The Dark Visitor » UK Attacks

PRC Gov Responses to Hacking Allegations – Timeline

jumper — Thu, 21 Jan 2010 03:58:49 +0000

All dates represent the date the article was published, not necesarily the date that the quote was made.

July 26, 2004
In response to accusations that the Chinese government was involved in computer intrusions against ROK government agencies
“Some media reports that the Chinese government might be behind the hacking incident are groundless” – Chinese Embassy in Seoul (no personal attribution)

December 15, 2005
Response to SANS comments about China being involved in world wide hacking
“Work units and individuals are not permitted to use the Internet to be engaged in illegal activities or commit crimes,… China has laws that make tampering with or cracking a computer’s code illegal.” – Qin Gang

August 27, 2007
In response to a Der Spiegel article that reported intrusions into the German governemnt
“The Chinese government attaches great importance to the hacker attack on the German government networks,” adding China would take “determined” and “forceful” measures to combat hacker activities. – Wen Jiabao

August 28, 2007
In response to the reports of Chinese attributed intrusions into the government of Germany
“The Chinese government has always opposed and prohibited any criminal activity that breaks down computer networks, including hacker attacks,… China has clear rules and regulations on this.” – Jiang Yu

September 4, 2007
In a public response to the FT article that suggested PRC government involvement in a Pentagon intrusion
“The Chinese government has always opposed any Internet-wrecking crime, including hacking, and cracked down on it according to the law” – An Lu (editor)

September 10, 2007
Response to reports about intrusions into the French government for which the French plainly stated that they have no evidence to indicate PRC gov involvement.
“Saying that the Chinese military has made cyber-attacks on the networks of foreign governments is groundless and irresponsible and are a result of ulterior motives” – Jiang Yu

April 9, 2008
In response to Business Week’s e-Spionage article
“The Chinese Government always opposes and forbids any cyber crimes including “hacking” that undermine the security of computer networks. Chinese laws and regulations are explicit in this regard.” – Wang Baodong

April 1, 2009
In response to Ghostnet report
“There is a ghost called the Cold War and a virus called the Theory of China’s Threat overseas,… Some people, possessed by this ghost and infected with this virus, ‘fall ill’ from time to time. Their attempts at using rumors to disgrace China will never succeed… It is the ghost and the virus that should be ferreted out” - Qin Gang

May 15, 2009
Response to accusations of Chinese espionage in PACOM.
“We urge the United States to abandon Cold War mentality, stop its groundless accusations against China and do more to help build mutual trust between the United States and China and the friendship between the two peoples,” – Ma Zhaoxu
“The intrusion doesn’t exist at all” – Jiang Yu

Jun 12, 2008
In response to reports of Chinese hacking into computers in the offices of Rep. Frank Wolf and Rep. Chris Smith.
“Is there any evidence? … Do we have such advanced technology? Even I don’t believe it,… I’d like to urge some people in the U.S. not to be paranoid,… They should do more to contribute to mutual understanding, trust and friendship between the U.S. and China.” – Qin Gang

January 19, 2010
In response to Indian allegations of Chinese hacking (following the Google intrusion)
“I can say that these accusations are groundless… The Chinese government is firmly against hacking activities and will deal with relevant cases in accordance with the law” – Ma Zhaoxu

January 22, 2010
In response to US Sec of State Hillary Clinton’s remarks about Internet Freedom and the Google intrusion
“We urge the United States to respect the facts and cease using so-called Internet freedom to make groundless accusations against China” – Ma Zhaoxu
“China resolutely opposes Clinton’s remarks and it is not true that the country restricts online freedom…” – Ma Zhaoxu

January 25, 2010
In response to US Sec of State Clinton’s request for a transparent investigation into the Google intrusion
“We are resolutely against those who make a issue of things without referring to actual facts by needlessly accusing China, ignoring Chinese laws and interfering in Chinese internal politics” – unnamed spokesperson for the State Council Information Office

“As the global landscape is undergoing profound irreversible shifts, the calculated free-Internet scheme is just one step of a U.S. tactic to preserve its hegemonic domination” – Yan Xuetong

January 25, 2010
Response to Google intrusion
The “accusation that the Chinese government participated in (any) cyberattack, either in an explicit or inexplicit way, is groundless and aims to denigrate China… We are firmly opposed to that” – unnamed spokesman for the Ministry of Industry and Information Technology to Xinhua

Chinese hacker blooper…but success!

Heike — Fri, 30 Jan 2009 04:31:17 +0000

There isn’t a day that goes by that I don’t thank karma for Jumper. He was blessed with the gift of not making people feel stupid for asking really dumb questions.

Me: It really hurts when I touch the light socket, what should I do?

Jumper: Hey, great question! Stop doing that.

He is good to me that way.

Over at 7747.net, the New Year holiday has been a bit hectic for one of the boys. He has taken over the job of website moderator and wants to keep the conversation lively. Not a slacker by any means, he has been using the holiday season to sharpen his skills at manual SQL injection. Our guru has posted his SQL injection attack on New York University and wants a little feedback/review of his methodology.

Problem: New York University is in the US.

Blooper: Our pilot drifts slightly east of target and hits York College in the UK. Hey, we have all been there.

I could only tell that this was an SQL injection attempt and that he wanted to go after NYU and missed; then other stuff happened. What, I had no idea. So, I sent a note to Jumper pleading/begging for guidance…he was good enough not to laugh.

I will now turn you over to the smart guy on this site:

Jumper: That appears to be the wrong target indeed. It seems like he was able to obtain a username and password and that he used manual techniques to do this rather than HDSI or NBSI to automate it. This PHP/MYSQL combination is a popular target for SQL injection and remote file includes (RFI). Javaphile wrote a paper on blind SQL injection by the way.

Oh yeah – SQL Injection. You probably know a little about database queries and boolean logic already. SQL injection is basically where a hacker is able to escape the query structure and add additional queries such as username/password.

In the most classic example, one can inject ‘or 1=1– into the username field of a web form and authenticate as the first user in the users table. The ‘or 1=1– bit forces the query to evaluate to true every time instead of actually comparing the input with a username in the table.

UPDATE: For those of you concerned, an attempt has been made to contact York College an inform them of the possible compromise.

Chinese hackers targeting French Embassy websites around the world

Heike — Fri, 12 Dec 2008 00:24:38 +0000

Chinese hackers are targeting French Embassy websites all around the world to protest President Nicolas Sarkozy’s visit with the Dalai Lama.

According to hack4.com, featured in CNN documentary on Chinese hackers, the following French Embassy websites were successfully defaced:

法驻美国大使馆:http://www.ambafrance-us.org/
法驻英国大使馆:http://www.ambafrance-uk.org/
法驻中国大使馆:http://www.ambafrance-cn.org/（最新消息，已经恢复正常） (Repaired)
法驻加拿大使馆:http://www.ambafrance-ca.org/

Visiting all of the above websites shows that either they were not defaced or have been repaired since the attack. Hack4.com points out that the following websites have not been hit, suggesting they are future targets:

法驻日本大使馆:http://www.ambafrance-jp.org/
法驻冰岛大使馆:http://www.ambafrance-is.org/

Hack4.com’s gives this screenshot of the reported hacked website(s) (Deleted):

UPDATE: Better screenshots of the defaced French Embassy websites from 7747.net:

(Sorry guys, just updated to WordPress 2.7 and having a few problems. Can’t seem to get the screenshot to enlarge when you click on it. The three defaced websites are the US, UK and Canada.)

UPDATE: Once again, Eastwood has set me straight. Linked the image through the Chinese hacker website and now you should be able to pull up the graphic.

Chinese hackers vacuuming up security and economic secrets

jumper — Thu, 30 Oct 2008 01:48:53 +0000

An brief article from silicon.com discusses a warning given to UK critical businesses by the Centre for the Protection of National Infrastructure. From the article:

Internet warfare expert Ira Winkler, president of the Internet Security Advisory Group, said Chinese hackers were “vacuuming up the internet for security and economic secrets”

Chinese hackers killed Whoopy, you bastards!

Heike — Fri, 22 Aug 2008 10:51:14 +0000

I am wrong…very, very wrong. This is not funny (but it is hilarious) and I know better than posting other people’s pain. From the European WoW forum: (Click to enlarge)

Summary: Chinese cyberwarfare threat by the Heritage Foundation

Heike — Thu, 26 Jun 2008 03:44:48 +0000

This is a very interesting read by John J. Tkacik on Chinese cyber attacks that runs counter to many of my arguments. The PDF document titled Trojan Dragon: China’s Cyber Threat is 12 pages but well worth checking out.

Genesis of China’s Cyberwarfare

In the 1990s, China’s Ministry of Public Security (MPS), which manages the country’s police services, pioneered the art of state control of cyberspace by partnering with foreign network systems firms to monitor information flows via the Internet. By 1998, according to an insider’s account of China’s Internet development, the MPS and its subordinate bureaus found that their resources for monitoring the Internet had been overwhelmed by the sheer volume of Internet traffic—which by 1998 had not yet reached 1 million users in China.

Keep reading…

Chinese hacker Xiao Chen’s Organization Revealed!

Heike — Sun, 09 Mar 2008 14:49:18 +0000

First, a very big thank you to reader Copper, who first pointed out that there was a BIG button right over the article on Chinese hacker Xiao Chen that said…VIDEO! And, if you watch said video…it gives Xiao Chen’s webiste.

Here is the 1st screenshot from the CNN video, notice the links section at the botttom that I have circled in red. The first link is to Hacker World (hack4.com) 黑客天下 and the second is to Hackbase.com. It is typical for Chinese hackers to list their own website first in the links section.

UPDATE: Sorry, I was unclear in the paragraph above, Xiao Chen only owns
hack4.com. Hackbase.com was listed just to show similarity in the websites.

Now look at this screen shot from hack4.com. There are a couple of differences but clearly the same website:

Next image from the CNN video gives the Chinese 黑客天下, Hacker World or hack4.com:

Now take a look at this graphic from CNN in the left corner of the page:

and this one from hack4.com…

Finally, this one from CNN and you really had to be watching for it:

In the CNN interview, Xiao Chen claimed to have 10,000 registered members.
From the hack4.com website, they list the number of registered members as 9,746…pretty darn close:

Heikeba Update…Never hack inside China…Ever!

Heike — Thu, 31 Jan 2008 21:23:06 +0000

This was more than likely a message to the rest of the Red Hacker Alliance that we do not hack inside China or there will be consequences. According to the video, it wasn’t just money that Heikeba was after but fame played a large part as well. The downfall seems to have come when they decided to break into banks inside of China and steal from Chinese citizens. That my friends is a no-no!

Also, it is not nice to attach Trojans to music and picture downloads.

This is the part I’m not completely clear on and if someone who has better ears than I do can provide clarification it would be really appreciated. The police discovered that the site was spread out across 15 cities inside of China. Here is the difficult part, they found records on the site dealing with New York, London and Paris and something about logging into the sites at the same time which seemed impossible or only slightly possible. There is some discussion of time-zones and logging into them at the same time.

Difficult to tell if they are saying Heikeba was responsible for hacking into
websites in these cities. Hopefully, we can get a little help here.

SANS Institute’s Top Cyber Menaces 08

jumper — Mon, 28 Jan 2008 18:21:14 +0000

Of interest to Dark Visitor readers is item number three in the SANS list:

Cyber Espionage Efforts By Well Resourced Organizations Looking To Extract Large Amounts Of Data – Particularly Using Targeted Phishing

One of the biggest security stories of 2007 was disclosure in Congressional hearings and by senior DoD officials of massive penetration of federal agencies and defense contractors and theft of terabytes of data by the Chinese and other nation states. In 2008, despite intense scrutiny, these nation-state attacks will expand; more targets and increased sophistication will mean many successes for attackers. Economic espionage will be increasingly common as nation-states use cyber theft of data to gain economic advantage in multinational deals. The attack of choice involves targeted spear phishing with attachments, using well-researched social engineering methods to make the victim believe that an attachment comes from a trusted source, and using newly discovered Microsoft Office vulnerabilities and hiding techniques to circumvent virus checking.

The open-source information we have so far about this type of well-resourced [Chinese] cyber espionage is anecdotal and positive attribution hasn’t been possible. Our only sources are the Rolls-Royce information (very detailed) and Charlie Chen. The information that we have from DoD sources is very limited on detail and a lot of readers are inclined to dismiss it because attribution by IP address only is pretty unreliable. I think there is a lot more going on behind the scenes than IP geolocation. Consider the information that has been exfiltrated. Consider the methods that were used to harvest email addresses to use for social engineering. Consider the tools that were used and then you have a much better picture. Let’s face it, script kiddies aren’t interested in Naval Order of Battle in the Taiwan Straight. Also, script kiddies aren’t after specific information from the world’s largest research based pharmaceutical company. Update: I neglected to reference another attack with some good details: SANS ISC covered the spear-phishing attack on 30 members of Fa1un G0ng which is banned in the PRC.

Mysterious Chinese Hacker Slide Show

Heike — Mon, 21 Jan 2008 00:38:36 +0000

UPDATE: Jumper adds the following on this post:

I doubt that the mystery poster is Charlie Chung-Ping Chen. Charlie Chung-Ping Chen researches processors. It is certainly possible that he made the transition during his four year absence from the web but I think it is a stretch. At any rate, he hasn’t responded to Gordon. I assume Gordon contacted him by his university email and his status at the university is listed as “leave of absence”.

I tried to find out more about the powerpoint and didn’t have much luck. There isn’t any intro slide and the person who posted the presentation hasn’t posted anything else. It is very amusing that the poster’s handle is Deep Throat.

This thread was first brought to my attention by Jumper who has been collecting postings from an individual in Taiwan named Charlie Chen who is fairly elusive. The same theme runs through all of Chen’s postings concerning a PRC government run organization of eight Chinese hacker groups dedicated to cyber espionage.

Did a little checking and came across an article by Gordon Housworth who is just as curious about the mystery poster as Jumper. Gordon did a ton of research and from what I can tell has a good handle on the identity of our mystery man. He was also able to locate a 26-frame slide show associated with Mr. Chen.