The Dark Visitor

The People’s Daily reports that four employees of a Shanghai based Internet security company have admitted to attempts to extort money from online games firms. They apparently launched denial of service attacks on the game sites and then requested money and fees for their company’s firewall product. Don’t worry though, he promised not to do it again:

All the accused admitted the offense, and sentence will be passed within
a month.

“I was attracted by the quick money and got carried away. I applied my
talents in the wrong way,” Li told Beijing Morning Post.

In the future, he will apply his skills only to legal things, he said.

You can find a non-.cn version of the article here.

Dear Chinese hacker master,

Sadly, I have all these compromised computers just laying around the place and don’t know what do with them, could you please help?!?

- Confucius…sed amateur

Dear Confused,

No need to be embarrassed, we have all experienced this dilemma at one time or another. Let me offer a few simple solutions to this common problem:

1. Steal virtual property from the compromised computer. Take their game account ID, QQ number and Q money.
2. Steal real property from the compromised computer. Real property can consist of bank accounts or online stock speculator account numbers. There are many types of trojans designed specifically for getting the account numbers of online stock speculators.
3. Steal people’s private data. Remember, just like the Edison Chen photo scandal, regular people can be extorted too if you threaten to release their explicit photos on the internet. Use their private information that could be harmful to blackmail them. If you steal commercial data such as financial reports and personnel records it can be used for your illegal benefit. Also, you can attempt to control their webcam in order to fill the desires of peeping toms.
4. Use the victim’s connections to get illegal benefits. Perhaps you think your QQ number is insignificant, you don’t have QQ 秀 (unclear) or QQ money. Not so, your friends QQ numbers, your e-mail contacts and cellphone contacts are all targets for the attacker. The attacker can fake your identity to carry out all manner of illegal activity. Everyone’s personal connections have commercial worth. The most common example of this is the 12950 service that used groups of QQ numbers to send out trash/spam? information to steal money or the MSN virus that automatically sent out information to your friends to defraud them. NOTE: the 12590 service could refer to this: Optional service Game treasure box makes the mobile into a game machine. A mobile QQ can go anywhere, 12586 online entertainment (that has many strange old friends), 12590 interactive message service (that has various voice monsters), CRBT and MMS (that are full of fun, personalized ring tones and pictures that can be downloaded anytime)……your enjoyment with these features is endless!
5. Plant rogue software on the compromised computer. This will make it automatically click online advertising for profit. This can really effect your online experience as I suspect everyone hates online pop-up ads. After the attacker controls a lot of compromised computers, they can force out ads and obtain profits from the ad owners. The number one reason for rogue software flooding is that many companies purchase rogue software developers’ advertisements. Other attackers use the rear platform? to covertly click on advertisements in order to gain profits. This causes the ad owner to waste money through invalid clicks.
6. Use the compromised computer as a springboard (proxy server) to attack other computers. Any type of hacker attack can leave behind traces and in order to better conceal yourself, it is necessary to use many proxy jumps. The compromised computers can act as an agent and a scapegoat. The attacker can disseminate even more trojans and think of your computer as a downloading station. It is a possibility that network speed and performance will be improved with proxy servers.
7. The compromised computer is the foot soldier to launch DDOS attacks. DDOS attacks can earn money for internet gangs or cyberwarfare (those who engage in it) as some people will hire these internet goons who initiate conflicts. Internet gang members can carry out an attack directly against their target and then blackmail the victim. Compromised computers are a chess piece for internet gangs and DDOS attacks have become a poisonous cancer for the internet.

Yep, a little fun in the beginning with this post (I made it up)  but the rest is a real list of uses for compromised computers put out by Chinese hackers.

I swear I heard the sound of people flipping their webcams towards the ceiling after reading number 3.

UPDATE: Hat-Tip to Therese who sets me straight on the definition of QQ 秀:

QQ 秀 == QQ “Show”

It’s one of the things that you can spend QQB on. You purchase outfits and accessories to dress up your little avatar. It’s like putting on a show. Therese also provides a Flickr link to “patriotism QQ-Show.”

http://www.flickr.com/photos/keso/2421813915/

Somehow I missed this article at Dark Reading on “whale phishing” by Chinese hackers:

SecureWorks, a leading security services provider, reported today that a Chinese hacker is behind the current and former executive “whaling phishing scams” involving the US Federal Courts and the IRS. The new US Tax Court scam, targeting financial executives, which started two weeks ago is the latest in a wave of whaling attacks involving the IRS and the Federal Courts beginning in June 2007. Jackson also just discovered that the same hacker launched an IRS whaling scam this past weekend and the SecureWorks Counter Threat Unit is investigating it currently.

Dark Reading has some excellent stuff, including the rest of this article…

Not Chinese hacker related but this article from the Sydney Morning Herald has such a curious cultural aspect to it that I wanted to pass it along. Some bloggers on the internet are seeing a relationship between the five Chinese Olympic mascots and recent misfortunes, to include the earthquake in Sichuan.

Jingjing, a panda, is the animal most closely associated with Sichuan province where the earthquake struck.

Huanhuan, a cartoon character with flame-red hair, is being linked by bloggers to the Olympic torch that has been dogged by anti-China protests on its round-the-world tour.

Yingying, an antelope, is an animal confined to the borders of Tibet, which has been the scene of riots and the cause of international protests against China, the bloggers say.

Nini, represented by a kite, is being viewed as a reference to the “kite city” of Weifang, in Shandong, where there was a deadly train crash last month.

That leaves only Beibei, represented by a sturgeon fish, which online doomsayers suggest could indicate a looming disaster in the Yangtze River, the only place where sturgeon is found.

Here is the full article from the Sydney Morning Herald…

The well-known (to our regular readers) Chinese media site Danwei linked to a Shanghaiist article that the Anonymouse proxy servers have been blocked in the PRC (along with comedycentral.com apparently). From the article:

It’s finally happened: Anonymouse.org, the proxy service that many of us use to access blocked websites and surf the Internet anonymously, has been blocked by Net Nanny. Shanghaiist first noted it at 10:30PM last night Shanghai time, along with the block of ComedyCentral.com. While the decision to block Anonymouse is self-evident (okay, sort of), we’re not completely sure why ComedyCentral got the axe. In the mean time, Shanghaiist suggests using alternative proxy services ProxyChina or Hack520.

Commenters noted that the Hack520 program is the same as the well-known Ultrasurf/Ultrareach system and that although the client program works to anonymously proxy surfing, one needs to use another proxy to get to the download site to get the client to begin with.

One of the best client anonymizers out there is TOR, which also still works in the PRC. Interestingly enough, there are many TOR exit nodes inside the PRC, which leads me to wonder: Why would anyone who uses TOR (political dissidents, journalists, pr0n surfers) want to be proxied into a country that most people are trying to get proxied out of?

On the afternoon of May 31st, the Nanning Public Security Bureau Cyber Police received a report from the Guangxi Earthquake Bureau that a hacker had invaded and altered their website.

The FAKE message left by the hacker read:

“The violent earthquake that struck Wenchuan, Sichuan…we grieve for our fellow citizens who perished in the great Wenchuan, Sichuan, earthquake. In the near future, a major earthquake registering 9+ will hit the Guangxi area. Request that city residents make preparations as soon as possible.”

(Emphasis added)

Guangxi Earthquake Website

Cooperation between the cyber police from six provinces, spanning a three-day period, finally located the hacker responsible for the fraudulent message in Jiangsu.

Cyber Police Investigation

On 4 June, police arrested a further unidentified suspect named Chen who made a full confession.

Congratulations to Chinese hacker Chen, I had to add a new category to cover this event. Posted under Evil and/or Stupid…qualified as Evil and Stupid.

Why do criminals always return to the scene of the crime?

When we last caught up with our old friend Coolswallow/Ericool/Peng Yinan, he was giving a presentation titled, “Hacker in a Nutshell,” at the Chen Ruiqiu building, located on the Jiaotong University campus.

Mr. Peng was not very happy with our coverage of his activities…see here. My response here.

Once again, he has been invited back to Jiaotong University to pass along his experience to job-seeking students studying information security engineering…of course it took place at the Chen Ruiqiu building.

Peng Yinan offering help to future information security specialists

As an alumni of the university, he was there to assist these young students in gaining employment in the information security industry:

Students in need…how will this help?

Not sure but…could this be considered a FAIL?

Yeah, I just wanted to give failblog.org a plug…love this website!

WASHINGTON — Hackers believed to be operating from China have broken into computers in Congress, apparently in search of information on Chinese dissidents, two GOP lawmakers said Wednesday.

The hackers were not identified, but one of the lawmakers, Rep. Christopher H. Smith of New Jersey, a senior Republican on the House Foreign Affairs Committee, said he thought all signs pointed to the Chinese government.

Federal authorities have been increasingly concerned in recent years about the Chinese government’s aggressive deployment of scientists, engineers, foreign businessmen, students and others to sweep up U.S. technology and information. Protecting the United States against cyber attacks and high-tech crimes is the FBI’s third priority, behind combating terrorism and public corruption.

The extent of the intrusions on Capitol Hill, which officials said began in August 2006, was unclear, although Rep. Frank R. Wolf (R-Va.), whose office had four computers affected, said that other members of Congress were targeted, as well as at least one congressional committee. “They got everything,” Wolf said at a news briefing, describing the attack on his office systems.

Cont…

From what I can gather, this is the second year of the International E-Sports Festival, co-sponsored by China and South Korea. This year’s competition will be held in Wuhan, China on 10 Oct 2008. The screen shot above was posted at ief.com.cn/, which is billed as the official Chinese website of the 2008 International E-Sports Festival. The site now looks like this:

A little background on the games:

Planning for IEF was started in 2003 at the express request of China’s central government with the aim of providing positive, culturally appropriate Internet alternatives for Chinese youth. The government decided to pursue these objectives through the China Youth League, one of the most influential organizations in China. Many of China’s leaders, including President Hu, come from its ranks.

In November 2003, ‘e-sports’ was added as China’s ninety-ninth official sport by the Sports Bureau of the PRC’s Central Committee in order to add further importance to the objectives of the IEF. The organizing committee was formed to develop and implement initiatives to respond to the CPC’s constructive vision. Since then, the Committee has successfully developed and staged numerous very popular events under the banner of the IEF.

In January 2007 President Hu Jintao noted the success of IEF and issued policies designed to ensure the continuing development of culturally appropriate content and inculcating within China’s Internet community a culture of positive and innovative attitudes. In April 2007, the Central People’s Committee Political Bureau reinforced this policy by emphasizing the importance of developing a social-network model of Internet use by China’s youth.

Cont…

Several reports coming out of China are suggesting the attack was carried out because South Korean committee organizers cancelled a promise to open a Japanese area.  Furthermore, the hacker appeared to be…wait for it… Japanese.  Yeah, the “Turkish hacker Firtina Bozo was here..!!” seems to have been lost on them.  That one Hotmail address with a .jp tag must have blinded them to all other things contained in the message.

Just for fun I decided to see if there were other hacks by Firtina Bozo and let me tell you that is one busy individual.

Routine business:

NEW DELHI: Hackers have struck again with nearly 10 websites belonging to various ministries and departments of the government of India coming under attack in the last 24 hours. The hackers are suspected to be from China, though there was no official confirmation.

Confirming the cyber attack, a senior IT ministry official told DNA, “Low to medium intensity cyber intrusions into web servers maintained by the Indian government have been reported.”

New Delhi…just shrugs.