The Dark Visitor

Received an e-mail today from www.blogged.com that has rated us as follows:

We evaluated your blog based on the following criteria: Frequency of Updates, Relevance of Content, Site Design, and Writing Style.

After carefully reviewing each of these criteria, your site was given its 8.0 score.

An 8.0…I mean WTF? I strongly suspect that Jumper has pulled the blog down from my own unbiased rating of around 8.15 prior to his arrival.

An 8.0 is great? Not in my book buddy, that is like low hanging “B” work. We at TDV vow to increase the quality of our postings, we will spare nothing to move up the ladder at blogged.com…unless of course it involves too much effort.

Chinese hacker candy is dandy…

Hat tip: To you know who

Remember Crouching Powerpoint, Hidden Trojan?  Maarten VAn Horenbeeck will be giving a presentation at the SANS Fire conference in DC later this month.

Is Troy Burning? An analysis of targeted cyber attacks.
- Maarten Van Horenbeeck, SANS ISC
- Thursday, July 24, 2008 * 7:00pm

The use of trojans in targeted attacks has been known dating back to at least 2002. However, only since 2005 has their use and methodology become relatively widespread and better understood. Recently some of the more notorious attacks, especially those on governments, have been widely discussed in the media, but little technical information is available.

This presentation is based on private investigations of targeted attacks against various organizations, and provides a detailed view on the methodologies, both from a technical as a social engineering perspective, most popular in these attacks. In addition, it briefly touches on how effective today’s protection mechanisms are and to what degree these attacks can be mitigated and detected.

More details on the conference here.  If anyone is going, please let me or Heike know.

(From Zaobao) Xinhua News, citing statistics from the Chinese Industry and Informationization Department, reported that cell phone use in China increased to the point that one out of every two people owns a set and that traditional landline use continues its steady decline.

End of May (2008) statistics showed that out of China’s 1.3 billion population, 592 million households now had a cell phone.  This was a 9% increase from numbers at the close of  2007, which showed 547 million users.

The report stated that the telecommunications industry had continued to slash prices in order to increase cell phone use.

Furthermore, traditional landline household use had dropped by 6.5 million to 358 million users.

Another Chinese hacker makes the Stupid/Evil category…mainly just stupid

One cell phone for every two people in China…WOW! Use grows by 9%, old school landline users sinking like a stone

Off to see Wall-E with the little one, back later tonight

Hat-Tip: GaoYuLong

At times, I get so busy going through Chinese hacker websites that I forget there are other methods of collecting information that should not be ignored. Fortunately, reader GaoYuLong reminds me that HUMINT has not passed the way of the dinosaur and we need to keep track of the methodology used by China. GaoYuLong points to two articles from the Epoch Times that clearly illustrates these techniques:

Chinese Regime Looks to Student-Spies to Push Agenda in Canada

It was a sobering moment. Countless Falun Gong adherents in mainland China had received similar threats, and hundreds—if not thousands—went on to face torture and brainwashing after being turned in by fellow students and teachers.

But Lingdi Zhang does not live in China. The then-computer science student was studying at the University of Ottawa.

FBI Chinese Advertisement Targets CCP’s State Security
An advertisement by the Federal Bureau of Investigation (FBI) aimed at Chinese-speaking residents of San Francisco’s Bay Area, ran from July 2 through July 8 in three local Chinese-language newspapers, seeking information about Chinese espionage to the United States.

This is a very good summary of Chinese hacker attacks on India, to include speculation on mapping of their information infrastructure:

China’s intensified cyber warfare against India is becoming a serious threat to national security. The desire to possess ‘electronic dominance’ over India has compelled Chinese hackers to attack many crucial Indian websites and over the past one and a half years, they have mounted almost daily attacks on Indian computer networks - both government and private.

In October 2007, for example, Chinese hackers defaced over 143 Indian websites. Phishing is a term derived from fishing, and is a fraudulent activity on the Internet to acquire personal information. In phishing, the hackers use spoofed e-mails to lure innocent Internet users and get their personal information like bank account number, credit card details, and password and so on.

Read more here…

The People’s Daily reports that four employees of a Shanghai based Internet security company have admitted to attempts to extort money from online games firms. They apparently launched denial of service attacks on the game sites and then requested money and fees for their company’s firewall product. Don’t worry though, he promised not to do it again:

All the accused admitted the offense, and sentence will be passed within
a month.

“I was attracted by the quick money and got carried away. I applied my
talents in the wrong way,” Li told Beijing Morning Post.

In the future, he will apply his skills only to legal things, he said.

You can find a non-.cn version of the article here.

Not Chinese hacker related but this article from the Sydney Morning Herald has such a curious cultural aspect to it that I wanted to pass it along. Some bloggers on the internet are seeing a relationship between the five Chinese Olympic mascots and recent misfortunes, to include the earthquake in Sichuan.

Jingjing, a panda, is the animal most closely associated with Sichuan province where the earthquake struck.

Huanhuan, a cartoon character with flame-red hair, is being linked by bloggers to the Olympic torch that has been dogged by anti-China protests on its round-the-world tour.

Yingying, an antelope, is an animal confined to the borders of Tibet, which has been the scene of riots and the cause of international protests against China, the bloggers say.

Nini, represented by a kite, is being viewed as a reference to the “kite city” of Weifang, in Shandong, where there was a deadly train crash last month.

That leaves only Beibei, represented by a sturgeon fish, which online doomsayers suggest could indicate a looming disaster in the Yangtze River, the only place where sturgeon is found.

Here is the full article from the Sydney Morning Herald…

On the afternoon of May 31st, the Nanning Public Security Bureau Cyber Police received a report from the Guangxi Earthquake Bureau that a hacker had invaded and altered their website.

The FAKE message left by the hacker read:

“The violent earthquake that struck Wenchuan, Sichuan…we grieve for our fellow citizens who perished in the great Wenchuan, Sichuan, earthquake. In the near future, a major earthquake registering 9+ will hit the Guangxi area. Request that city residents make preparations as soon as possible.”

(Emphasis added)

Guangxi Earthquake Website

Cooperation between the cyber police from six provinces, spanning a three-day period, finally located the hacker responsible for the fraudulent message in Jiangsu.

Cyber Police Investigation

On 4 June, police arrested a further unidentified suspect named Chen who made a full confession.

Congratulations to Chinese hacker Chen, I had to add a new category to cover this event. Posted under Evil and/or Stupid…qualified as Evil and Stupid.

From what I can gather, this is the second year of the International E-Sports Festival, co-sponsored by China and South Korea. This year’s competition will be held in Wuhan, China on 10 Oct 2008. The screen shot above was posted at ief.com.cn/, which is billed as the official Chinese website of the 2008 International E-Sports Festival. The site now looks like this:

A little background on the games:

Planning for IEF was started in 2003 at the express request of China’s central government with the aim of providing positive, culturally appropriate Internet alternatives for Chinese youth. The government decided to pursue these objectives through the China Youth League, one of the most influential organizations in China. Many of China’s leaders, including President Hu, come from its ranks.

In November 2003, ‘e-sports’ was added as China’s ninety-ninth official sport by the Sports Bureau of the PRC’s Central Committee in order to add further importance to the objectives of the IEF. The organizing committee was formed to develop and implement initiatives to respond to the CPC’s constructive vision. Since then, the Committee has successfully developed and staged numerous very popular events under the banner of the IEF.

In January 2007 President Hu Jintao noted the success of IEF and issued policies designed to ensure the continuing development of culturally appropriate content and inculcating within China’s Internet community a culture of positive and innovative attitudes. In April 2007, the Central People’s Committee Political Bureau reinforced this policy by emphasizing the importance of developing a social-network model of Internet use by China’s youth.

Cont…

Several reports coming out of China are suggesting the attack was carried out because South Korean committee organizers cancelled a promise to open a Japanese area.  Furthermore, the hacker appeared to be…wait for it… Japanese.  Yeah, the “Turkish hacker Firtina Bozo was here..!!” seems to have been lost on them.  That one Hotmail address with a .jp tag must have blinded them to all other things contained in the message.

Just for fun I decided to see if there were other hacks by Firtina Bozo and let me tell you that is one busy individual.

Solid “B” work here guys and not trying to make you feel bad about you…but, making the “could have done better” face in your direction:

CHINESE computer hackers are responsible for 88 per cent of attacks on Australian government web sites, according to web security company TippingPoint.

Read why Chinese hackers can’t break that remaining 12%…

I have no words…

Hackers working on behalf of China’s People’s Liberation Army have penetrated networks controlling electric power grids in the United States, computer security experts believe. And that may have precipitated a massive blackout on the east coast in 2003, as well as a blackout in Florida this year.

That’s just one blockbuster assertion in a long story full of them, from National Journal scoopster Shane Harris.

More here…

On this Memorial Day, I would like to share a letter written from Jessica to her father, CSM James D Blankenbecler.  If it doesn’t bring a tear to your eye, probably nothing will.  God bless all of the men and women who have sacrificed so much for their country!

Jessica’s letter…

From Computer World:

Web sites across China and Taiwan are being hit by a mass SQL injection attack that has implanted malware in thousands of Web sites, according to a security company in Taiwan.

First detected on May 13, the attack is coming from a server farm inside China, which has made no effort to hide its IP addresses, said Wayne Huang, CEO of Armorize Technologies Inc. in Taipei.

“The attack is ongoing,” Huang said. “Even if they can’t successfully insert malware, they’re killing lots of Web sites right now, because they’re just brute-forcing every attack surface with SQL injection, and hence causing lots of permanent changes to the victim Web sites.”

Read more…here