Archive for the 'PRC attacks' Category

Mar 14 2011

Chinese government websites getting trashed

Published by under PRC attacks

People’s Daily reports that 4,635 Chinese government websites were hacked in 2010, a jump of 68 percent from 2008.  That has to be close to all of them, right?         

One response so far

Mar 11 2011

US #1 perp attacking China’s classifed networks

Published by under Cyber Crime,PRC attacks

Quick Translation:

Rising’s report on China’s 2010 Corporate Security Threats  indicates that government, military, and academic research institutes were significant targets for hackers. 

The report further shows that among all hacker attacks, there were a significantly higher number carried out on institutions dealing with state secrets and financial security such as:  national agencies, classified units (dealing with classified/confidential  information), research institutions, and financial organizations.  Some units dealing with classified information suffered nearly a thousand different attacks a month.

Hackers often used the personal computers, cell phones, and thumb drives of individuals working in classified units as portals for attack.  For example, the personal computers of academic researchers involved in military projects were often the targets of attack.  Attackers attempted to use thumb drives, moveable hard disks, and cell phones as springboards for attacks on classified networks.  If successful, the leak of classified information could have grave consequences. 

According to Rising’s estimates, in 2010 alone, there were in excess of 10 million attacks on classified networks.  Of those, 90% of the attacking IPs came from abroad with the US, Japan, and South Korea ranking as the three highest ranking sources of attack.

Rising’s report on China’s 2010 Corporate Security Threats indicates that government, military, and academic research institutes were significant targets for hackers. 

The report further showed that among all hacker attacks, there was a significantly higher number carried out on institutions dealing with state secrets and financial security such as:  national agencies, classified units (dealing with classified/confidential  information), research institutions, and financial organizations.  Some units dealing with classified information suffered nearly a thousand different attacks a month.

Hackers often used the personal computers, cell phones, and thumb drives of individuals working in classified units as portals for attack.  For example, the personal computers of academic researchers involved in military projects were often the targets of attack.  Attackers attempted to use thumb drives, moveable hard disks, and cell phones as springboards for attacks on classified networks.  If successful, the leak of classified information could have grave consequences. 

According to Rising’s estimates, in 2010 alone, there were in excess of 10 million attacks on classified networks.  Of those, 90% of the attacking IPs came from abroad with the US, Japan, and South Korea ranking as the three highest ranking sources of attack.

IP source attacks on China’s classified networks:

US 21%

Japan 17%

South Korea 17%

Singapore 11%

India 8%

Europe 6%

Hong Kong/Taiwan and others 20%

Comments Off

Mar 08 2011

China’s Anti-Porn Website not so popular

Published by under PRC attacks

Green Dam Girl

Pure speculation on my part, but I’m guessing this was the work of Chinese hackers – young male Chinese hackers – who were not especially pleased with the website’s anti-porn work.  Seemed to be a crowdsourced form of Green Dam.

On 5 March, unidentitified hackers launched a DOS attack against China’s first non-profit, anti-porn website.  The non-profit organization used its network of private volunteers to  report on illegal pornographic websites.  The group’s spokens said they were trying to keep the internet safe for children and their famlies.

2 responses so far

Aug 14 2009

When nationalist hackers clash

In today’s PCWorld, Owen Fletcher provides a comprehensive summary of events surrounding the recent clash of nationalist hackers in connection with the ethnic riots in Xinjiang.  Owen was kind enough to give the blog a plug and we really appreciate that!

Searches on Friday revealed a dozen Web sites of local Chinese government offices that had been defaced with messages in support of the country’s Uighur ethnic minority group. The Uighurs, a mostly Muslim group native to Xinjiang, have complained of poor protection of their culture and a lack of economic opportunity as China has encouraged migration to Xinjiang by Han Chinese, the country’s large ethnic majority. Uighurs and Han Chinese carrying sticks and shovels hunted each other in packs during the rioting last month, which was triggered by an ethnic brawl in far-away southern China that left two Uighurs dead.

Also, props to Jumper for finding the really interesting reports on retaliations by pro-Uighur hackers.

Comments Off

Aug 13 2009

Uyghur hackers deface PRC local gov websites

Published by under PRC attacks

One of the Chinese bloggers that I follow reported that Uyghur separatists have defaced a handful of Chinese .gov.cn sites.  The hacker(s) are known as “Spy HackerZ” and their handy work can be found with a simple google search for “spy hackerz” site:gov.cn.  There are eight results all from different local government sites.  The Spy Hackerz use the defacements as opportunities to voice their opinion about perceived injustices.  The sites’ admins have apparently been notified because the defacements are either removed or the sites are presently down.  I grabbed this screenshot from the ‘iron circle’ blog:

attachment

From the blog: “Any hostile attempt to split China is doomed to failure!”

Defacements on Chinese .gov websites are frequent and they are generally slow to remove the defacement. Try this google search to get an idea of the defacements out there: site:gov.cn intitle:”hacked by” –there are 1830 results at the time of this writing. Many of these defacements are on multiple pages within the same domain. Many of the defacements are opportunistic but there are a few with China specific messages as well. The Turkish hackers MadNet and GhettoTurk both left messages for China including a lot of colorful language and messages in support of Uyghurs (MadNet) or Muslims (GhettoTurk).

ghetto_turk

See also: http://www.thedarkvisitor.com/2008/04/chinese-gov-sites-pwn3d/ and http://www.thedarkvisitor.com/2009/02/%E4%B8%AD%E5%9B%BD-gov-websites-pwn%E4%B8%89d-part-%E4%BA%8C/

3 responses so far