The Dark Visitor

UPDATE: The full report on Ghostnet available here.

The group Information War Monitor conducted a 10-month investigation into the activities of Chinese hackers and their final report will be released on Monday:

A China-based cyber spy network has hacked into government and private systems in 103 countries, including those of many Indian embassies and the Dalai Lama, an internet research group said here Saturday.

The Information Warfare Monitor (IWM), which carried out an extensive 10-month research on cyber spy activities emanating from China, said the hacked systems include the computers of Indian embassies and offices of the Dalai Lama.

Just damn, damn, damn.

When a reporter makes several attempts to contact you, get back with the guy.  The author of this article, Oded Yaron, tried numerous times to get in touch with me and we missed each other.  My fault, not his.  He still gave our website a plug without mentioning that one of the people that blogs here is a real jackass.  Thanks!

My apologies to Mr. Yaron and from his report, Virtual battleground attacks Hezbollah’s soft underbelly:

Last week, while trying out breaking-in tools developed by Chinese hackers, an Israeli Network security company, Applicure, brought down the Hezbollah Web site (hizbollah.tv), using no more than 10 bots, which are computers controlled by hackers.

The 2009 Annual Report to Congress on the Military Power of the People’s Republic of China is out.  Yes, it does talk about cyber warfare and hacking, enjoy.

Here is your link to the PDF file.

Hackers gotta eat too.

Robert McMillan, from IDG News Service, provides another great article looking at the Chinese cybercrime industry:

With China’s economy cooling down, some of the country’s IT professionals are turning to cybercrime, according to a Beijing-based security expert.

Speaking at the CanSecWest security conference last week, Wei Zhao, CEO of Knownsec, a Beijing security company, said that while many Chinese workers may be feeling hard times, business is still booming in the country’s cybercrime industry.

Read the full article on China Becoming the World’s Malware Factory

This was provided via Terri at Tipping Point (a must read blog):

I’ve been out of the loop for a bit lately, the real world has been calling.  Terri makes a great point that this is an important article to understand:

A veteran Chinese intelligence officer who defected to the United States says that his country’s civilian spy service spends most of its time trying to steal secrets overseas but also works to bolster Beijing’s Communist Party rule by repressing religious and political dissent internally.

Read more here:

Zhao Wei, CEO of Knownsec (aka icbm, formerly with Venustech and McAfee) gave a presentation at the recent Cansecwest security conference.  The presentation was covered by securityfocus.com yesterday.  In the presentation, Mr. Zhao asserts that all of the attacks that are coming from China are the result of its many compromised computers.  Further, any country that wanted to launch a targeted attack on its adversaries could use China as a jumping-off point in order to hide their true origin.

Many people who haven’t been involved in studying targeted attacks would probably agree with this assessment.  There is a lot of malicious traffic coming from China.  It tends to get noticed by organizations that don’t have any business in China.  There is a lot of truth to ICBM’s presentation and it seems likely that Chinese hackers don’t control all of the Chinese bots.

However, it isn’t just the IP address that we have to go on.  In many cases, it is the type of information that the attacker took from the compromised target that indicated their origin.  There are a lot of similarities between attacks on Chinese dissident groups, Defense, government and contractors that warrants a closer look.  Commenters on articles like this usually note that the US, UK, EU are all doing this too.  That may be the case  but there isn’t nearly as much press out there speculating about countries other than China (and Russia).  Well, there is a small bit about Germany at least.

From Techspot:

Apple may have a big problem on its hands with iTunes gift cards. According to Chinese record industry consultancy firm, Outdustry, the algorithm behind the cards has been cracked and as a result $200 voucher codes are being sold for as little as $2.60 online.

Read the rest here.

Warnings are going out from Chinese anti-virus companies to use caution when shopping online for women’s clothing.

International Women’s Day will be celebrated around the world on 8 March and security personnel have issued a warning that fashion websites are highly attractive targets for Chinese hackers.

Who knew?