posted under censorship. :)

Normally, Chinese hacker websites have fantastic graphics…normally.
I bring you the site hacker01.com for three reasons:

1.  It will actually induce a headache if you look at it too long, so that’s fun. Not sure what the “artist” was thinking using this color scheme.
2. It is quite possible the site has every Trojan known to man; it is a virtual warehouse!
3. The worst An unusual write up in the “About” section defending the marketing of said Trojans.

1st part is the headache portion. Remember the colors are more subdued in the screen shot, so imagine double the eye intensity when looking at the real thing:

2nd part, Trojans galore. Let’s say I want to target Japanese and South Korean online game players, no problem. A three-star rated Trojan, operates on Win9X/Win2000/WinXP/Win2003/, entirely in Chinese and the transaction QQ number is 34067…fabulous:

3rd part, this is not illegal! The “about” section of hacker01.com makes the following argument defending the marketing of online Trojans:

Hacker01.com is based  in Fujian and has trained over 1000 people in
“network security.” The site has been training enthusiast in hacker security technology since it was established in September of 2004. They have never promoted attacking other sites, they just want their students to understand hacker attack and defense. Toward that lofty goal, the site will supply VIP students with the knowledge to break passwords, system invasion, network attack, security loopholes, scanning and Trojans.

Finally, they question the logic that teaching hacking technology is illegal.
Sure, if you actually use the skills they teach you to break into other systems that is illegal but just learning the skills not so much…

My favorite part:

Everyone knows that China has schools to teach firing (a gun) and martial arts, if the students from these schools used a gun to kill someone or fight, how would people view these schools? Is it the fault of the school or the instructor who taught these students to fire a gun or learn martial arts? They then go on to say sure, a small minority of these students that learn hacker skills will break the law but can you say that someone who studies hacker skills is evil, or the school that taught them?

True dat!

Rest easy knowing these guys are on the frontline, protecting you with their new found knowledge.

From K’LL3r:

After Analyzing the script I remembered that these kind of scripts are created by using some Web attckers toolkit like MPack, FirePack, IcePack , WPack or AnnyPack in which just you have to feed some info like payload and place it to compromised webserver or newone. But in this case the it is VIP 2.74 from Chinese Hackers. Latest Version is 2.842.

More on K’LL3r’s analysis here…Chinese hacker script infects TrendMicro

For those of you who have not been following the story of Chinese hacker Xiao Chen go here and here.

In an interview with the Shanghai Morning Post, Xiao Chen (萧晨) expressed anger over CNN’s distortion of the facts in reporting his group hacked into the Pentagon and was subsequently paid by the Chinese government. In a telephonic interview with the Morning Post, Xiao Chen said he had just shut down the Hacker World webiste.

This website has been a dream of mine for many years, so many years of painstaking care and now nothing.

Xiao Chen told the reporter he had set up the website three or four years ago as a platform for like-minded friends to study and research network security.

I have never used hacker technology to attack others.  You can look at
the rules on our home page that say don’t attack other people’s networks.

Xiao Chen claims that on February 17th, he received an e-mail from Wu Xiaolong (吴小龙) in Hong Kong requesting an interview. On 27 February, the CNN crew arrived and from the onset, all the questions were about hacking into US military websites and downloading sensitive information. Xiao Chen claims they denied any knowledge of this and that the CNN report was completely fabricated.

According to Xiao Chen, when the CNN reporters saw that there was no evidence, they asked him if he could get some sensitive information and it didn’t even matter if it wasn’t theirs. He also states that during his interview with CNN, the reporters never even asked about being paid by the government.

About his future plans, Xiao Chen said he hoped to be able to get funding to continue his website but in case that wasn’t possible, he might consider legal actions against CNN.

Oh, Xiao Chen’s rules about not hacking into other people’s systems posted on his home page:

Sure, it does say that…but then it goes on to say but if you must do it….to avoid legal difficulty…

He also should have paid more attention to his own posting, especially rule number 8:

8.  Do not discuss anything about your hacking activities on the telephone

This is one of the coolest toys/tools ever!  A reader e-mailed me about TouchGraph several days ago and I have spent way too much time messing around with it. The thing is addictive. Since I spend a lot of time finding Chinese hacker websites, TouchGraph is a great way to do that without having to spend hours and hours going from link to link ( I have no association with the company whatsoever).  The Touchgraph above is for Hackbase.com (large Chinese hacker website). Guess I really should mention that this is a totally FREE program and you don’t even have to sign up for it!

Here is a description of the product from the company:

 See the big picture within thousands of search results. Discover clusters and interrelations within your data, and zoom in on whatever catches your interest. Follow the data by expanding your search around specific topics, or making the search broader when you don’t know exactly what you are looking for

Me, I would have just written awesome and left it at that!

The breaking news today at Hackbase.com (one of China’s leading hacker organizations) is the announcement of South Korea’s preliminary hacker competition “Code Gate 2008.” The contest has a top prize of approximately US $100,000.

On 11 March, the South Korean SOFTFORUM Company divulged, that in order to raise social awareness of hackers and train security personnel, it would hold a preliminary online hacker competition on the 21st. The competition called “Code Gate 2008″ would have a prize worth approximately US $100,000.

Korean news service also reported that besides the hacker competition, they would also hold a network security conference, a defense technology competition and a network security exhibition.  Secretary-General Peter Cassidy, of APWG (anti-phishing) and others would give lectures.

The eight groups that come out on top of the preliminary competion, being held from the 21st to the 23rd, will fight it out for the approximately US $100,000 on 14 and 15 April at the Seoul Exhibition and Convention Center.

The network security conference would take place on 15 April, with experts
from five nations giving presentations on global network security trends and hot-spots, as well as network security demonstrations.

Here is more on the competition…CODEGATE.

My guess is that Beijing found out about his little interview with CNN and now Xiao Chen is in full backpedal mode. You can bet money he told CNN he hacked into the Pentagon but is really regretting that decision about now. Do I think he really hacked into the Pentagon? No. But, that would not stop him from selling the story to CNN.

Also, all that stuff about being a security site…yeah, right! The guy has been selling all manner of malware and is anything but a security website. He was busted by Beijing and now wants it to all go away, good luck with that!

Oh, you now need a password to get to hack4.com…wonder why?

First, a very big thank you to reader Copper, who first pointed out that there was a BIG button right over the article on Chinese hacker Xiao Chen that said…VIDEO! And, if you watch said video…it gives Xiao Chen’s webiste.

Here is the 1st screenshot from the CNN video, notice the links section at the botttom that I have circled in red.  The first link is to Hacker World (hack4.com) 黑客天下 and the second is to Hackbase.com.  It is typical for Chinese hackers to list their own website first in the links section.

UPDATE: Sorry, I was unclear in the paragraph above, Xiao Chen only owns 
hack4.com. Hackbase.com was listed just to show similarity in the websites.

Now look at this screen shot from hack4.com. There are a couple of differences but clearly the same website:

Next image from the  CNN video gives the Chinese 黑客天下, Hacker World or hack4.com:

Now take a look at this graphic from CNN in the left corner of the page:

and this one from hack4.com…

Finally, this one from CNN and you really had to be watching for it:

In the CNN interview, Xiao Chen claimed to have 10,000 registered members.
From the hack4.com website, they list the number of registered members as 9,746…pretty darn close: