The Dark Visitor

Book title: Chinese hackers

No doubt, many of you are wondering what to get us for the holidays. Well, worry no more, China’s Xinhua Online Bookstore has you covered.

Checked out their selection on hacking and found a total of 270 books on the subject.  While many of these are just translations from the US and other sources, they did have original manuscripts such as the one above.

Got bored after the first hundred or so titles and a thought hit me, what would happen if I searched for books on the Falun Gong (法轮功)?

Looking for “Taiwanese Independence” and “Free Tibet” simply returned zero hits.

(Amazon.cn also kicked me off for Falun Gong search)

NOTE: The thing about holiday gifts was a joke, a JOKE.  Sometimes my online humor doesn’t translate very well and I get e-mails asking if I was serious.

At least there seems to be evidence that two of the six major attacks originated from IP addresses inside of China:

In total, at least six major intrusions — two of them using the same group of IP addresses originating from China — have been detected at the World Bank since the summer of 2007, with the most recent breach occurring just last month.

In a frantic midnight e-mail to colleagues, the bank’s senior technology manager referred to the situation as an “unprecedented crisis.” In fact, it may be the worst security breach ever at a global financial institution. And it has left bank officials scrambling to try to understand the nature of the year-long cyber-assault, while also trying to keep the news from leaking to the public.

Dr. Antonio Nucci, Chief Technology Officer at Narus writes:

Last April, a politically motivated Chinese blog called “The Dark Visitor” rallied hackers to launch a DDoS attack on CNN.com for its coverage of the relationship between China and Tibet.

Just CRAP!!!

Filed under: Evil and/or Stupid (for the latter)

New group to keep an eye on: J. Leaves “Security Team”

Zero-Day exploit group: http://00day.cn

As with most of my posts, I was looking for something else and bumped into this group.  It seems they found a crack in a section of the JSP version of eWebEditor (1.4 and older) on August 30th and have just released the code.  No, I will not link to the code.

The eWebEditor is an HTML editor put out by a Chinese company located in Fuzhou, Fujian.

Yes, I did send the company an e-mail:

We, at the Dark Visitor, strive to be good citizens of the international community.

Recently I’ve been interested in China’s Cyber Police and how they function. Nothing worth sharing yet but some of our readers are Chinese linguist and might find this map and links to cyber police websites interesting.

On a side note, many of the web addresses for Chinese cyber police stations include the number 110.   For example, the Shandong Cyber Police web address is http://www.sd110.gov.cn/.  In China, as well as Taiwan, 110 is similar to the 911 emergency number.  However in China, 110 is the exclusive contact number for the police.  Other emergency services, such as the fire department, use different contact numbers.  The fire department’s number is 119.

Chinese Cyber Police links just below map.

While in Beijing, I went to the Silk Market and decided to purchase one of the many “Rolex” watches on sale.  The girl sitting behind the stall told me that for the low, low price of US $10 she would reluctantly part with this prize possession. Finally, weeping and wailing, she let it go for three bucks and cursed me and all my descendants.  The next day the watch made a weird noise, began to heat up and made a small burn mark on the top of my wrist.  True story… well, there is at least a place called Beijing in China.

For our next story, let’s replace me with Department of Defense and Rolex with microchips.  What could possibly go wrong?

The American military faces a growing threat of potentially fatal equipment failure—and even foreign espionage—because of counterfeit computer components used in warplanes, ships, and communication networks. Fake microchips flow from unruly bazaars in rural China to dubious kitchen-table brokers in the U.S. and into complex weapons. Senior Pentagon officials publicly play down the danger, but government documents, as well as interviews with insiders, suggest possible connections between phony parts and breakdowns.

Counterfeit routers may pose an even greater danger:

Referring to the seizure of more than 400 fake routers so far, Melissa E. Hathaway, head of cyber security in the Office of the Director of National Intelligence, says: “Counterfeit products have been linked to the crash of mission-critical networks, and may also contain hidden ‘back doors’ enabling network security to be bypassed and sensitive data accessed [by hackers, thieves, and spies].”

Business Week lays out the who, what, when, where and why …defective Chinese computer components finding their way into US warplanes and ships.

The WSJ – China Journal blog covered a recent report (pdf) by Nart Villeneuve of the Citizen lab that details some very interesting findings about PRC government monitoring of “Tom-Skype“, the Chinese localized version of Skype.

It probably isn’t suprising to anyone that Tom-Skype is being monitored. “Breaching Trust” details the process by which conversations with matching keywords are uploaded to a webserver. The suprising bit is that the server is pretty much accessible to anyone. From the report:

The full text chat messages of TOM-Skype users, along with Skype users who have
communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and
if present, the resulting data are uploaded and stored on servers in China.

These text messages, along with millions of records containing personal information, are
stored on insecure publicly-accessible web servers together with the encryption key required to
decrypt the data. 

Update (2 Oct 08, 1617GMT): Some other news organizations have picked this up:

- International Herald Tribune
- CBC News Canada
- Wall Street Journal posts Skype’s response