So apparently the show 非诚勿扰 (If you are the one) is a dating\reality program that actually displays the contestants’ QQ numbers and email addresses. An unemployed PRC hacker used the information to target some of his favorites with a social engineering scam that included a malicious program that let him control the victims’ webcams. After capturing some nudy pics, he attempted to extort money from the victims and one or more of them went to the cops and he quickly realized that he done goofed because he was backtraced and will spend the next three years in prison.

Thanks to Greg @metalabasia for the link.

Sorry, I don’t have the pics.

Very interesting report via the Financial Services Information Sharing and Analysis Center, in cooperation with the FBI, on unauthorized wire transfers to China.  When I say “interesting,” I mean I don’t understand it…not sure what the implications are, if any.  Get the basics of the report, just not sure who the perp is supposed to be? Chinese, Russian, US?  So, smart blog reading people help me out.  Full PDF report on the unauthorized wire transfers here and the two paragraphs that have me scratching my head:

“The unauthorized wire transfers range from $50,000 to $985,000. In most cases, they tend to be above $900,000, but the malicious actors have been more successful in receiving the funds when the unauthorized wire transfers were under $500,000. When the transfers went through successfully, the money was immediately withdrawn from or transferred out of the recipients’ accounts. 

In addition to the large wire transfers, the malicious actors also sent domestic ACH and wire transfers to money mules in the United States within minutes of conducting the overseas transfers. The domestic wire transfers range from $200 to $200,000. The intended recipients are money mules, individuals who the victim company has done business with in the past, and in one instance, a utility company located in another U.S. state. The additional ACH transfers initiated using compromised accounts range from $222,500 to $1,275,000.”

Think the Google vs. China gmail debate made the top 10 list in China?  Nope, according to Baidu’s weekly focus, the aftermath of the “Salt Panic”  was on everyone’s mind.  This was due to the mistaken belief that the iodine content in salt could help with the effects of radiation poisoning.  Prior to that, Chinese citizens had been searching online to purchase salt.  Chinese hackers monitor popular web searches and left a slew of malicious web pages to help balance the supply and demand ratio.

Quick Translation:

Rising’s report on China’s 2010 Corporate Security Threats  indicates that government, military, and academic research institutes were significant targets for hackers. 

The report further shows that among all hacker attacks, there were a significantly higher number carried out on institutions dealing with state secrets and financial security such as:  national agencies, classified units (dealing with classified/confidential  information), research institutions, and financial organizations.  Some units dealing with classified information suffered nearly a thousand different attacks a month.

Hackers often used the personal computers, cell phones, and thumb drives of individuals working in classified units as portals for attack.  For example, the personal computers of academic researchers involved in military projects were often the targets of attack.  Attackers attempted to use thumb drives, moveable hard disks, and cell phones as springboards for attacks on classified networks.  If successful, the leak of classified information could have grave consequences. 

According to Rising’s estimates, in 2010 alone, there were in excess of 10 million attacks on classified networks.  Of those, 90% of the attacking IPs came from abroad with the US, Japan, and South Korea ranking as the three highest ranking sources of attack.

Rising’s report on China’s 2010 Corporate Security Threats indicates that government, military, and academic research institutes were significant targets for hackers. 

The report further showed that among all hacker attacks, there was a significantly higher number carried out on institutions dealing with state secrets and financial security such as:  national agencies, classified units (dealing with classified/confidential  information), research institutions, and financial organizations.  Some units dealing with classified information suffered nearly a thousand different attacks a month.

Hackers often used the personal computers, cell phones, and thumb drives of individuals working in classified units as portals for attack.  For example, the personal computers of academic researchers involved in military projects were often the targets of attack.  Attackers attempted to use thumb drives, moveable hard disks, and cell phones as springboards for attacks on classified networks.  If successful, the leak of classified information could have grave consequences. 

According to Rising’s estimates, in 2010 alone, there were in excess of 10 million attacks on classified networks.  Of those, 90% of the attacking IPs came from abroad with the US, Japan, and South Korea ranking as the three highest ranking sources of attack.

IP source attacks on China’s classified networks:

US 21%

Japan 17%

South Korea 17%

Singapore 11%

India 8%

Europe 6%

Hong Kong/Taiwan and others 20%

Link to McAfee’s PDF white paper Global Energy Cyberattacks: “Night Dragon” that primarily originated in China.

7742:N-Skyline:222.73.19.174:11.May,2010,17:44:34 (Beijing)
N-Skyline:da1e1cdcc8d48037855f2ee2763b4064126fb5ea::n-skyline@qip.ru

There were some .cn email addresses too:
FinnX:01203eb70433505a23d9dbddddaa303e56f6da46::php-dev@jublo.cn
darkc0der:a5ecae753b068cf1f25b95665ad04f8f::cyberatack@w.cn
Out:ec980574500aee917c8266655cbc547d::offshore@w.cn
PWND # MESUT:7e1869df98aa93e3e5b5c473063499ca::PWNEDMESUT@w.cn
0grish:abe3eda164cb318f91cb9aefb654b56790bc7613:lol109:ogrish@w.cn

This is also interesting:

12519:bifrostilo:202.67.236.74:12.May,2010,00:00:09 (HK)
bifrostilo:4c6216cbe0ee90f22eee0bb3e7160999::renehuebner.de@gmx.de

BFD.

As an afterthought – before people start commenting, I thought I should mention that I’m aware that .cn and geoip do not necessarily mean that the person using that IP address or tld is/are physically located in the PRC. Thanks for not commenting about that.