Jul 19 2009

Leader of Chinese hacker group that planned DDoS attack on CNN identified

In April of 2008, we reported Revenge of the Flame‘s plan to carry out a DDoS attack on the CNN website.  A series of events during that time period enraged the Chinese online community: European nations harshly criticized China’s response to the Tibetan uprising; pro-Tibetan independence protesters in Paris tried to snatch the Olympic torch from the hands of a wheelchair-bound Chinese female athlete; and Jack Cafferty, a CNN commentator, referred to Chinese products as “junk” and called the Chinese government “goons and thugs.”   In response to these insults, Anti-CNN called for overseas Chinese in Europe to wave the Chinese flag and raise their voice to the sky.

In response to these same events, a hacker, using the online name cn_magistrate, formed a group called Revenge of the Flame and announced his plan to carry out a DDoS attack on the  CNN website.  We followed the events as calls went out for Chinese netizens to join the action.  We were there when cn_magistrate called off the attack and disbaned the organization.  Then he vanished…



Cold Case:  Yeah, we keep looking.  Finally located him through a combination of e-mail address, website and online name.   Below are the results of a Whois search we conducted on the associated website during the time of the attack (Notice the website name and e-mail address):

Domain Name: hacksa.cn
ROID: 20070811s10001s50288265-cn
Domain Status: ok
Registrant Organization: 判官
Registrant Name: 判官
Administrative Email: Kenan2677@126.com
Sponsoring Registrar: 北京万网志成科技有限公司
Name Server:ns1.okidc.com Name Server:ns2.okidc.com
Registration Date: 2007-08-11 11:59
Expiration Date: 2008-08-11 11:59


Hacksa.cn website letter

The image seen above was taken from cn_magistrate’s current blog showing the old URL  hacksa.cn,  which was associated with the CNN attack.


This reply from cn_magistrate in the comments section of his blog shows the e-mail address  Kenan2677@126.com, used to register hacksa.cn.



He claims to be a Taiwanese citizen…

I’ve written to cn_magistrate and asked if he will talk to us about the incident.  Off topic, did anyone hear the news about Taiwan and the US coming closer to an extradition agreement?  That would be cool.

3 responses so far

3 Responses to “Leader of Chinese hacker group that planned DDoS attack on CNN identified”

  1. Vladimiron 26 Jul 2009 at 9:30 pm

    Hi, IMHO his “location” remains in doubt.

    1: Just check out the “album” page at cn_magistrate’s blog. You’ll see an image titled “SA权限入侵!”(http://hi.baidu.com/hack666/album/item/8f863e1778db03004a90a7b2.html)

    2: You’ll see a QQ number in the error message window. After short googling you’ll find an interesting message posted at LZX’s Blog (http://hi.baidu.com/zxhouse/blog/item/987b17340806554d251f1410.html).
    Yes, that’s it! 65924779 is his own QQ number!

    With this number sooner you will stumble upon an another intersting page at hi.csdn.net. Here’s his different self-introduction that reads he lived in Xinjiang Urumqi circa 2007.

    So his current location (Taiwan) smells bit fishy.

  2. Vladimiron 26 Jul 2009 at 9:32 pm

    Oops nearly forget, the another vers of his self introduction is at http://hi.csdn.net/cn_panguan/
    (panguan means magistrate of course)

  3. Heikeon 26 Jul 2009 at 11:13 pm


    Great finds and I agree with you on the Taiwan issue.

    Jumper was the first one that pointed it out to me after I sent him the link. At that point I hadn’t even read that much of his profile. It hit both of us as rather odd.