Archive for the 'China internet' Category

May 30 2011

Unemployed PRC prick hacks TV contestants’ webcams (RSA tokens probably not involved)

Published by under China internet,Cyber Crime

More than two years after Heike’s post about the Kapa girl video, a narrow majority of our visitors come to TDV from searches for her video. Sadly, I’m about to post something that will continue this trend of optimizing our site for desperate porn searchers.

So apparently the show 非诚勿扰 (If you are the one) is a dating\reality program that actually displays the contestants’ QQ numbers and email addresses. An unemployed PRC hacker used the information to target some of his favorites with a social engineering scam that included a malicious program that let him control the victims’ webcams. After capturing some nudy pics, he attempted to extort money from the victims and one or more of them went to the cops and he quickly realized that he done goofed because he was backtraced and will spend the next three years in prison.

Thanks to Greg @metalabasia for the link.

Sorry, I don’t have the pics.

7 responses so far

Apr 28 2011

FBI: $11 million worth of unauthorized wire transfers to China

Published by under China Russia Links,Cyber Crime

Very interesting report via the Financial Services Information Sharing and Analysis Center, in cooperation with the FBI, on unauthorized wire transfers to China.  When I say “interesting,” I mean I don’t understand it…not sure what the implications are, if any.  Get the basics of the report, just not sure who the perp is supposed to be? Chinese, Russian, US?  So, smart blog reading people help me out.  Full PDF report on the unauthorized wire transfers here and the two paragraphs that have me scratching my head:

The unauthorized wire transfers range from $50,000 to $985,000. In most cases, they tend to be above $900,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000. When the transfers went through successfully, the money was immediately withdrawn from or transferred out of the recipients’ accounts. 

In addition to the large wire transfers, the malicious actors also sent domestic ACH and wire transfers to money mules in the United States within minutes of conducting the overseas transfers. The domestic wire transfers range from $200 to $200,000. The intended recipients are money mules, individuals who the victim company has done business with in the past, and in one instance, a utility company located in another U.S. state. The additional ACH transfers initiated using compromised accounts range from $222,500 to $1,275,000.”

4 responses so far

Mar 23 2011

Thinking like a Chinese hacker 101: Panic is your friend

Published by under Cyber Crime,Evil and/or Stupid

Think the Google vs. China gmail debate made the top 10 list in China?  Nope, according to Baidu’s weekly focus, the aftermath of the “Salt Panic”  was on everyone’s mind.  This was due to the mistaken belief that the iodine content in salt could help with the effects of radiation poisoning.  Prior to that, Chinese citizens had been searching online to purchase salt.  Chinese hackers monitor popular web searches and left a slew of malicious web pages to help balance the supply and demand ratio.

Comments Off

Mar 11 2011

US #1 perp attacking China’s classifed networks

Published by under Cyber Crime,PRC attacks

Quick Translation:

Rising’s report on China’s 2010 Corporate Security Threats  indicates that government, military, and academic research institutes were significant targets for hackers. 

The report further shows that among all hacker attacks, there were a significantly higher number carried out on institutions dealing with state secrets and financial security such as:  national agencies, classified units (dealing with classified/confidential  information), research institutions, and financial organizations.  Some units dealing with classified information suffered nearly a thousand different attacks a month.

Hackers often used the personal computers, cell phones, and thumb drives of individuals working in classified units as portals for attack.  For example, the personal computers of academic researchers involved in military projects were often the targets of attack.  Attackers attempted to use thumb drives, moveable hard disks, and cell phones as springboards for attacks on classified networks.  If successful, the leak of classified information could have grave consequences. 

According to Rising’s estimates, in 2010 alone, there were in excess of 10 million attacks on classified networks.  Of those, 90% of the attacking IPs came from abroad with the US, Japan, and South Korea ranking as the three highest ranking sources of attack.

Rising’s report on China’s 2010 Corporate Security Threats indicates that government, military, and academic research institutes were significant targets for hackers. 

The report further showed that among all hacker attacks, there was a significantly higher number carried out on institutions dealing with state secrets and financial security such as:  national agencies, classified units (dealing with classified/confidential  information), research institutions, and financial organizations.  Some units dealing with classified information suffered nearly a thousand different attacks a month.

Hackers often used the personal computers, cell phones, and thumb drives of individuals working in classified units as portals for attack.  For example, the personal computers of academic researchers involved in military projects were often the targets of attack.  Attackers attempted to use thumb drives, moveable hard disks, and cell phones as springboards for attacks on classified networks.  If successful, the leak of classified information could have grave consequences. 

According to Rising’s estimates, in 2010 alone, there were in excess of 10 million attacks on classified networks.  Of those, 90% of the attacking IPs came from abroad with the US, Japan, and South Korea ranking as the three highest ranking sources of attack.

IP source attacks on China’s classified networks:

US 21%

Japan 17%

South Korea 17%

Singapore 11%

India 8%

Europe 6%

Hong Kong/Taiwan and others 20%

Comments Off

Mar 09 2011

McAfee PDF on “Night Dragon”

Link to McAfee’s PDF white paper Global Energy Cyberattacks: “Night Dragon” that primarily originated in China.

Comments Off

Aug 11 2010

CDT: ISP Level Gmail Phishing

Published by under Censorship,China internet

Via @torproject comes a link to a China Digital TImes (a site run at Berkeley) that gives just a brief notice that some users behind the GFW are having their gmail login attempts redirected to hxxp://124.117.227.201/web/gmail/ where they are asked to enter their password. Chinese users reporting this redirect believe that the redirects are being performed by the ISP. Interestingly, 124.117.227.201 is a CNC host in Xinjiang.

At the time of this post the hxxp://124.117.227.201/web/gmail/ site is not operating (from the US or the PRC according to webpulse).

The original info apparently came from ntdtv:
中国ISP騙取gmail密码 被現場抓獲

https://www.ntdtv.com/xtr/b5/2010/08/11/a417907_p.html

https://www.ntdtv.com/xtr/b5/2010/08/11/a417907_p.html

UPDATE: I was looking closely at the screen cap that shows the source and it appears that part of the phishing app is hosted on ndns01.com, which doesn’t presently have an IP address assigned although the DNS record was updated on August 10.

Comments Off

Jul 26 2010

F-U Tencent!

Published by under China internet

I hate QQ too.

Just thought I would post something that isn’t about #LIGATT…

From one of my favorite sites, Danwei, comes an amusing post covering the China Computer World article cursing Tencent, one of the largest Internet companies in the PRC. Tencent is the primary developer of QQ, what may be the most widely used IM client in the world.

5 responses so far

May 19 2010

PRC based members of carders.cc

Published by under Cyber Crime

@Jhaddix posted something that caught my attention on twitter earlier today. It mentioned that the well-known cc trading site carders.cc had been compromised and that all of the user accounts, password hashes and some IP access logs were exposed here. I thought it might be interesting to find out if there were any well-known PRC connections so I quickly wrote a script to geolocate the IP addresses and found only one China-based IP (with a .ru email tld):

7742:N-Skyline:222.73.19.174:11.May,2010,17:44:34 (Beijing)
N-Skyline:da1e1cdcc8d48037855f2ee2763b4064126fb5ea::n-skyline@qip.ru

There were some .cn email addresses too:
FinnX:01203eb70433505a23d9dbddddaa303e56f6da46::php-dev@jublo.cn
darkc0der:a5ecae753b068cf1f25b95665ad04f8f::cyberatack@w.cn
Out:ec980574500aee917c8266655cbc547d::offshore@w.cn
PWND # MESUT:7e1869df98aa93e3e5b5c473063499ca::PWNEDMESUT@w.cn
0grish:abe3eda164cb318f91cb9aefb654b56790bc7613:lol109:ogrish@w.cn

This is also interesting:

12519:bifrostilo:202.67.236.74:12.May,2010,00:00:09 (HK)
bifrostilo:4c6216cbe0ee90f22eee0bb3e7160999::renehuebner.de@gmx.de

BFD.

As an afterthought – before people start commenting, I thought I should mention that I’m aware that .cn and geoip do not necessarily mean that the person using that IP address or tld is/are physically located in the PRC. Thanks for not commenting about that.

6 responses so far

Feb 19 2010

Shanghai Jiaotong named as a source in Google compromise

Published by under China internet,US attacks

Loyal readers of TDV may remember Heike’s post about Peng Yinan, aka Coolswallow of Javaphile. According to this NY Times article, the school that Yinan has occasionally taught at was discovered to have been involved in the Google compromise revealed last month. At this point, it is only the IP addresses that seem to link the school to the compromise but it is an interesting coincdence that one of the most prolific Chinese hackers has a close connection to the school.

There are many possibilities for SJTU’s IP addresses being involved in the incident. Any assessments made about SJTU’s involvement at this point would be just a guess.

19 responses so far

Jan 20 2010

PRC Gov Responses to Hacking Allegations – Timeline

All dates represent the date the article was published, not necesarily the date that the quote was made.

July 26, 2004
In response to accusations that the Chinese government was involved in computer intrusions against ROK government agencies
“Some media reports that the Chinese government might be behind the hacking incident are groundless” – Chinese Embassy in Seoul (no personal attribution)

December 15, 2005
Response to SANS comments about China being involved in world wide hacking
“Work units and individuals are not permitted to use the Internet to be engaged in illegal activities or commit crimes,… China has laws that make tampering with or cracking a computer’s code illegal.” – Qin Gang

August 27, 2007
In response to a Der Spiegel article that reported intrusions into the German governemnt
“The Chinese government attaches great importance to the hacker attack on the German government networks,” adding China would take “determined” and “forceful” measures to combat hacker activities. – Wen Jiabao

August 28, 2007
In response to the reports of Chinese attributed intrusions into the government of Germany
“The Chinese government has always opposed and prohibited any criminal activity that breaks down computer networks, including hacker attacks,… China has clear rules and regulations on this.” – Jiang Yu

September 4, 2007
In a public response to the FT article that suggested PRC government involvement in a Pentagon intrusion
“The Chinese government has always opposed any Internet-wrecking crime, including hacking, and cracked down on it according to the law” – An Lu (editor)

September 10, 2007
Response to reports about intrusions into the French government for which the French plainly stated that they have no evidence to indicate PRC gov involvement.
“Saying that the Chinese military has made cyber-attacks on the networks of foreign governments is groundless and irresponsible and are a result of ulterior motives” – Jiang Yu

April 9, 2008
In response to Business Week’s e-Spionage article
“The Chinese Government always opposes and forbids any cyber crimes including “hacking” that undermine the security of computer networks. Chinese laws and regulations are explicit in this regard.” – Wang Baodong

April 1, 2009
In response to Ghostnet report
“There is a ghost called the Cold War and a virus called the Theory of China’s Threat overseas,… Some people, possessed by this ghost and infected with this virus, ‘fall ill’ from time to time. Their attempts at using rumors to disgrace China will never succeed…  It is the ghost and the virus that should be ferreted out” - Qin Gang

May 15, 2009
Response to accusations of Chinese espionage in PACOM.
“We urge the United States to abandon Cold War mentality, stop its groundless accusations against China and do more to help build mutual trust between the United States and China and the friendship between the two peoples,” – Ma Zhaoxu
“The intrusion doesn’t exist at all”
– Jiang Yu

Jun 12, 2008
In response to reports of Chinese hacking into computers in the offices of Rep. Frank Wolf and Rep. Chris Smith.
“Is there any evidence? … Do we have such advanced technology? Even I don’t believe it,… I’d like to urge some people in the U.S. not to be paranoid,… They should do more to contribute to mutual understanding, trust and friendship between the U.S. and China.” – Qin Gang

January 19, 2010
In response to Indian allegations of Chinese hacking (following the Google intrusion)
“I can say that these accusations are groundless… The Chinese government is firmly against hacking activities and will deal with relevant cases in accordance with the law” – Ma Zhaoxu

January 22, 2010
In response to US Sec of State Hillary Clinton’s remarks about Internet Freedom and the Google intrusion
“We urge the United States to respect the facts and cease using so-called Internet freedom to make groundless accusations against China” – Ma Zhaoxu
“China resolutely opposes Clinton’s remarks and it is not true that the country restricts online freedom…” – Ma Zhaoxu

January 25, 2010
In response to US Sec of State Clinton’s request for a transparent investigation into the Google intrusion
“We are resolutely against those who make a issue of things without referring to actual facts by needlessly accusing China, ignoring Chinese laws and interfering in Chinese internal politics” – unnamed spokesperson for the State Council Information Office

“As the global landscape is undergoing profound irreversible shifts, the calculated free-Internet scheme is just one step of a U.S. tactic to preserve its hegemonic domination” – Yan Xuetong

January 25, 2010
Response to Google intrusion
The “accusation that the Chinese government participated in (any) cyberattack, either in an explicit or inexplicit way, is groundless and aims to denigrate China… We are firmly opposed to that” – unnamed spokesman for the Ministry of Industry and Information Technology to Xinhua

26 responses so far

Next »