Archive for November, 2008

Nov 28 2008

Chinese hackers targeting US military in Afghanistan

Published by under US attacks

From US New and World Report on Chinese hacker virus exporting information on US military logistics:

This wasn’t the first such cyberattack, and officials said that earlier incarnations of the virus had exported information such as convoy and troop movements here. It was not clear precisely what information, if any, was being pulled from Department of Defense computers by this latest virus, they said.

Officials familiar with the computer attack characterized it as extremely aggressive and said that it originated in China. However, they haven’t been able to determine whether the viruses are part of a covert Chinese government effort or the work of private hackers.

Comments Off

Nov 23 2008

Thanksgiving + Christmas = Virus Holidays?

Published by under Uncategorized

This is one of the headlines blaring on a Chinese hacker website today.  So, use extra caution when opening those holiday e-cards this season!

Speaking of which, I’ll be taking the next five days to visit family and friends for Thanksgiving.  Won’t have the opportunity to post so I’d like to take this opportunity to wish all of you a happy holiday!

4 responses so far

Nov 20 2008

DefenseNews: Chinese cyber attacks on the rise

Defense News presents a rather chilling look at the rising threat of Chinese cyber operations and cyber crime targeting US interests to include defense and industry:

Chinese hackers have been able to steal data as diverse as NASA files on the Mars orbiter’s propulsion system, solar panels and fuel tanks, Army helicopter mission planning systems and Air Force flight planning software.

China has been able to break into the U.S. military’s non-classified NIPRNet, which could give it “the potential capability to delay or disrupt U.S. forces without physically engaging them,” the commission says.

And China continues to strengthen its cyber warfare capabilities. “Many individuals are being trained in cyber operations at Chinese military academies,” the commission report says.

Chinese-made cyber hardware is a threat, too. Computer and network components made in China could be implanted with malicious code that can be activated later to steal, manipulate or destroy critical data, the commission says.

3 responses so far

Nov 18 2008

Chinese hackers and the Kappa Girl video

Published by under Hacking for money

Why do I get the feeling I’m going to regret posting this article? All below the fold, content warning of NOT WORK SAFE.

Continue Reading »

4 responses so far

Nov 18 2008

Chinese nationalism by the Ogilvy Group

Published by under Nationalism

As some of you know, one of the other areas I’m interested in is Chinese nationalism which has a strong influence inside the Red Hacker Alliance.  This study by the Ogilvy group on Chinese nationalism (PDF) and its impact on brands is a must read in order to understand the  social dynamic of nationalism and the internet.

Comments Off

Nov 18 2008

China’s computer virus epidemic shows 12% increase

The newest computer virus stats from Rising Anti-Virus, taken from Jan-Nov of 2008, show a 12.16% increase over the the same time period last year. Rising intercepted over nine million new virus samples with 83.4% of the sample comprised of trojans (5,903,695 samples) and back door viruses (1,863,722 samples). The majority of these viruses were used by hackers to steal virtual property.

While the section of the article I read doesn’t mention it, my guess is that these are third quarter results. If you compare the current chart with 2007, it only shows a 9.86% increase to date. So, keep in mind I’m a linguist, 2007 probably covered the whole year while the 2008 number only covered the first three quarters from Jan-Nov.

The pie chart above gives totals for 2008 as coming from 64% trojans, 20% back door viruses, 12% other viruses and 4% worms.

4 responses so far

Nov 16 2008

PLA armor brigade exercise fails due to computer virus

Published by under Other attacks

According to news.ifeng, an unidentified PLA armor brigade was the victim of a computer virus that caused electronic ammunition resupply orders to show up blank. During the force-on-force, Red and Blue exercise, operations were hampered due to a computer virus that left the main attack force without ammunition resupply.

During the exercise, the Red Army basic command post, command and control station, received information from the main attack force that 3/4 of their ammunition had been depleted. A resupply order was immediately sent to the rear command post. However, after transmission, the order form appeared blank.

Ten minutes later, the main attack force once again sent a request for ammunition resupply. They were told to wait, that the request for resupply had already been processed. In the end, the main attack force had no hope of getting their ammunition. The ammunition was exhausted, people died and the exercise was lost.

NOTE: When the article states that people died, they are speaking in terms of the exercise. There were no actual fatalities.

It was later determined that the exercise failure was brought on by unpatched computer terminals that allowed a virus into the system. In response, the armor brigade established a comprehensive network security group and procedures for handling computer security issues.

Li Jintai, the commander of the armor brigade, located in the Guangzhou Military Region, commented, “when you sharpen your sword, you must not forget to cast your shield.” Commander Li further stated, “Due to patches not being installed, the infecting virus led to the failure of the exercise and this sounded alarm bells for us. When you sharpen your sword, you must not forget to cast your shield. Network technology provides the prerequisite for ‘informationized’ combat, it raises command efficiency. However, if there is insufficient importance attached to information security, a lack of network defense consciousness and methodology, it can leave a crack that your adversary can take advantage of and lead to grave consequences.”

10 responses so far

Nov 15 2008

Chinese hackers hit International Monetary Fund

In October, Chinese hackers were able to gain access to the World Bank and this month it seems they have penetrated the International Monetary Fund. The analysis, provided by a former British intelligence officer, concludes that China is using this information for geopolitical leverage during the global financial crisis. Certainly sounds plausible but skips several steps in the process of getting from point A to point B in my opinion.

What the Chinese are particularly interested in at the IMF is what loans the IMF is likely to give to other countries,” says Nick Day, a former British intelligence officer who runs Diligence, a private investigative firm that does extensive work for many international corporations and institutions.

“The geopolitics of this is that essentially you’ve got a few countries in the world that are stacked on huge foreign capital reserves — Russia, China, Japan, the Middle East — and the rest of us are pretty much borrowers to those lenders.

“And what the Chinese are looking to do is to get influence over a number of third world countries where there are assets in particular, where there’s minerals, oil, etc. — where there’s wealth that would be strategically useful. And if the IMF is not going to bail them out, or is going to bail them out at a rate which is fairly punitive, then the Chinese can go into those countries and say, “Don’t go to the IMF. Come to us. We’ll bail you out and we want exclusive deals over the next 20 years to all your mining concessions in your country, access to mineral wealth, access to oil’— all the raw materials that China is going to need to keep carrying its economy forward.”

3 responses so far

Nov 13 2008

Chinese hacker attack flowchart

hackerchart

Double-Click to Fully Enlarge

This Chinese hacker intrusion flowchart above, taken from Stuhack, clearly demonstrates Chinese hackers have developed a methodology to their attacks.

The first thing that popped into my head when I saw the chart was the Police song, “Murder by Numbers.”

Is this intrusion chart unique? Probably not. Could they have taken it from someone else? Sure.

As always, many thanks to Jumper for helping me to get the correct terminology. I really had some of them botched.

4 responses so far

Nov 11 2008

Chinese hackers turn PCs into zombies with MS08-067

Published by under Uncategorized

Wolf Fang Zombie Maker

According to WebSense Security Labs, Chinese hackers are using a new tool to compromise PCs and install the bot of their choice on them. The tool is probably intended for installing password stealing trojans. The tool is called “wolfteeth bot catcher” and lets the user enter an IP range to compromise by exploiting the MS08-067 vulnerability. The exploit then downloads and executes a file of the operators choosing. Cool stuff. I’m working with Heike to get a copy of this tool. When I get it, I intend to use it to install a photo-rotation screensaver with pictures of lolcatz.

See the full article here.

8 responses so far

Next »