The Dark Visitor

(UPDATE: Didn’t feel comfortable with the translation “Peek-a-boo,” so did a little more looking and found it could also mean “hide and seek” or even “blind man’s bluff.”  However, it can mean Peek-a-boo, so the title is staying.  You get the point.)

Going to have to do a quick summary of this story because my boss expects me to show up at work today (bastard):

1) Guy gets arrested in Yunnan for cutting down lumber illegally.

2) Later, according to officials, he is killed in the jail after playing “Peek-a-boo” in his cell with another inmate.  Just the game, no other meaning.

3) Tons of people question why grown men would be playing a child’s game in prison. They don’t buy the story and demand an investigation.

4) Public officials try some online public relations and invite the Human Flesh Search Engine to help investigate the incident.

5) Human Flesh Search Engine organization calls BS on the PR move and wants access to the surveillance cameras in the prison.

6) Officials claim they don’t allow that.

7) Yunnan government website gets hacked leaving references to popular internet slang terms such as; “the push-up” and “buy soy sauce.”

Push-up: Being inconvenient or unwilling to comment

Buy Soy Sauce: Expressing that one has no knowledge of something, or have no comments, an attitude of minding one’s own business.

(background on the origin of these terms at Chaile)

New Chinese internet slang “Peek-a-boo”(躲猫猫) is born.

Now I gotta go to work.

According to Kingsoft Anti-Virus, the “Crab Group” is one of China’s top-5 virus dissemination families and responsible for the recent infection of around 30 million computers.

Kingsoft’s 2008 Year-End report reveals that within hacker circles, the majority of money is earned by establishing viral dissemination chains.  While a virus author may earn a salary of one million yuan a year (approx USD 150,000), it was possible for a viral dissemination group to earn ten million yuan (approx USD 1.5 million) yearly.

The Crab Group had gained access to a unidentified trusted server in Guangdong, uploading viruses and trojans on popular websites.  The group had been using the “Cat Ringworm” virus, a.k.a Charging Bull, as their primary dissemination tool and infected around 30 million computers.

For background on the Chinese hacker virus industry chain read here, here, and here.

First, even though Mr. Minnick was kind enough to mention me in this report, he did all of the heavy lifting and investigation.  My VERY limited contribution to his work was simply commenting on things he uncovered.  The equivalent of one person watching someone else work and telling them your opinion of their labor.

Defense News
02/23/09
Chinese IT Firm Accused of Links to Cyberwarfare
By WENDELL MINNICK

TAIPEI — In the past 10 years, Beijing-based Venus Info Tech has become the dominant provider of information technology (IT) network security to the Chinese intelligence and military community.

It also has been accused of providing hacker services that help the Chinese government penetrate foreign government computer networks. Sources also accuse Venus of helping Beijing build the “great firewall of China,” by developing software to monitor and control the domestic Internet.

Finally, Venus has operating agreements with Microsoft and other non-Chinese firms, which Western observers say may help Beijing find vulnerabilities in other governments’ networks.

The firm “is heavily party affiliated and the company personnel go through party indoctrination because they handle state secrets,” said Scott Henderson, author of the book, “The Dark Visitor — Inside the World of Chinese Hackers.”
“I would be very worried about U.S. companies working with this type of organization; [it] gives them too much access.” Venus officials declined requests for an interview.

Continue reading on the Venus story by Wendell Minnick…

UPDATED: My apologies to Mr. Minnick, I didn’t notice he had this story up on his personal blog so I have deleted the full story and left the teaser.  The rest of the story is continued on his blog.  Please click over there.

Reports have emerged that the Russian Navy sank a Chinese cargo vessel impounded at the port of Nakhodka for alleged smuggling. After the Chinese ship, named New Star, left port without permission, a Russian Navy cruiser chased the ship and fired 500 rounds into the vessel causing it to sink.

Sixteen sailors from the ship boarded two lifeboats but only one was successfully rescued by the Russian Navy.  The other eight men, three Chinese and five Indonesians, aboard the remaining lifeboat were lost at sea.

(If you read the mix of these two reports, the numbers differ.  Other reports say it was the Russian Coast Guard and not the Russian Navy that sank the ship.)

Chinese hackers have protested the sinking of the vessel by defacing the website of the Russian Consulate in Shanghai.  At this time, the consulate’s website is still down:

In the book, Geography of Thought,  author Richard Nisbett puts forward that “those brought up in Western and East Asian cultures think differently from one another in scientifically measurable ways.”

His work looks at cultural psychology through the lens of Aristotle vs. Confucius and linear vs. comprehensive thought.  Dr. Nisbett performs several cultural experiments to test his hypothesis which shows markedly different results between East Asian and Western thought.  A question occurred to me, which mindset is better suited to the application of cyber warfare?

Linear thinking will look at a problem and begin dissecting it block by block to understand the whole of a thing.  Comprehensive thought will examine it a holistic manner ignoring the individual blocks.  Is cyber terrain best understood through a sum of the blocks or does the sum of the blocks change its nature?

Jumping around a bit, let’s also look at Kevin Kelly’s predictions on the Next 5,000 Days of the Internet.  His lecture was fascinating in many aspects but one point struck me as particularly insightful; all of our electronic devices are simply windows into the “Machine.”  Interaction with the Machine is forcing us to share more and more of our personal information and develop different patterns of thinking in socialization.  Do these patterns favor Aristotle or Confucius; individualism or collectivism?

Other random thoughts:

1. Was Ender’s Game ahead of its time?
2. Is there a Geography of Cyber Thought?
3. Do the younger Western and Eastern generations present a hybrid of thought?
4. Should I drink beer and post articles?

I’ll just leave you with the questions, discuss among yourselves.

If your potential pool of competitors includes Chinese hackers, you may want to rethink canceling their competition.

The Secretary General of the Chinese Computer Association announced that they were not going to hold the National Olympiad in Informatics Competition and someone took it poorly.

In one day the hacker defaced the websites of the China Computer Federation, the National Olympiad in Informatics and the CCF Young Computer Scientists and Engineers Forum to protest the cancellation:

As a parting shot, the hacker asks if hacking these three websites has won him some sort of a prize?  So, that’s kind of funny.

Things that freakin’ haunt you.  Once when I was in Beijing, a teacher asked me about the meaning of the phrase, “dressed to the nines.”  She was using the Madonna soundtrack, “Don’t Cry for Me Argentina” to help her class learn English:

Me: Oh, it means to be well dressed.

Her: (Horror!!!) What is the origin of this phrase?

Me: Well…it came from.. history…about…stuff.

Her: If you don’t know answer, that is okay.  I’ll ask someone else.

Me: No, I’m sure that is the meaning…really!

Okay now I know.  Still, a horrible feeling.

I often have this fear of not being able to answer simple questions about things I should know.

So, in the interest of useless knowledge, the origins of the word Baidu.

What does the Charging Bull have in common with the Chinese Vampire? According to Dr. Shi Xiaohong, who performed extensive analysis on the two viruses, they were written by the same author.

Sina Tech News has been reporting on the rapid spread of a relatively new virus called “Charging Bull.” Probably got the name from appearing around the same time as the Chinese New Year, Year of the Ox.  Let’s face it, “Charging Ox” does not sound cool.

In June of 08, we told you about Chinese Vampire and later the next month about the big controvery surrounding the original author.

Well, we now know why the Indian Ministry of External Affairs sent out the directive to stay off the internet.  An investigation has determined that over 600 of the ministry’s computers were infected by spyware that “can track or take control over user’s actions” and send duplicate emails to another email ID.

Sources noted that some of the compromised computers included the “sensitive” Pakistan section and the offices of “senior Secretaries” and “Joint Secretaries.” The initial investigation suggested that the server involved in this breach was located in China.

Jiangmin Anti-Virus is warning that the E-Rose Virus is making the rounds this Valentine’s Day.  In 2006, China had the largest number of computers infected from the spread of this malware.