Archive for the 'India Attacks' Category

Apr 06 2010

IWM and Shadow Server Project Report: Shadows in the Clouds

The researchers at InfoWar Monitor and Shadow Server have released a great research paper that adds to the Ghostnet report from last year. TDV gets a plug in the report for our chat with lost33.

8 responses so far

Aug 20 2009

Former Chinese nationalist hacker causes international incident


Kang Lingyi

According to reports, in 1999, Kang Lingyi participated in hacking the US Embassy and the White House over the accidental bombing of the Chinese Embassy in Belgrade.   He then went on to fame founding several nationalist websites.

An international controversy has broken out over an article he published on one of his websites called, the China International Strategy Net.  In the article, Kang suggests that India can be removed as a competitor by intentionally encouraging separatists to bring about the collapse of the state.  The statements caused such an uproar that the Indian government was forced to issue a statement saying that the relationship between China and India was peaceful.

As of this writing, Kang’s website has a message up saying that the site is currently under maintenance.  It has been up all day so let the wild speculations begin:


1) Beijing took it down as a concession

2) Indian hackers

3) The boring option of site maintenance          

Comments Off

Apr 04 2009

CasperNet gets punked

Remember the fable about the Scorpion and the Frog?  Well, we got stung…

Lost33 did not make contact with Jumper last night.  In fact, it seems he spent the night changing his QQ number and deleting all info from his blog. The website is now completely empty, except for a change to his personal data.  Lost33 changed his current residence from Sichuan to Beijing:


We retained a full copy of the previous night’s conversation with Lost33 but have decided to only release two sections.  The first section is being reprinted to prove the connection between Lost33 and the losttemp33 hotmail account:

jumper_tdv 2009-04-02 23:57:28
Do you have the email address
周小屁 2009-04-02 23:57:30
Sorry for my english too
周小屁 2009-04-02 23:58:11
yes ,but i never use it.

The second section is being released…well, to be honest, just because I think it is funny. I can practically see Jumper’s expression as he types, “Yes, really.”

jumper_tdv 2009-04-03 00:05:29
The problem is that your lost33 email is used to register DNS names for hackers
周小屁 2009-04-03 00:05:43

jumper_tdv 2009-04-03 00:05:51
Yes, really

Are we surprised, shocked, or angry over Lost33 punking us…

-Hey, it’s just his nature.

6 responses so far

Apr 03 2009

Children of a lesser malware

UPDATE: Added further comment by Nart Villeneuve at the bottom (Great guy!)

Yep, that would be us…

According to researchers at IWM, Lost33′s information was only included in the GhostNet report because his malware was found on two computers associated with the Dalai Lama’s network.  However, it was different from the remote control access tool gh0stRAT that made up the backbone of GhostNet.

From the report by Robert Lemos at Security Focus:

However, the e-mail address was found only on two of the computers analyzed for the investigation, said Nart Villeneuve, a researcher at the CitizenLab and one of the authors of the GhostNet report. Both computers had been infected with a second piece of malware, separate from the gh0st remote access tool (gh0stRAT) that formed the backbone of the surveillance network, he said.

“That is a valid piece of malware but it is not the one related to the malware that connected to the admin interface for the gh0stRAT,” Villeneuve said.

So it looks like we are now investigating a massive network intrusion of two computers.  One, two.  We will call our project CasperNet.

Spoke with Jumper earlier today and he still feels it is worthwhile to pursue.  So, he will continue his conversation with Lost33 tonight.

UPDATE: Wanted to add this comment left by Nart Villeneuve because I thought it was super nice of him.  I botched up his report but he was still kind enough to stop by and offer these words of encouragement:

“I wouldn’t say lesser at all — just different. The CasperNet ( which sounds way better than what I’ve been calling it (CGI after their use of CGI scripts) was the one that was found to be retrieving a sensitive document related to the Dalai Lama’s negotiating position. In addition to being found at the OHHDL it was also found at the Tibetan NGO Drewla.”

3 responses so far

Apr 01 2009

GhostNet: Beijing or NGO Chinese hackers?

Ashok Sharma, from the AP, asked me this question yesterday and here was my response from his article Dalai Lama condemns hacking of computers:

Scott Henderson, author of The Dark Visitor, a self-published book about Chinese hackers, said he thought it was feasible that the attacks described in the report could have been carried out by an individual over the course of a year or so.

Henderson said it wouldn’t be unusual for a Chinese hacker to want to infiltrate the Dalai Lama’s computers because most of the mainland hackers he has researched “place as much importance on sovereignty (over Tibet and other contentious areas) as Beijing does.”

To be fair to the researhers at IWM, they never said it was the government either.  At least that is my interpretation of their conclusions.

So, do we have any evidence that this could have been done by a group other than the Chinese government?

Stay tuned…

One response so far

Mar 29 2009

Chinese hackers steal Dalai Lama’s documents

Published by under India Attacks,Other attacks

UPDATE: The full report on Ghostnet available here.

The group Information War Monitor conducted a 10-month investigation into the activities of Chinese hackers and their final report will be released on Monday:

A China-based cyber spy network has hacked into government and private systems in 103 countries, including those of many Indian embassies and the Dalai Lama, an internet research group said here Saturday.

The Information Warfare Monitor (IWM), which carried out an extensive 10-month research on cyber spy activities emanating from China, said the hacked systems include the computers of Indian embassies and offices of the Dalai Lama.

10 responses so far

Feb 15 2009

India: MEA cybersecurity nightmare and Chinese server

Published by under India Attacks

Well, we now know why the Indian Ministry of External Affairs sent out the directive to stay off the internet.  An investigation has determined that over 600 of the ministry’s computers were infected by spyware that “can track or take control over user’s actions” and send duplicate emails to another email ID.

Sources noted that some of the compromised computers included the “sensitive” Pakistan section and the offices of “senior Secretaries” and “Joint Secretaries.” The initial investigation suggested that the server involved in this breach was located in China.

One response so far

Feb 08 2009

Are Chinese hackers forcing Indian Officials off the web?

Published by under India Attacks

Over the last eight months, the Indian Ministry of External Affairs has been armor coating the country’s cyber security system.  As part of the security layering process, Indian diplomats are prohibited from: logging into social networking sites such as Facebook, Orkut and Ibibo; downloading peer-to-peer music; sharing photos through Flickr and Picasa; writing a blog; and using G-mail, Yahoo! or Hotmail for official communication.

The following section led me to believe China had a lot to do with the new directive…and the fact that they were the only country mentioned by name:

Apart from their offices within the country, cyber security officials are also fortifying Indian embassies abroad with the first such team visiting the Indian embassy in Beijing late last year.

In 2008, nearly 100 Internet addresses were blocked, several of them at Chengdu in China, after these were found to be the source of a swarm of attacks on the network.

‘An attack could be just a simple mail, which activates a programme to leak data from that computer to another address on the net,’ the ministry official said, adding new intrusions were more geographically dispersed.

‘We had some intrusions which were traced to Houston, but we know that Chinese hackers were behind it,’ the official said. ‘It’s a daily defensive war that we are engaged in.’

One response so far

Dec 15 2008

Chinese hackers stealing Indian InfoTech data

Very informative article from Cyber Crime Updates on Chinese InfoTech espionage:

BANGALORE: A few months ago, a major Bangalore-based infotech company lost out on a $8 million contract. The company was expecting a business delegation to visit India before signing the contract, but 15 days before the date set for the deal, the meeting was abruptly called off.

The same team went to China instead. When the Indian firm investigated the matter, it discovered a gaping hole in its security. The computers of several of its top executives had been compromised by Chinese hackers and privileged information leaked to a Chinese competitor, who walked away with the deal by quoting a lesser price.

One response so far

Aug 16 2008

Chinese hackers and India cyber forensics

Published by under India Attacks

India considers attacks on its information network by Chinese hackers a threat to national security:

(f) Cyber War and Cyber Terrorism in India

India is also suffering from the menaces of cyber war and cyber terrorism. Nobody cares about any these threats in India. Far more citizens were concerned of the Amarnath issue than by potential risks of nuclear conflict, or near-breakdowns in Net and mobile security.[2] China’s intensified cyber warfare against India is becoming a serious threat to national security. In October 2007, Chinese hackers defaced over 143 Indian websites. In April 2008, Indian intelligence agencies detected Chinese hackers breaking into the computer network of the Ministry of External Affairs forcing the government to think about devising a new strategy to fortify the system. As a countermeasure, the Indian armed forces are trying to enhance their C4ISR capabilities, so that the country can launch its own cyber offensive if the need arises.[3] Similarly, Pakistan is taking steps to intensify its cyber war propaganda against India with the help of its intelligence outfit, the ISI by carrying reports of alleged communal fissures taking place on the Indian side of Kashmir.[4] Issues like these have to be resolved as well.

6 responses so far