Archive for September, 2008

Sep 30 2008

Nice…Chinese hackers may soon have their own Aegis Class Destroyer

Published by under Chinese Malware,Other attacks

There are the normal reports, providing vague references to Chinese hackers gaining access to sensitive information at some unnamed installation or organization and then there is this report from Korea. Besides the name of the company involved, it also gives fairly specific details about the type of sensitive information contained on the company’s computer system.

The research institute suspects the culprits are Chinese or North Korean hackers but doesn’t know specifically what information they stole. In the worst case, the blueprints of missiles and Aegis ship could have been stolen.

It’s shocking that our major defense industries are open to attacks from hackers and that our missiles are vulnerable to theft by cyber terrorists. A general review of our cyber security system is needed.

Really, a review of your cyber security system you say?  Read why someday, Chinese hackers may be able to construct their own Aegis class destroyer.   Duly noted that that the article states it could also be North Korean hackers.  How about, both?

5 responses so far

Sep 28 2008

Bypassing the Great Firewall of China – iaminchina.com

Published by under Censorship

The iaminchina.com site has an informative article on bypassing the Great Firewall/Golden Shield. It is a how-to on using Firefox with torbutton.

There are many ways to get around the GFW. Web-CGI/PHP based proxies all seem to work reasonably well (though frequently slow) and there are other anonymizer services out there such as Anonymouse and Ultrasurf.

James Fallows from the Atlantic has blogged about using commercial anonymizing VPN services.

One response so far

Sep 23 2008

Argentina President Christina Fernandez de Kirchner tax identification number altered by hacker

Published by under Uncategorized

Well, what to do about this?  As far as I can tell, this has nothing to do with Chinese hackers but it is being widely reported in the PRC news.  Checked the western press to see if anyone had picked up on it but haven’t seen anything yet.

So…

New China News via Sina.com reports that in July of this year, Argentina President Christina Fernandez de Kirchner’s tax identification number was altered by a hacker.

On 22 September, an official from the Argentina Tax Department said President Fernandez de Kirchner’s tax Identification number had been altered by a network hacker, rendering her unable to report or pay taxes normally.

According to the report, the hacker broke into the Argentina Federal Tax Management Bureau on 26 July and altered the account number.  A bank account audit in August revealed the problem, at which time the Federal Tax Management Bureau was immediately notified.

An official from the tax services bureau said that it was quite possible this attack was carried out by an oponent of President de Kirchner’s in order to cause her trouble.  The report further stated that during last year’s election, President de Kirchner’s tax information was targeted over 200 times by hackers from all over the country.

And you thought we only did China…we are international baby!

Comments Off

Sep 23 2008

Chinese internet ends in 830 day!!!

Published by under Uncategorized

Nothing I love more than a good doomsday clock!  Catching Mice in China has a great post on the dwindling number of IP addresses left in China:

There has been doom and gloom about the lack of IPv4 addresses for years, but China’s flabbergasting internet growth has made the problem acute. Addresses assigned to China are running out as more servers go live and commercial and home internet connectivity rapidly increases. The (unidentified) rate of growth doesn’t even address what I think will be the next connectivity boom in China: mobile devices.

As tempting as it is may be to declare this the end times and hole up in some digital Decameron, the IP apocalypse really isn’t upon us. ISPs can fiddle around with network address translation (NAT) to support internet access (although it would be problematic for serving internet content). This would slow, but not stop, address allocation.

Checked today, it is fading very fast…so you better go to Catching Mice and find out why the Chinese internet is disappearing

One response so far

Sep 23 2008

Chinese hackers create botnets from computers within the PRC

UPDATED: I don’t usually post reader comments in the main blog but as usual, CBRP1R8′s input is just as interesting as the post itself.  Added to bottom.

With as many compromised and unguarded systems as China has, you had to suspect this was the case:

On the other hand, we have found that many of the Chinese hackers will compromise large networks within their own country and use them as bots to attack other organizations, continued Jackson.  For example, entire university networks in China will belong to local hacker groups.

China’s hackers do create botnets from spamming through email and blogs, but a relatively larger percentage of the compromised hosts under Chinese control are simply machines in schools, data centers, companies — in other words, on large networks — that are mostly unguarded and consequently are entirely controlled by hacker groups, as opposed to distributed bots harvested from widely distributed international spam runs, said Jackson. And often the groups have an insider in the networks they own. We also see many local hacker groups in Japan and Poland compromise hosts within their own country to use in cyber attacks, so the Chinese hackers are not alone in using resources within their own borders.

Read the rest on internal Chinese botnets

CBRP1R8: This is actually one threat I’ve done a little research on while writing an internal whitepaper on China and the cost of doing business there.

One of the points I addressed in that paper had to do with the internal threat from both non-secured (physical) machines interacting with a company machine and/or a vendor (remote) connected machine that may be similarly connected.

Both can be extremely detrimental to the business aspects, having known or suspected compromised machine, bots or malware spreaders connecting to an internal secure network is a sure-fire way to ensure you will be attacked at some point. And that’s not even touching on the wireless machine topic of laptops.

I did do a bit of research on Chinese companies (that reported it) to show the amount of internal infections, from virus, malware and bothnet infections etc. A lot of that stemmed from using non-licensed or pirated software and at the same and after looking at some trend analysis over year to see what the comparison numbers were.

I found a substantial difference, in that the Chinese Machines were more infected, nearly 20-30% of the time more, over machines from Europe or USA. That being said, dealing with a local Chinese company that provides some sort of service (i.e. IT support or any sort of connection to your network) is like playing Russian Roulette with 5 chambers filled.

3 responses so far

Sep 20 2008

Chinese hacker “Milk Rebellion”

Published by under Other attacks

Mongolian Cow Milk

As the scandal over melamine laced food products widens, Chinese hackers seem to be taking up the cause to punish guilty corporations.  When we first reported the defacement of the Sanlu Milk Company website, 50 children had suffered kidney stones due to the additive melamine.  Melamine is not meant for human consumption but if added to food stocks, will make it appear to be higher in protein.  This is the same additive responsible for the death of many pets last year.  The newest reports indicate that there are now over 6,000 children effected and  three deaths.

Chinese hackers have also stepped up their efforts to protest against the blatant disregard for public safety.  The latest corporation to suffer the wrath of the hacker community was the Mongolian Milk Corporation:

“When an infant with kidney stones lies weeping in a hospital bed, can the factory owners intuitively sense the condemnation?  In order to gain profit you have gone so far as to devastate these young lives!  I demand that the Mongolian Cow [Milk Corporation] delete all of its honorary lies from the official website and post a public apology!”

- by Stopped Clock

No, the Chinese hackers have not called this the “Milk Rebellion” but since it is getting very close to internal protesting, it is what I have dubbed it.

4 responses so far

Sep 17 2008

Old news I missed…but posting anyway

Published by under Nationalism,Other attacks

We were pretty darn busy in April, so some things fell through the cracks and I missed this report on nationalist motivated hacking.  If you recall, during that time period, there were calls in France to boycott the Beijing Olympics over the crackdown in Tibet.  The French magazine Capital posted an online poll on whether or not France should participate in the games…Chinese hackers and nationalists were not pleased:

Capital publisher Jean-Joel Gurviez:

“On the first day, we had about 300 responses, which was normal for this type of poll, and they were 80 percent in favour of a boycott. The next day there were 20,000 responses, with 80 percent opposing a boycott,” he said.

Almost all of the responses arrived via Chinese servers, Gurviez said, leading technicians to initially think the influx was driven by Chinese sites directing patriotic fans to vote.

“But a few days later we had hackers operating off servers in China try to change our content, and there were 2.5 million attempts to access protected files. We had to shut down the site temporarily,” he said.

4 responses so far

Sep 15 2008

Chinese hackers take down entire city network…

Published by under Hacking for money

Weifang, Shandong

The Weifang Public Security Bureau has successfully closed a case involving a hacker attack that caused a city-wide network paralysis.

In July of 2008, the Weifang Public Security Bureau Cyber Police received a report from the China Network Communications Corporation stating that the Weifang metropolitan network was under continuous hacker attack and this had caused a two day network outage for the entire city. Since over 90% of the users in Weifang subscribe to China Network Communications, the network outage affected over 400,000 users to include businesses, local government, schools, and hospitals.

Police pursued three suspects over a 3,000 kilometer chase passing through Tianjin, Beijing, Qingdao, Jinan and Shouguang. When the suspects were arrested, the police recovered laptops and eight other pieces of equipment. Two of the suspects charged with the crime worked as supervisors for a competing company and they confessed to hiring a third individual to hack the Weifang Corporation. The hacker used a botnet of over 8,000 computers to attack the company.

3 responses so far

Sep 12 2008

Chinese hackers and baby formula

Published by under Uncategorized

Chinese hackers alter Sanlu Corporation’s name to “Melamine Group

Baby formula produced by the Sanlu (Three deers) Corporation has resulted in another product safety recall. The formula contained Melamine, which is not intended for human consumption and caused kidney stones in more than fifty children.

FDA ALERT:Melamine found in baby formula made in China

Sanlu Group Co., China’s biggest milk powder producer, ordered the recall after more than 50 babies suffered kidney stones and one died, the official Xinhua News Agency said. It said tests found it was tainted with melamine, a chemical used in plastics.

On Friday afternoon, Chinese hackers broke into the Sanlu website and changed the name of the corporation from Sanlu to the “Melamine Group.” Is there a growing trend for Chinese hackers to protest internal problems? Something to watch.

4 responses so far

Sep 10 2008

87 MILLION gamers really upset with Chinese hackers

Chinese hackers have long specialized in writing trojans and other malicious software to steal accounts from MMORPGs (massively multi-player online role-playing games). The people over at MapleStory have had enough and are starting to block IP addresses from China:

According to AsiaSoft Online, the game’s publisher and regional distributor, the game has 87 million accounts worldwide, with2 million accounts from Singapore alone.

AsiaSoft marketing director Ng Kok Khwang said the online attacks took place in August. “We were under attack by Chinese hackers from China, and we have since blocked IP addresses from China and are monitoring the situation,” Mr Ng said.

Too much money, not enough enforcement…MapleStory drops the hammer!

4 responses so far

Next »