Archive for January, 2009

Jan 31 2009

1 million registered Chinese hackers

Published by under Hacker Organization

It is hard to believe that a man is telling the truth when you know that you would lie if you were in his place.

-H. L. Mencken

The Chinese hacker website Hackbase has been running a promotion during the holidays trying to bring their number of registered members up to one million.  On 30 January, they announced the achievement of that goal.

The lucky one millionth customer registered under the name Vpn88 and got prizes worth nearly 3,000 yuan.

  1. A Hackbase Diamond Membership for one year, valued at 988 yuan
  2. A set of seven Hackbase special training classes valued at 1,800 yuan
  3. A 4G thumbdrive valued at 80 yuan
  4. An honorary Hackbase forum medal
  5. 1,000 in Hackbase forum money (?)

I’m a skeptic by nature but there may be some truth to this claim. Hackbase has been around for six years and gets a lot of traffic.

hackbasestats2

You might even call them a “player

hackbasestats

3 responses so far

Jan 31 2009

China: First porn, now maps

Published by under Censorship,China internet

nomap

The State Bureau of Surveying and Mapping (SBSM) and Central Propaganda Department, along with various local areas, are in the process of reviewing online mapping and geographical information websites to determine if they present a threat to national security.

According to the report, Chinese citizen’s territorial consciousness needed to be strengthened, the mapping marketplace required order and online “problematic maps” needed to be decreased.

The SBSM used technical methods to carry out an internet search and discovered there were 15,648 mapping sites.  Among these, 14,760 published maps and 888 provided geographical information services.  According to incomplete statistics, there were actually over 41,000 such sites, of which 8% posed a problem.

An SMSM spokesman said that despite the illegal actions of online mapping and geographical survey services, the “management” work had obtained tangible results but that problems and deficiencies still remained.  Online mapping presented a serious political problem and there was a high-degree of danger in revealing secrets.

Blah, blah, blah…the state would continue to carry out this work and develop a state approved map, available to all.

When China announced a crackdown on porn sites, you would have thought the internet exploded.  Daily updates on the number of porn sites shut down.  Now they come for maps…crickets.

2 responses so far

Jan 30 2009

China’s taboo New Year text messages

Published by under China internet

禁忌

(taboo)

Due to the worldwide financial crisis, some very traditional Chinese New Year text messages have made an informal blacklist.

For example take the Chinese New Year phrase 财源滚滚, the first two characters refer to finances and the last two speak about an increase.  Wishing your friend an increase in financial fortunes.  However, another set of characters (裁员), with the exact same pronunciation in Chinese as finances, means to lay off employees. Wishing your friend many layoffs.  Bad juju.

Also, the traditional New Year’s phrase 招财进宝 clashes with 遭裁禁饱.  Again, the sounds are very similar in Chinese but the first phrase means to usher in wealth and prosperity while the latter to suffer a cut in pay.

One response so far

Jan 29 2009

Chinese hacker blooper…but success!

Published by under UK Attacks,US attacks

There isn’t a day that goes by that I don’t thank karma for Jumper.  He was blessed with the gift of not making people feel stupid for asking really dumb questions.

Me: It really hurts when I touch the light socket, what should I do?

Jumper: Hey, great question! Stop doing that.

He is good to me that way.

Over at 7747.net, the New Year holiday has been a bit hectic for one of the boys.  He has taken over the job of website moderator and wants to keep the conversation lively.  Not a slacker by any means, he has been using the holiday season to sharpen his skills at manual SQL injection.  Our guru has posted his SQL injection attack on New York University and wants a little feedback/review of his methodology.

Problem: New York University is in the US.

Blooper: Our pilot drifts slightly east of target and hits York College in the UK.  Hey, we have all been there.

I could only tell that this was an SQL injection attempt and that he wanted to go after NYU and missed; then other stuff happened.  What, I had no idea.  So, I sent a note to Jumper pleading/begging for guidance…he was good enough not to laugh.

I will now turn you over to the smart guy on this site:

Jumper: That appears to be the wrong target indeed. It seems like he was able to obtain a username and password and that he used manual techniques to do this rather than HDSI or NBSI to automate it.  This PHP/MYSQL combination is a popular target for SQL injection and remote file includes (RFI).  Javaphile wrote a paper on blind SQL injection by the way.

Oh yeah – SQL Injection.  You probably know a little about database queries and boolean logic already.  SQL injection is basically where a hacker is able to escape the query structure and add additional queries such as username/password.

In the most classic example, one can inject ‘or 1=1– into the username field of a web form and authenticate as the first user in the users table.  The ‘or 1=1– bit forces the query to evaluate to true every time instead of actually comparing the input with a username in the table.

UPDATE: For those of you concerned, an attempt has been made to contact York College an inform them of the possible compromise.

Comments Off

Jan 29 2009

Zhang Ziyi (章子怡): Top food or drink?

Published by under China internet

Zhang Ziyi

According to the results of our first poll (if you liked or disliked non-hacker related postings), I’m about to annoy around 9% of you.  Still having fun with Google Insight and decided to see what types of food and drink people worldwide were searching for over the last 30 days.

zhangziyi

Imagine my surprise when I found out it was Zhang Ziyi; she even beat out the peanut butter recall.  The “breakout” tag means over a 5000% increase.  So poll number 2:

[poll id="4"]

Comments Off

Jan 27 2009

Chinese body art 人体艺术

On 18 January, we gave you a look at how to spot hot trends in China and the possibility that Chinese hackers were using similar tools to find targets for malware.  Getting the most bang for your buck.  Today, I’ve decided to see if my knowledge is worth anything.

Prediction: “Chinese body art” sites and body art pictures (人体艺术照片) will be high on the list for hackers.  Why?

insight

According to Google Insight, there has been a 2400% increase in the number of searches for this term over the last seven days.

baidurenben

It is also showing up in the #19 spot as hot searches on Top Baidu.  What is Chinese body art?  Shhh, it’s pron.  Artsy pron.  Let’s see, China announces crackdown on pron…now this “art” makes the top searches on Google and Baidu.  Hmmm?

Going back to Google Insight, you can get your tags for search engine optimization over the past 30 days:

1. 艺术照片

2. 人体艺术

3. 人体

4. 人体艺术图片

5.  人体写真

Really want to get fancy and you could add cities:

insight2

6 responses so far

Jan 26 2009

Happy Niu Year: 18 billion text messages

Published by under China internet

新牛快乐

From: China.org.cn

China’s mobile phone users might send more than 18 billion text messages during the week-long Spring Festival that runs until January 31, telecom operators said Monday.

Many of this year’s messages feature a play on words. Under the lunar calendar, 2009 is the year of the Ox, or “niu” in Chinese. So millions of people have gotten greetings saying “Happy Niu Year.”

Text messaging has become increasingly popular during the festival, the biggest holiday in China. Last Lunar New Year, 17 billion messages were sent, compared with 15.2 billion in 2007, 12.6 billion in 2006 and 11 billion in 2005.”

The article fails to mention how many of these might be virus induced.

3 responses so far

Jan 25 2009

Baidu’s logo for New Year’s 2009

Published by under China internet

baidu2009

Not really what you would call an arts sort of guy but for some reason I always enjoy seeing what Google does with their logo during the holidays.  Weird.

So, I give you Baidu’s.

Comments Off

Jan 25 2009

Chinese New Year text messages: “Extreme Danger”

happy2009

From: 022net.com

Do you send text messages to your friends, colleagues and customers wishing them well or a Happy New Year?  The answer for the majority of people is, definitely.  Recently, I’ve received many text messages, all in regards to wishing me well and Happy New Year.

With the New Year approaching, the cell phone virus has entered a period of “extreme danger,” so remind your friends to be on the lookout for spam text messages.

Fortunately all you have to do with spam text messages is delete them but they are no joke.  A viral outbreak can cause the cell phone to stop working,  data loss, spread junk mail and dial out to other phones.  It can also destroy hardware such as the SIM card and chip.

(In here how to defend against viral text messages, not translated.  Skipped to more interesting portion of the article)

Capital media reports that cell phone user Mr. Zhang received a pornographic text message from an unknown number, after opening the text, his cell phone continuously sent messages to people stored in his contact list.  The text message harmed the reputation of over 700 people.  Victims sent their cell phones to the service center in order to remove the virus, costing over 200 yuan.  A security expert said the virus contained a website address and transmitter virus.   After the virus is installed, there is no immediate abnormal behavior but after 30 minutes the virus links to the net and transmits text messages every 10 seconds.  Sending out text messages at this high rate can run up user fees.  It is possible the virus is also able to subscribe users to certain unwanted services, driving up charges.

According to China Mobile, the company blocked over 4 billion pieces of junk mail in the first half of 2008.

One response so far

Jan 25 2009

Tokyo police department network shutdown

Published by under Other attacks

According to Worldwide Net, the Tokyo Metropolitan Police Department network was shutdown from January 22-24 due to a computer virus.  Department officials thought the possibility it was a hacker attack minimal and that the infection was more than likely introduced by a thumb drive.

First found this in Chinese hacker related postings, so I thought it might be interesting.

3 responses so far

Next »