The Dark Visitor

Now this is a good article!

Police have rounded up 38 people accused of running a credit card fraud ring out of Queens for almost a decade. Officials say hackers in China and Ukraine have been breaking into the databases of major U.S. department stores, and then sending the credit card information of thousands of shoppers to the ringleader, Kwok Chow, 36, a Flushing resident known as “Tony.

Of course the hackers in China got off the hook but still, great job by the police! Also, that sort of implied link with hackers from the Ukraine is something to watch. I would say eventually, these groups will start forming a worldwide chain.

Yo, read it…Tony, Kingpin of Chinese Hackers

Horton hears a (Chinese hacker) Hu…Part I
Horton hears a (Chinese hacker) Hu…Part II
Horton hears a (Chinese hacker) Hu…Part III

The highest earnings come from selling loopholes.  This isn’t something the normal programmer can do, it takes a high-level of skill to locate a loopholes on a large company’s website.  According to hacker Hu, these loopholes can be used to carry out attacks on corporations and therefore, sell for several tens of thousands of YUAN, to several hundred thousand YUAN.

Not only that, hackers can receive requests to design viruses and the anti-viruses. Hackers can also put together groups of controlled computers to launch large-scale attacks. These groups of computers are called botnets in hacker groups.

Monitored data from CNCERT shows that China has five botnets that exceed over 100,000 slave computers and one or two of those have 300,000 slave computers. These slave networks can be leased and earn the hackers millions of YUAN a year. According to CNCERT, this section of the underground industry is exceeding 238 million YUAN a year and causing losses of over 7.6 billion YUAN.

Hacker Hu said that after the virus maker sells the virus, the virus’ journey
has just begun.  For example, after a “Gun Buyer” purchases a virus to steal virtual property, they will hire a botnet to spread the virus. The disseminated virus can steal online game players money and weapons and send the stolen goods to a mailbox.

The botnet is the core for disseminating viruses but there is a fairly easy method to accomplish this. Hacker Hu smiles, “You get up early, go to the internet bar and capture the 30 computers there with a virus and go home and wait for the money.” The programmer or the person owning the botnet, can earn five FEN to five JIAO for every infected computer. The hacker industry has evolved to the point where there are very distinct divisions of labor. Each gang usually has ten or more people, some who spread the virus, some who steal virtual currency and some who launder the money.

NOTE: Five FEN is worth about .6 cents and five JIAO about 6 cents.

To launder virtual items, a member of the gang will open a lot of gamer accounts and a stolen article will be passed around among these different accounts and then sold. The game company doesn’t know which accounts are real players and which are sellers. Hacker Hu says that the virtual money is then sold at wholesale through a down-line surrogate.

In addition, hackers design other Trojans for sale that are mass produced and burned onto. Based on the exclusive nature or functionality of the Trojan, the price can be from tens of YUAN to over 1,000 YUAN.  Furthermore, some hacker organizations provide malicious advertising plug-in services.  These plug-ins causes a users computer to pop up a special window, every 1,000 times the window pop ups earns 12 YUAN. Currently, there are at least 50 malicious advertising agencies within the country (China).  CNCERT estimates that the annual production of malicious advertising amounts to 108 million YUAN.

Thus ends the saga of Chinese hacker HU!

Horton hears a (Chinese hacker) Hu…Part I
Horton hears a (Chinese hacker) Hu…Part II
Horton hears a (Chinese hacker) Hu…Part III

The highest earnings come from selling loopholes.  This isn’t something the normal programmer can do, it takes a high-level of skill to locate a loopholes on a large company’s website.  According to hacker Hu, these loopholes can be used to carry out attacks on corporations and therefore, sell for several tens of thousands of YUAN, to several hundred thousand YUAN.

Not only that, hackers can receive requests to design viruses and the anti-viruses. Hackers can also put together groups of controlled computers to launch large-scale attacks. These groups of computers are called botnets in hacker groups.

Monitored data from CNCERT shows that China has five botnets that exceed over 100,000 slave computers and one or two of those have 300,000 slave computers. These slave networks can be leased and earn the hackers millions of YUAN a year. According to CNCERT, this section of the underground industry is exceeding 238 million YUAN a year and causing losses of over 7.6 billion YUAN.

Hacker Hu said that after the virus maker sells the virus, the virus’ journey
has just begun.  For example, after a “Gun Buyer” purchases a virus to steal virtual property, they will hire a botnet to spread the virus. The disseminated virus can steal online game players money and weapons and send the stolen goods to a mailbox.

The botnet is the core for disseminating viruses but there is a fairly easy method to accomplish this. Hacker Hu smiles, “You get up early, go to the internet bar and capture the 30 computers there with a virus and go home and wait for the money.” The programmer or the person owning the botnet, can earn five FEN to five JIAO for every infected computer. The hacker industry has evolved to the point where there are very distinct divisions of labor. Each gang usually has ten or more people, some who spread the virus, some who steal virtual currency and some who launder the money.

NOTE: Five FEN is worth about .6 cents and five JIAO about 6 cents.

To launder virtual items, a member of the gang will open a lot of gamer accounts and a stolen article will be passed around among these different accounts and then sold. The game company doesn’t know which accounts are real players and which are sellers. Hacker Hu says that the virtual money is then sold at wholesale through a down-line surrogate.

In addition, hackers design other Trojans for sale that are mass produced and burned onto. Based on the exclusive nature or functionality of the Trojan, the price can be from tens of YUAN to over 1,000 YUAN.  Furthermore, some hacker organizations provide malicious advertising plug-in services.  These plug-ins causes a users computer to pop up a special window, every 1,000 times the window pop ups earns 12 YUAN. Currently, there are at least 50 malicious advertising agencies within the country (China).  CNCERT estimates that the annual production of malicious advertising amounts to 108 million YUAN.

Thus ends the saga of Chinese hacker HU!

UPDATE: Xiao Chen’s website located

CNN reporter John Vause has a very interesting article on a Chinese hacker by the name of Xiao Chen and his group. They actually seem very typical of the entire community, except for the claims of hacking the Pentagon and getting paid by the Chinese government.   These claims can probably be taken with a grain or two of salt since they were being interviewed.  Not saying it isn’t possible, just saying.  As to whether or not the PRC would pay for the information, yes and no. If it is true, I think they would consider the source of the intelligence, like…would this group of hackers later do an interview with CNN and tell them everything.

One other point, without knowing the name of the website it is very difficult
to tell how much influence it has within the Red Hacker Alliance. However, 10,000 registered members is not that many for the average Chinese hacker website. In fact, it is pretty average.

There was one quote from Chen that I really liked and that I agree with 100%:

‘First, you must know about the Web site you want to attack. You must know what program it is written with,’ says Xiao Chen. There is a saying, ‘Know about both yourself and the enemy, and you will be invincible.’

Now for those of you who don’t know, that is straight out of the Art of War by Sun Zi (Sun Tzu). And, the reason I started this blog.

The full article on Xiao Chen is here… Chinese hacker Xiao Chen

Horton hears a (Chinese hacker) Hu…Part I
Horton hears a (Chinese hacker) Hu…Part II

Normally, computers with known security loopholes are the targets for “Hanging the Horse.” Once these computers have been infected with a Trojan, it is very possible that someone browsing could unwittingly click on the Trojan and valuable information contained on the computer could fall into the clients hands.  Another method of “Hanging the Horse” is through junk mail or posting documents that contain Trojans on forums that encourage users to download them.  Once the attack is successful, the targeted information can be stolen using hacker tools.

In hacker circles, these packets of information are called “Envelopes” and are divided up differently depending on the type of product; there are “Equipment Envelopes,” “QQ Envelopes,”…etc. The next sentence is a little tricky but it seems to equate the sell of the “Envelopes” at this stage a wholesale market.

NOTE: From a segment that appears later in this story, I believe that an “Equipment Envelope” is referring to one that contains online game virtual property like swords, helmets, armor…etc.

From there the hackers can gather the most valuable information, like QQ numbers that are relatively short or have a higher rank. Afterwards, these filtered “Second-hand Envelopes” move into the retail market.  After the “Traders” sort the evelopes, they will use BBS and e-commerce sites to make the final sale of the stolen virtual property (Q-money, online game equipment…etc.).

The “Gun Sellers,” “Horse Hangers,” “Major Clients,” and “Traders” all make money. The economic benefits are rapidly turning the word “hacker,” which was once synonymous with “Technology Knights,” into a dirty word. However, hacker Hu says that the real money makers in this chain are the major clients (namely, the one who steals the envelopes).

If done well, it is not difficult to make several tens of thousands of YUAN a month. Some people earn over 10 million YUAN a year. With the cooperation of as few 2-3 or as many 10 people, after this valuable passes though the underground chain it is sold all around the world.

It was reported that Li Jun, the programmer who wrote “Panda Burning Incense,” deposited nearly 10,000 YUAN a day into his account. After he was arrested by police, he acknowledged that he had made over 10 milliion YUAN.

Sorry, looks like it is going to be a 4-part post. More tomorrow.

Horton hears a (Chinese hacker) Hu…Part IV

This is a mystery that will probably never be solved:

Miscreants have created a ransomware Trojan for mobile phones which has been seen in the wild in China. Kiazha-A, attempts to extort money from users of Symbian Series 60 phones.

Sorry, thedarkvisitor.com requires a $1,000,000 dollar deposit to complete the link to this article…

continuation of Horton hears a (Chinese hacker) Hu…

The article next asks the question, what is the nature of the Chinese hacker community? A reporter from the paper went inside serveral of the domestic (Chinese) hacker websites and forums to carry out an investigation in order to answer this question. In a network that specialized in selling online gamer information, the reporter was able to contact a hacker through his QQ number. The hacker was only willing to reveal his surname Hu.

According to hacker Hu, he was 23 years old, had just graduated from a computer vocational school and was working as a programmer for a software firm in Shenzhen. Hacker Hu’s QQ name was “Envelope Seller.” Hu explained that he provided all categories of hacker services; installing Trojans, taking control of websites and intrusion.

Hacker Hu said that currently, all the professional hacker were just like him and that most of them did not have a formal profession. They depended on their hacker business to make a living.

The article then recounts the 2007 case of Panda Burning Incense.  This was the virus unleashed by Li Jun, a 25-year-old hacker from Wuhan, who caused massive damage to domestic Chinese networks.

Hacker Hu explains that he is careful and meets his clients either through BBS or friends and afterwards they communicate through QQ.  Hu further explains that his services are specific to each customer and that he is not like Li Jun, who sold his virus to just anyone. Hu says he does this to prevent a similar wide-spread viral outbreak.

Hackers like Hu, who have the ability to program viruses, are called “Gun Sellers” and their main role is the manufacture of hacker tools. They then sell these tools to their down-line clients.  The clients pay several hundred or thousands of YUAN to “Gun Sellers” like Hu to purchase these hacker procedures, the most popular being Trojans.

The next step is to plant the Trojan on the website, this step is called “Hanging the Horse.” The Client can complete this part themself, or if they do not have the skills to do it, they can hire a specialist.  Hacker Hu will sometimes do this for his clients.

Sorry, CinC house just said, ”If you don’t get off the computer, I will kill you!”
Gotta go, more tomorrow.

Horton hears a (Chinese hacker) Hu…Part III

Horton hears a (Chinese hacker) Hu…Part IV

Yeah, sorry about the title…

This story comes via the news.china.com and is an inteview with a Chinese hacker named Hu.  The good news is that it is one of the most candid interviews I have ever read. The bad news is that it is very long and has a lot of technical language that I constantly struggle with.  So, it will be at least a three-part post (if not more) and will be heavily edited in some places. I also may call on one or two of you to lend a hand in coming up with the exact technical jargon. Our hacker Hu gives a very detailed look inside the economy of the underground world of Chinese hackers.

The article begins with a story about a Miss Liu, who returns home, turns on her computer and as she is skimming through webpages, a Word document suddenly opens.  At the top of the document, it begins to automatically write, “I have seen your picture, you are certainly very pretty!”

Due to her job at a large website portal, she immediately realizes this as a Trojan sequence and shuts off the power to the computer. (Miss Liu) “I didn’t expect that my computer could be hit by the Gray Pigeon (Trojan) and turned into a meat chicken (肉鸡). If I hadn’t turned off the computer, the hacker would still be controlling my computer and would also be able to send out data packets giving away all my computers secrets.

The term Rouji (肉鸡), Meat Chicken, I believe is slang for a compromised/infected computer. (a little help!)

It is reported that Gray Pigeon is one of the most virulent viruses in the last several years. The 2007 China Computer Virus Epidemic Network Security Report classified it as the 3rd largest virus.  After infection, the computer can be completely controlled through long-distance attack. The hacker can easily copy, delete or download documents on the computer. Through long-distance attack (the hacker) can also record every keystroke, the users QQ number and online game user information. Furthermore, after infection, the computer that the hacker has invaded is called meat chicken.

In fact, in China, there are several million users just like Miss Liu who are unaware that they are contributing to the strength of this network underground industrial chain.  According to statistics from the Kingsoft Global Anti-Virus Monitoring Center, in 2007, the nation (China) had over 50 million infected computers; an 18.15 percent increase over the same time last year with 90.56 percent of internet users suffering a virus attack. Among those, over 5 million of the infected computers were in Guangdong.

End Part I…tomorrow we will actually get into the interview with hacker Hu.

Horton hears a (Chinese hacker) Hu…Part II
Horton hears a (Chinese hacker) Hu…Part III
Horton hears a (Chinese hacker) Hu…Part IV

Running through some websites and found what I can only classify as Chinese hacker baseball cards. Not sure if you can trade them with your friends, or which ones are more valuable but here you go:

Northern Beggar
Wan Tao
Net Name: Old Eagle
Affiliation:  The China Eagle Union
Net-fu: 4 Stars
Gangsta Rep: 3 Stars
Affiliation’s power: 4 Stars
Personal Contribution: 4 Stars

Western Poison
Huang Xin
Net Name: Glacier
Affiliation:  Security Focal Point (http://xfocus.net/)
Net-fu: 5 Stars
Gangsta Rep: 4 Stars
Affiliation’s power: 5 Stars
Personal Contribution: 4 Stars

Central High Spirit
Xiao Ban
Affiliation:  Xiaoban Software (http://www.netxeyes.org)
Net-fu: 5 Stars
Gangsta Rep: 5 Stars
Affiliation’s power: 3 Stars
Personal Contribution: 4 Stars

Eastern Demon
Gong Wei
Net Name: Goodwill
Affiliation:  The Green Army
Net-fu: 3 Stars
Gangsta Rep: 4 Stars
Affiliation’s power: 5 Stars
Personal Contribution: 4 Stars

Southern Emperor
Xie Chaoxia
Net Name: Old Poison
Affiliation:  Security Net Science and Technology （http://cnns.net/）
Net-fu: 4 Stars
Gangsta Rep: 4 Stars
Affiliation’s power: 4 Stars
Personal Contribution: 3 Stars

TRANSLATION NOTES:

For the term 武学修为 I have used net-fu but it is more like martial arts capability.  However, they are referring to
the hacker’s skill…so net-fu seemed the way to go.

On the term Jianghu (江湖), had to go to Baidu to get an accurate translation:

In modern days, the term jianghu is frequently used to refer to the triads and the secret societies of gangsters. A 2004 movie entitled Jiang Hu starring Andy Lau and Jacky Cheung is about the gangster societies in Hong Kong.

From the company’s official statement, released on 22 Jan 08:

Jiangmin Science and Technology, the largest anti-virus company in the country, has been officially established as a network emergency response group for the 2008 Beijing Olympic games. The group will answer to the Olympic Organizing committee, as well as the National Network Security Department.

There is a very good profile on the founder of the company, Wang Jiangmin, in the Mailonsunday.co.uk. You need to go about halfway down the page before it starts, as this article profiles several prominent people:

He is a 57-year-old computer wizard who over the past 20 years has built an anti-virus software business, still wholly owned by himself and his wife, which has propelled him into the ranks of the super-rich.

If you met Wang in the street, you would see only a tall, gangling, nerdish-looking figure in a quilted jacket, who walks with a limp.

When I was shown into his unpretentious Beijing boardroom, strewn with stacked chairs and assorted debris, at first I mistook him for a bag-carrier for the company president.

Wang’s story is rags-to-riches. Crippled-with polio as a child, he was unable to attend regular school.

More on Wang Jiangmin…

UPDATE (jumper):  From the People’s Daily (external propaganda) – “Beijing to set up 24-hour anti-hacking department during Olympics”