The Dark Visitor

Dear TDV Readers,

Heike and I would like to invite you to listen to our second TDV podcast where we discuss Chinese hackers, censorship, targeted attacks and naked chinese hacker vampires with foot fetishes.

It is 48 minutes long.  It would have been in longer if I had left in the part where Heike had to fix his little girl’s injury with a brownie.  Get it from the iTunes store or direct from our feedburner RSS.

With Kind Regards,
Jumper and Heike

Podcast RSS

iTunes download

James Fallows of the Atlantic has an excellent article on the PRC government’s inability to present itself in a positive light.

This is inept on China’s part. Why do I consider it puzzling? Because of two additional facts I would not have guessed before coming to China: it’s a better country than its leaders and spokesmen make it seem, and those same leaders look more impressive in their home territory.

The article is very well-reasoned and insightful as usual.

Robert Eringer wrote an article posted to cryptome.org that covered the frequently suggested threat of trojaned chips installed into all manner of equipment made from Chinese parts or assembled in China. Manchurian Microchips is a cool name for them.

“It is there, deep inside your computer, if they decide to call it up,” the security chief of a multinational corporation told The Investigator. “It is capable of providing Chinese intelligence with everything stored on your system — on everyone’s system — from e-mail to documents. I call it Call Home Technology. It doesn’t mean to say they’re sucking data from everyone’s computer today, it means the Chinese think ahead — and they now have the potential to do it when it suits their purposes.”

This is pretty sensational stuff. Of course, we can’t completely discount this as a possibility. At present, the computer attacks on DoD, defense contractors, foreign governments and dissident groups that have been detected and attributed to China have used typical methods like exploits and social engineering. But maybe they are saving this capability for a special occasion.

In June 2007, a Pentagon computer network utilized by the U.S. defense secretary’s office was hacked into — and traced directly back to the Chinese PLA.

The previous statement isn’t entirely accurate. I don’t believe the Pentagon ever claimed to have traced the attack directly back to the PLA. I think everyone involved probably assumed that based on the type of information that was taken from the compromised computers.

The Chinese had specifically targeted Rolls-Royce and Shell Oil.

The attack on Rolls-Royce used social engineering emails with MS Office exploits. The exploits downloaded PC Share 2005. Nothing too sophisticated.

The author points out that all computers today are either assembled in China or manufactured with parts from China. The implication is that potentially all computers could have corrupt supply chains. This is probably far-fetched. If I were a hostile nation that supplies chips to computer manufacturers, I would probably only use it to permanently disable the computers instead of for intelligence collection. I would probably also target networking gear rather than computer workstations and servers. The investment in that capability would be too great to risk loosing to network detection. It would be better to use it as a way to instantly cripple an adversary’s information advantage.

Speechless…

An angry Chinese lawyer accused Microsoft of perpetrating the biggest ever hacker attack in response to the software giant’s controversial move to trigger hourly screen blackouts on computers using pirated copies of Windows XP. [Cast your vote]

On October 20, Dong Zhengwei, a lawyer of Beijing Zhongyin Law Office, sent a complaint to China’s Ministry of Public Security, accusing Microsoft of invading personal computers without user permission or judicial authorization, the Beijing Times reported.

Dong said the judiciary should assign criminal responsibility for the Windows Genuine Advantage Program so called “Black Screen” scheme and halt this “illegal move”.

To fight software piracy Microsoft announced on October 15 that, starting October 21, Microsoft anti-piracy software would be automatically installed on users’ computers through the routine Internet-based update mechanism. If a computer fails a validation test, the desktop will change to a plain black background when the computer is restarted.

Read it all, Microsoft accused of hacking attack.

Yesterday we posted a story about Chinese hackers gaining unauthorized access to the Japanese Oil and Gas Corporation (JOGMEC), using an SQL injection attack.

Today, Dancho Danchev examines a tool created by the Chinese IT underground designed for just such a purpose:

…the Chinese IT underground has been closely following the emerging threats and the obvious insecurities on a large scale, and so is either filling the niches left open by other international communities, or coming up with tools setting new benchmarks for massive SQL injection attacks…

Just like everthing that Dancho puts out, his analysis of the SQL injection tool is worth the read!

According to the report, the Chinese hackers used and SQL injection attack that compromised the information of as many as 2,400 users:

The official Web site of the Japan Oil, Gas and Metals National Corporation was attacked by an overseas hacker and infected with viruses that can lift information from the personal computers of people who access the site, according to JOGMEC.

Hacking of JOGMEC’s Web site took place on several occasions from overseas, mainly from China.

Some observers have said the incident could be linked to gas exploration projects in the East China Sea. In June, shortly before the site was first hacked, Tokyo and Beijing reached their first ever agreement on joint gas-development projects–a major step in the longstanding dispute over the issue.

However, there was notable backlash expressed online from Chinese people who complained the agreement gave too many concessions to Japan. Harsh criticism of the Japanese government over the projects also was expressed on the bulletin boards and other sites mostly based in China.

On 17 October, Chinese hackers defaced the South Korean Soccer Association website.  According to the article, the Chinese soccer team has suffered a “Korean Phobia” in past encounters with the South Korean team.  This may have been an attempt by the Red Hacker Alliance to show that no such phobia exists…somehow.

The defacement also illustrates that the hackers are not happy with claims that Chinese characters and Confucianism originated in South Korea.

The defacment reads:

“In addition to Confucius, the Emperor and Bush…martians are also South Korean”

I only post this article because it mentions one of Heike’s favorite subjects.

This China Journal article covers news that the PRC government is requiring net cafes to skim ID cards for patrons and to take a photograph for first time users. Advocates of this new measure point to widespread problems with Internet addiction.

On 1 September, we brought you a story about Chinese hackers breaking into the Tsinghua University website to criticise the education system.

Not enough said Chinese hackers! Just 21 days later, Beijing University suffered a very similar attack:

At around 11pm on Friday night, Peking University’s website was hacked and an article, purporting to be authored by the president of the university, Xu Zhihong, was added to the site. The article was a well-written attack on China’s education system entitled something like “University Education at the crossroads: Rethink or continue to corrupt?” 《北大校长许智宏———大学教育，反思还是腐烂？》. It called for structural reform of China’s higher education system and specifically pointed out the need for the strengthening of moral education and for getting rid of incompetent professors who leached on the university system.

This came out a couple of days ago and I didn’t post because there wasn’t a lot of new information.  However, some readers have suggested putting it up and I am here to please:

South Korean Prime Minister Han Seung-Soo on Tuesday warned his cabinet over attempts by Chinese and North Korean computer hackers to obtain state secrets, officials said.

The National Intelligence Service (NIS), Seoul’s main spy agency, said it had told Han that about 130,000 items of government information had been hacked over the past four years.

Chinese Foreign Ministry Spokesman Qin Gang responded at a press conference:

Q: It is reported that the Prime Minister of ROK warned that hackers from the DPRK and China stole more than 130,000 pieces of government information from the ROK in the past four years, could you comment?

A: The Chinese Government opposes cyber crime including hacking. In fact, China is also a victim in this regard. The accusation you mentioned is unacceptable to China. If the ROK did make such accusation, it must produce convincing evidence.