The Dark Visitor

H/T: Eastwood

According to BBC News, China is developing a more sophisticated approach to spinning public opinion on the internet by using paid surrogates to promote positive government positions.  The group has been given the title,  “the 50 cent Party,” based on the amount of money (Renminbi) they are paid for each posting made in favor of the government:

China is using an increasing number of paid “internet commentators” in a sophisticated attempt to control public opinion.   These commentators are used by government departments to scour the internet for bad news – and then negate it.

They post comments on websites and forums that spin bad news into good in an attempt to shape public opinion.

Chinese leaders seem aware that the internet – the only public forum where views can be freely expressed – needs close attention.

Huawei once again makes the news as Australia ponders allowing them to work in partnership with Optus to build a 15 billion dollar broadband network:

Security agencies will closely examine the bid lodged by Singtel Optus, which is believed to propose the involvement of Chinese telecommunications equipment-maker Huawei Technologies to help build its network. Huawei was the subject of a US congressional investigation on national security grounds this year after legislators expressed concern about its links to the Chinese military and intelligence apparatus. The concerns led Huawei to withdraw from its joint $US2.2billion ($3.3billion) bid to buy a stake in US internet router and networking giant 3Com.

iDefense 2009 Cyber Threats and Trends via Earthtimes:

Additionally, cyber warfare has become a reality in today’s political climate, and several regions are seeing a rise in politically and financially motivated activities. According to VeriSign iDefense, Russian hackers are the most effective group when it comes to cyber fraud, while Chinese hackers utilize amateur hacking groups for low-level espionage operations.

Very informative article from Cyber Crime Updates on Chinese InfoTech espionage:

BANGALORE: A few months ago, a major Bangalore-based infotech company lost out on a $8 million contract. The company was expecting a business delegation to visit India before signing the contract, but 15 days before the date set for the deal, the meeting was abruptly called off.

The same team went to China instead. When the Indian firm investigated the matter, it discovered a gaping hole in its security. The computers of several of its top executives had been compromised by Chinese hackers and privileged information leaked to a Chinese competitor, who walked away with the deal by quoting a lesser price.

Chinese hackers are targeting French Embassy websites all around the world to protest President Nicolas Sarkozy’s visit with the Dalai Lama.

According to hack4.com, featured in CNN documentary on Chinese hackers, the following French Embassy websites were successfully defaced:

法驻美国大使馆:http://www.ambafrance-us.org/
法驻英国大使馆:http://www.ambafrance-uk.org/
法驻中国大使馆:http://www.ambafrance-cn.org/（最新消息，已经恢复正常） (Repaired)
法驻加拿大使馆:http://www.ambafrance-ca.org/

Visiting all of the above websites shows that either they were not defaced or have been repaired since the attack. Hack4.com points out that the following websites have not been hit, suggesting they are future targets:

法驻日本大使馆:http://www.ambafrance-jp.org/
法驻冰岛大使馆:http://www.ambafrance-is.org/

Hack4.com’s gives this screenshot of the reported hacked website(s) (Deleted):

UPDATE: Better screenshots of the defaced French Embassy websites from 7747.net:

(Sorry guys, just updated to Wordpress 2.7 and having a few problems.  Can’t seem to get the screenshot to enlarge when you click on it.  The three defaced websites are the US, UK and Canada.)

UPDATE: Once again, Eastwood has set me straight. Linked the image through the Chinese hacker website and now you should be able to pull up the graphic.

From the Register:

Chinese security researchers have admitted that they inadvertently released code that might be misused to exploit an unpatched Internet Explorer 7 vulnerability.

Scripts to pull off the trick were already on sale in underground forums before the inadvertent release. Even so, anything that increases the likelihood of digital delinquents getting their hands on the exploit is unwelcome.

VeriSign’s iDefense security division reports that attack code was up for sale at prices of up to $15,000 through underground forums. Prices are likely to slide following the escape of assault code from labs run by KnownSec.

Now I wonder what group would do a thing like this?  Once again from the amazing Danchev on IE7 XML parsing zero day exploited in the wild:

Despite that the malicious domains remain injected at legitimate Chinese sites and forums as iFrames only, this could easily change so that more legitimate international sites start getting targeted. What are they after this time? Passwords for popular online games in China.

Since when is it a good idea to use G-mail for official communications? The Prime Minister says, “never!”

The Prime Minister’s Office (PMO) has instructed its officials not to use Google mail for official communication after Chinese hackers accessed the PMO’s internal networking systems.

The Chinese also hacked the Ministry of External Affairs’ internal communications network, and the National Informatics Centre (NIC) also fell victim to an attack supposedly aimed at the National Security Council.

The Chinese hacked the communication networks of officials and accessed emails used by the officials to communicate policy and decisions to other ministries and sectors of the government. The cyber attacks are believed to have been launched from dial-up internet connections in China. Up to four cyber attacks by Chinese hackers are reported on Indian servers daily.

The NIC traced the IP addresses used for attacking the PMO’s communication networks to China. They found that Google mail or Gmail was the main target of the Chinese hackers. Following this, the PMO has instructed its officers and staff to refrain from using Gmail for official communication.

Chinanews.com is reporting that the official government website of the Jingzhou Municipal Bureau of Commerce has been defaced with the picture of a girl in a bikini.  The article discusses the lack of security in Chinese government websites and speculation on why the website was hacked.

Update from jumper: Please see this article about googling defaced Chinese .gov sites.

Screenshot from Windows 7 Center

From iTWire on leak of Windows 7 build 6956:

The Windows7Center.com site is where I first read of the 6956 build leaking to the Internet.

The site says: “The impossible has been done again and pirates all over the world are busy trying to obtain the more updated build of Windows 7- build 6956.

“Just a day after WinHEC China began, an attendee from the conference managed to slip a Virtual Hard Disk (VHD) image of Windows 7 Build 6956 onto a portable device and upload it via torrent to the world.

“You’d think that Microsoft would have some sort of security enforced to keep this from happening after how hard they’ve been trying to prevent any leaks. The uploader from the PCBeta forum uses the alias Edward_Han, and is seen by the Chinese Windows community as a hero. The community has been referring to him as Edward_Han the hero, and even Master Edward_Han.”