The Dark Visitor » Other attacks

Glass is half full Chinese cyber attack on the French

Heike — Wed, 09 Mar 2011 11:44:28 +0000

Hey, if you are going to be the victim of a Chinese cyber attack, it might as well be “spectacular.”

From Fox News:

The French government said Monday that it was the victim of a “spectacular” cyber attack from hackers using Internet addresses in China who targeted documents on international economic affairs.

The hackers were hunting for documents relating to the Group of 20 (G-20) developed and developing nations, which this year is led by France, said Budget Minister Francois Baroin, adding that a probe was underway into the attacks, AFP reported.

IWM and Shadow Server Project Report: Shadows in the Clouds

jumper — Wed, 07 Apr 2010 01:28:29 +0000

The researchers at InfoWar Monitor and Shadow Server have released a great research paper that adds to the Ghostnet report from last year. TDV gets a plug in the report for our chat with lost33.

PRC Gov Responses to Hacking Allegations – Timeline

jumper — Thu, 21 Jan 2010 03:58:49 +0000

All dates represent the date the article was published, not necesarily the date that the quote was made.

July 26, 2004
In response to accusations that the Chinese government was involved in computer intrusions against ROK government agencies
“Some media reports that the Chinese government might be behind the hacking incident are groundless” – Chinese Embassy in Seoul (no personal attribution)

December 15, 2005
Response to SANS comments about China being involved in world wide hacking
“Work units and individuals are not permitted to use the Internet to be engaged in illegal activities or commit crimes,… China has laws that make tampering with or cracking a computer’s code illegal.” – Qin Gang

August 27, 2007
In response to a Der Spiegel article that reported intrusions into the German governemnt
“The Chinese government attaches great importance to the hacker attack on the German government networks,” adding China would take “determined” and “forceful” measures to combat hacker activities. – Wen Jiabao

August 28, 2007
In response to the reports of Chinese attributed intrusions into the government of Germany
“The Chinese government has always opposed and prohibited any criminal activity that breaks down computer networks, including hacker attacks,… China has clear rules and regulations on this.” – Jiang Yu

September 4, 2007
In a public response to the FT article that suggested PRC government involvement in a Pentagon intrusion
“The Chinese government has always opposed any Internet-wrecking crime, including hacking, and cracked down on it according to the law” – An Lu (editor)

September 10, 2007
Response to reports about intrusions into the French government for which the French plainly stated that they have no evidence to indicate PRC gov involvement.
“Saying that the Chinese military has made cyber-attacks on the networks of foreign governments is groundless and irresponsible and are a result of ulterior motives” – Jiang Yu

April 9, 2008
In response to Business Week’s e-Spionage article
“The Chinese Government always opposes and forbids any cyber crimes including “hacking” that undermine the security of computer networks. Chinese laws and regulations are explicit in this regard.” – Wang Baodong

April 1, 2009
In response to Ghostnet report
“There is a ghost called the Cold War and a virus called the Theory of China’s Threat overseas,… Some people, possessed by this ghost and infected with this virus, ‘fall ill’ from time to time. Their attempts at using rumors to disgrace China will never succeed… It is the ghost and the virus that should be ferreted out” - Qin Gang

May 15, 2009
Response to accusations of Chinese espionage in PACOM.
“We urge the United States to abandon Cold War mentality, stop its groundless accusations against China and do more to help build mutual trust between the United States and China and the friendship between the two peoples,” – Ma Zhaoxu
“The intrusion doesn’t exist at all” – Jiang Yu

Jun 12, 2008
In response to reports of Chinese hacking into computers in the offices of Rep. Frank Wolf and Rep. Chris Smith.
“Is there any evidence? … Do we have such advanced technology? Even I don’t believe it,… I’d like to urge some people in the U.S. not to be paranoid,… They should do more to contribute to mutual understanding, trust and friendship between the U.S. and China.” – Qin Gang

January 19, 2010
In response to Indian allegations of Chinese hacking (following the Google intrusion)
“I can say that these accusations are groundless… The Chinese government is firmly against hacking activities and will deal with relevant cases in accordance with the law” – Ma Zhaoxu

January 22, 2010
In response to US Sec of State Hillary Clinton’s remarks about Internet Freedom and the Google intrusion
“We urge the United States to respect the facts and cease using so-called Internet freedom to make groundless accusations against China” – Ma Zhaoxu
“China resolutely opposes Clinton’s remarks and it is not true that the country restricts online freedom…” – Ma Zhaoxu

January 25, 2010
In response to US Sec of State Clinton’s request for a transparent investigation into the Google intrusion
“We are resolutely against those who make a issue of things without referring to actual facts by needlessly accusing China, ignoring Chinese laws and interfering in Chinese internal politics” – unnamed spokesperson for the State Council Information Office

“As the global landscape is undergoing profound irreversible shifts, the calculated free-Internet scheme is just one step of a U.S. tactic to preserve its hegemonic domination” – Yan Xuetong

January 25, 2010
Response to Google intrusion
The “accusation that the Chinese government participated in (any) cyberattack, either in an explicit or inexplicit way, is groundless and aims to denigrate China… We are firmly opposed to that” – unnamed spokesman for the Ministry of Industry and Information Technology to Xinhua

Chinese hackers don’t like Iranian Diabetics

jumper — Wed, 13 Jan 2010 04:52:00 +0000

In an apparent outrage at the defacing of Baidu, the great national symbol of the PRC interwebz, Chinese hackers have defaced an Iranian site that distributes information about diabetes. Take that Iranian nationalist hackers!

PRC hackers attack Iranian websites

jumper — Tue, 12 Jan 2010 18:48:09 +0000

Several Chinese security bloggers and the Rising AV company are reporting that Chinese hackers are going after Iranian websites. Apparently in response to the Baidu DNS compromise.

http://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fwww.hackbase.com%2Fnews%2F2010-01-12%2F32938.html

http://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fwww.hackbase.com%2Fnews%2F2010-01-12%2F32926.html

http://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fwww.hackbase.com%2Fnews%2F2010-01-12%2F32933.html

http://translate.google.com/translate?sl=auto&tl=en&u=http%3A%2F%2Fwww.hackbase.com%2Fnews%2F2010-01-13%2F32955.html

Piloyd worm pwning exe, asp and html files in PRC

jumper — Tue, 24 Nov 2009 18:49:59 +0000

HT to Sunbelt for this article about the piloyd worm jacking up web pages in the PRC. Not enough details yet to determine the vector. According to Sunbelt’s article, it is 8/41 on virustotal.com. I’ll update this post if I’m able to collect a sample for analysis.

Here are some details from threatexpert.com.

Hackbase: Alert Guinness

Heike — Mon, 07 Sep 2009 09:13:44 +0000

Someone may want to alert Guinness that a new spin record was just set in China:

Despite its suspicious name, hackbase.com’s operators want to let people know it is a legitimate computer school for defensive purposes and not an illegal hacking school.

“We don’t train hackers, instead we provide professional training for Internet security. It’s up to the trainees whether they want to be a hacker or network administrator,” said Chen Qian, director of the training department.

The online classes are given in the evening and cover topics such as computer maintenance, anti-virus, data recovery, code protection and network attack and defense.

The courses, which cost between 398 to 1,998 yuan ($58- 292), are “easy” and aimed at everyone, even those without a college background or without English language skills, Chen said.

New Chinese Ministry of National Defense website suffers hacker attacks

Heike — Fri, 28 Aug 2009 19:27:46 +0000

According to the chief editor of the newly launched Chinese Ministry of National Defense website, since its opening on 20 Aug 09, the site has been under assault from a variety of different types of hacker attacks. The report notes that the attacks have not affected website operation.

Chinese hacker e-mail espionage?

Heike — Mon, 17 Aug 2009 23:35:22 +0000

It seems that even prior to the Melbourne Film Festival controversy, Australia’s diplomats may have been the targets of e-mail espionage attempts:

AUSTRALIA’S diplomats have been warned about a fake email amid concerns it could be part of a cyber espionage attempt, possibly originating from China.

The Department of Foreign Affairs and Trade confirmed yesterday staff had been briefed about a suspicious email sent to several staff last month. The source of the email is under investigation by the department’s communications experts.

When nationalist hackers clash

Heike — Fri, 14 Aug 2009 10:10:52 +0000

In today’s PCWorld, Owen Fletcher provides a comprehensive summary of events surrounding the recent clash of nationalist hackers in connection with the ethnic riots in Xinjiang. Owen was kind enough to give the blog a plug and we really appreciate that!

Searches on Friday revealed a dozen Web sites of local Chinese government offices that had been defaced with messages in support of the country’s Uighur ethnic minority group. The Uighurs, a mostly Muslim group native to Xinjiang, have complained of poor protection of their culture and a lack of economic opportunity as China has encouraged migration to Xinjiang by Han Chinese, the country’s large ethnic majority. Uighurs and Han Chinese carrying sticks and shovels hunted each other in packs during the rioting last month, which was triggered by an ethnic brawl in far-away southern China that left two Uighurs dead.

Also, props to Jumper for finding the really interesting reports on retaliations by pro-Uighur hackers.