The Dark Visitor

Someone may want to alert Guinness that a new spin record was just set in China:

Despite its suspicious name, hackbase.com’s operators want to let people know it is a legitimate computer school for defensive purposes and not an illegal hacking school.

“We don’t train hackers, instead we provide professional training for Internet security. It’s up to the trainees whether they want to be a hacker or network administrator,” said Chen Qian, director of the training department.

The online classes are given in the evening and cover topics such as computer maintenance, anti-virus, data recovery, code protection and network attack and defense.

The courses, which cost between 398 to 1,998 yuan ($58- 292), are “easy” and aimed at everyone, even those without a college background or without English language skills, Chen said.

Kang Lingyi

According to reports, in 1999, Kang Lingyi participated in hacking the US Embassy and the White House over the accidental bombing of the Chinese Embassy in Belgrade.   He then went on to fame founding several nationalist websites.

An international controversy has broken out over an article he published on one of his websites called, the China International Strategy Net.  In the article, Kang suggests that India can be removed as a competitor by intentionally encouraging separatists to bring about the collapse of the state.  The statements caused such an uproar that the Indian government was forced to issue a statement saying that the relationship between China and India was peaceful.

As of this writing, Kang’s website has a message up saying that the site is currently under maintenance.  It has been up all day so let the wild speculations begin:

1) Beijing took it down as a concession

2) Indian hackers

3) The boring option of site maintenance          

The picture seen above is an advertisement for a Chinese hacker training course.  Now I know many of you are struggling to process this information;  something seems wrong with the picture.  The reason your brain is having trouble with the image,  is that it is located in a place called, the “outdoors”.  Like me, many of you spend way too much time online and this poster is horribly out of place.

The following report from China Daily talks about the growing public concern over hacking and online hacking courses.  It also interviews Wang Xianbing, a consultant for hackbase.com:

“Lots of hacker schools only teach students how to hack into unprotected computers and steal personal information,” said Wang Xianbing, a security consultant for hackerbase.com. “They then make a profit by selling users’ information.”

For investing hundreds of yuan in hacker school, students could obtain the skills to make a fortune, Wang said.

“Hacker school is a bit like driving school – they teach you how to drive but it’s up to you if you are going to drive safely or kill someone,” said Wang.

What the article doesn’t tell you is that Wang Xianbing is also known as Janker and the Lonely Swordsman; one of China’s first generation of hackers and the leader of online conflicts with the US and Japan.

In April of 2008, we reported Revenge of the Flame‘s plan to carry out a DDoS attack on the CNN website.  A series of events during that time period enraged the Chinese online community: European nations harshly criticized China’s response to the Tibetan uprising; pro-Tibetan independence protesters in Paris tried to snatch the Olympic torch from the hands of a wheelchair-bound Chinese female athlete; and Jack Cafferty, a CNN commentator, referred to Chinese products as “junk” and called the Chinese government “goons and thugs.”   In response to these insults, Anti-CNN called for overseas Chinese in Europe to wave the Chinese flag and raise their voice to the sky.

In response to these same events, a hacker, using the online name cn_magistrate, formed a group called Revenge of the Flame and announced his plan to carry out a DDoS attack on the  CNN website.  We followed the events as calls went out for Chinese netizens to join the action.  We were there when cn_magistrate called off the attack and disbaned the organization.  Then he vanished…

cn_magistrate

Cold Case:  Yeah, we keep looking.  Finally located him through a combination of e-mail address, website and online name.   Below are the results of a Whois search we conducted on the associated website during the time of the attack (Notice the website name and e-mail address):

Domain Name: hacksa.cn
ROID: 20070811s10001s50288265-cn
Domain Status: ok
Registrant Organization: 判官
Registrant Name: 判官
Administrative Email: Kenan2677@126.com
Sponsoring Registrar: 北京万网志成科技有限公司
Name Server:ns1.okidc.com Name Server:ns2.okidc.com
Registration Date: 2007-08-11 11:59
Expiration Date: 2008-08-11 11:59

Hacksa.cn website letter

The image seen above was taken from cn_magistrate’s current blog showing the old URL  hacksa.cn,  which was associated with the CNN attack.

This reply from cn_magistrate in the comments section of his blog shows the e-mail address  Kenan2677@126.com, used to register hacksa.cn.

SURPRISE…

He claims to be a Taiwanese citizen…

I’ve written to cn_magistrate and asked if he will talk to us about the incident.  Off topic, did anyone hear the news about Taiwan and the US coming closer to an extradition agreement?  That would be cool.

During the Olympics Games, a secret organization was formed by a Chinese hacker named Wang Zi to protect Olympic websites against foreign hackers and while they won’t say, reprisals were probably taken against offenders.

This article, from the People’s Daily, details Wang Zi’s efforts to bring back the patriotic spirit of the Red Hacker Alliance.

“The Tao that can be described in words is not the true Tao. The Name that can be named is not the true Name,” – the first two sentences of Tao Te Ching are the slogan of hong ke that appear on the new union’s new homepage.

After the Olympics, Wang Zi’s group retired from the web for a short time, and then on the first day of this year, the group made a bold new announcement.

The blurb on their newly-launched website reads, “Hong ke culture is back. We will hold and transmit hong ke spirit focusing on justice, pioneering and love for the motherland.”

Lin Lin, the leader of Evil Octal (another Chinese hacker organization), refutes Wang Zi’s claim to the title of new leader:

“Lion is the spiritual leader of the hong ke union,” Lin Lin, a leader of hacker group Eviloctal Security Team, told the Global Times. “And without him, no hong ke organization can be regarded as a reorganization of the original.

The article goes to great lengths to distance the organization from being government sanctioned:

Wang Zi says his union is a purely non-governmental organization. They could not register the union’s name with the Ministry of Industry and Information Technology until they deleted “Zhongguo” (China) from it.

Best hobby in the world.

It was absolutely my privilege to  spend a few days talking with Mara Hvistendahl on the subject of Chinese hackers.  She is such a fantastic lady and I couldn’t have enjoyed our time more.

While linking to our interview may seem a bit of shameless self-promotion, I mainly wanted it on record that Mara called me, “a trim 46-year-old.”  I pushed for other words like swashbuckling, ruggedly handsome and athletic until Mara started mentioning other adjectives such as weird, strange and goofy.

…TRIM!

Hackers: the China Syndrome by Mara Hvistendahl

What does the Charging Bull have in common with the Chinese Vampire? According to Dr. Shi Xiaohong, who performed extensive analysis on the two viruses, they were written by the same author.

Sina Tech News has been reporting on the rapid spread of a relatively new virus called “Charging Bull.” Probably got the name from appearing around the same time as the Chinese New Year, Year of the Ox.  Let’s face it, “Charging Ox” does not sound cool.

In June of 08, we told you about Chinese Vampire and later the next month about the big controvery surrounding the original author.

Via: Fergdawg

In 2007, the official website of Dolphin Stadium was compromised with malicious code linked to a javascript file inserted into the header of the front page.  The redirect ended up at domain registered in China.

Just sayin’…

Predictive analytics: encompasses a variety of techniques from statistics and data mining that analyze current and historical data to make predictions about future events. (courtesy of the wiki)

Last night I was reading Chinese Cyber Nationalism and this section in Chapter Three on the EP-3 incident (Sino-US Hacker War 2001) got me thinking:

“On 26 April, H.U.C [Honker Union of China] announced on its site that Chinese hackers would wage a seven-day self-defense war against American websites.  The major targets included hundreds of American government and military websites.  The attacking time was set at 9:00 PM on 30 April, when a seven-day Labor Day holiday started in China.”

(emphasis mine)

Even from our own little blog on the Chinese hacker attack on CNN that was scheduled for 8:00 pm on 20 April.  In 2008, 20 April was a non-work day in China.

That’s right! Off days, holidays and late at night are the perfect time to cyber mobilize a massive number of people for a “Cyber People’s War”.

Obvious yes…but then where is my attack table for 2009?

2009 China Public Holidays

Based on a seven-day workweek, China has one of the most confusing holiday and non-work day systems ever.  Bless the good people at CNReview for providing the calendar above and keeping me from suffering a fatal aneurysm.

So green and blue days are danger and yellow safer. Remember, due to time differences between the US and China, attacks would more than likely begin and end a day before those shown on the Chinese calendar.

We aren’t talking about individual or small group attacks that can occur at anytime, just major efforts by a large number of hackers.  People have to work!  “Sure Xiao Wang, I’d love to join the war against whatever your enraged about at the moment but…I’ve gotta be at work then.”

Attacks will also occur early in the morning for the US (approx 5:00 am – 8:00am) given the EST and PST differences with Beijing.  These are normally 12- 13 hours for the East Coast and 15-16 hours for the West Coast, depending on how daylight saving time matches up.  No DST for China, they don’t play.

Hawaii?  Screw Hawaii! I’m freezing to death here.  They can figure out their own times.

Rest of the world, adjust accordingly.

On 24 December 08, Chinese hackers once again defaced the Yasukuni Shrine website.  Here is a little background from The Dark Visitor:

(Cyber Conflict of 2001)

August of 2001 would again see attacks on Japanese web sites in response to former Prime Minister Junichiro Koizumi’s visit to the controversial Yasukuni war memorial.  Chinese hackers struck first on 13 August, attacking the server for the Japan Meteorological Agency.   Following that, a large number of Japanese government web sites were attacked, such as “the Chemicals Evaluation and Research Institute, the the Defense Systems Research Committee, the Central Convention Service, Inc., the Fire and Disaster Management Agency, the Defense Facilities Administration Agency, the Communications Research Laboratory, and web sites for members of Parliament. The Honker Union of China issued the following statement:
Continue Reading »