The Dark Visitor

The Iranian Cyber Army has compromised the DNS records for baidu.com by logging into their DNS management portal at register.com.  You might remember the Iranian Cyber Army from their recent twitter DNS compromise.  There are many blogs and news outlets reporting on this.

I know some readers might wonder if this will spark some sort of cyber war between Iran and the PRC. 

From BBC:

http://news.bbc.co.uk/2/hi/technology/8453718.stm

http://www.techcrunch.com/2009/12/17/twitter-reportedly-hacked-by-iranian-cyber-army/

The .cn Top Level Domain has been frequently associated with malware, pornography and spamvertising.  In an apparent effort to clean up the TLD, China NIC has started requiring a business license in order to register a .cn domain.

The China Internet Network Information Center (CNNIC) published a notice Sunday saying that applicants must submit written applications to the registration agents. The written materials must include an application form with an official seal, an enterprise business license and the registrant’s ID card.

In addition, the NIC will actually attempt to notify and verify individually owned .cn sites.  If a site owner doesn’t respond in after five days, the domain will be revoked.

CNNIC plans to verify the information of the owners of personal site in the nation. Those found unqualified to have a site will be required to update the information in five working days, otherwise they will be shut down.

This is an interesting development.  Clearly, something needed to be done about the .cn TLD garbage sites clogging up the tubes.  I’m not sure what this means for individual site operators though.  I’m sure it is still possible for individuals within the PRC to get a non-cn TLD and host their websites outside of the mainland.

Source: “All .cn websites require business license” – http://business.globaltimes.cn/china-economy/2009-12/491515.html – Linked from Danwei.

HT to Sunbelt for this article about the piloyd worm jacking up web pages in the PRC.  Not enough details yet to determine the vector.  According to Sunbelt’s article, it is 8/41 on virustotal.com.  I’ll update this post if I’m able to collect a sample for analysis.

Here are some details from  threatexpert.com.

This was posted by Scott Henderson (Trying to comply with the law of the land)

Green Dam, the censorship software that the Chinese government wanted on all PCs sold in China, turned out to be a flop. Beijing’s still keen on exerting greater control over the Internet, though, and Jonathan Ansfield has a good story in the New York Times about the censors’ latest tactic. According to Ansfield’s story, new “secret government orders” have been forcing popular Chinese websites to require new users register with their real names before posting any comments online.

Hong Lei

More on Tomato Garden and the arrest of Hong Lei, the author of the pirated software.  Online polls show massive support for Hong Lei as a nationalist hero:

The Chinese IT community is abuzz with news of the arrest of Hong Lei, distributor of the popular “Tomato Garden” pirate version of Windows XP, which means the popular unlocked version of the Microsoft software will no longer be available.

According to Sina.com, more than 90 percent of users they surveyed are or were users of Tomato Garden pirate editions. And 79 percent said they were on Tomato Garden’s side. Less than 5 percent said they supported Microsoft.

The Wall Street Journal has some interesting interviews with people inside China concerning the case and the drivers behind the software theft.

According to the chief editor of the newly launched Chinese Ministry of National Defense website, since its opening on 20 Aug 09, the site has been under assault from a variety of different types of hacker attacks.  The report notes that the attacks have not affected website operation.

Very good article from the NYT comparing social use of networks between the US and China:

Chinese broadband users above the age of 13 number 286 million, nearly double that of the U.S. broadband population, says a new report from market analysts Netpop Research. In five years, Netpop forecasts, that number will double.

Bingo, the Telegraph sums up the Chinese internet in the title of this article “China’s internet: the wild, wild East”

When it’s fun, the Chinese Net seems like a wonderfully anarchic playground; when it turns nasty, it’s a nightmare from Lord of the Flies.

In many ways, the Internet simply reflects the diversity of Chinese society offline: you can find everything from Internet groups dedicated to social and environmental causes to prostitutes who exclusively use the QQ instant messaging platform to solicit clients.

Running through the headlines this morning at PLA Daily and saw an article concerning a CNN poll that has angered Chinese netizens.  The survey asked if Ma Ying-jeou, Taiwan’s current president, should step down over his administration’s handling of typhoon Morakot.  Over 80% of the people responding felt that he should.  This poll, which has now been pulled by CNN, ran in the Taiwanese media but has since carried over into mainland forums sparking outrage.

Comments in a blog at ifeng.com,  which has been viewed 22,473 times and received 106 comments, summarizes the feeling of mainland Chinese netizens:

- Mainland China and Taiwan already have a difficult situation, I hope that Ma Ying-jeou can weather this crisis and continue his great undertaking of peaceful reunification

- Isn’t there a saying about not being “too CNN”!

- This diaster is all brought about by so-called democratic elections.  The DPP uses lawyers to rule the country and the Guomindang uses academics to rule the country, they are both horrible.  Western elections aren’t suitable to Easterners, they cause social unrest!  There isn’t anything beneficial for the people, just a bunch of thieves!!

- The US is afraid of the daily expansion in the harmonious development between the mainland and Taiwan so they increasingly exaggerate these dishonest reports!  CNN is no longer viewed as a celebrated media source to the Chinese people.   To hell with Uncle Sam!

- Don’t be too CNN

- It is because Ma Ying-jeou’s mainland policy scares CNN, they are afraid China knows what it is doing, they are afraid of reunification

- Drive the American imperialists out of China

- I first saw the CNN report on TV and a Washington Post poll that said 82% wanted Ma Ying-jeou to step down.  My first reaction was that this was a US dirty trick to oppose Ma Ying-jeou’s mainland policy.  In the evening, there were a lot of different points of view from different parties that came to the same conclusion, these reports had the same bias as the ones from 14 March and 5 June.

They just go on like that for 106 comments and remember, this is only from one website.  Here is a Google translation if you want to skim through the rest of the comments.

Kang Lingyi

According to reports, in 1999, Kang Lingyi participated in hacking the US Embassy and the White House over the accidental bombing of the Chinese Embassy in Belgrade.   He then went on to fame founding several nationalist websites.

An international controversy has broken out over an article he published on one of his websites called, the China International Strategy Net.  In the article, Kang suggests that India can be removed as a competitor by intentionally encouraging separatists to bring about the collapse of the state.  The statements caused such an uproar that the Indian government was forced to issue a statement saying that the relationship between China and India was peaceful.

As of this writing, Kang’s website has a message up saying that the site is currently under maintenance.  It has been up all day so let the wild speculations begin:

1) Beijing took it down as a concession

2) Indian hackers

3) The boring option of site maintenance