Archive for the 'US attacks' Category

Apr 06 2010

IWM and Shadow Server Project Report: Shadows in the Clouds

The researchers at InfoWar Monitor and Shadow Server have released a great research paper that adds to the Ghostnet report from last year. TDV gets a plug in the report for our chat with lost33.

8 responses so far

Feb 19 2010

Shanghai Jiaotong named as a source in Google compromise

Published by under China internet,US attacks

Loyal readers of TDV may remember Heike’s post about Peng Yinan, aka Coolswallow of Javaphile. According to this NY Times article, the school that Yinan has occasionally taught at was discovered to have been involved in the Google compromise revealed last month. At this point, it is only the IP addresses that seem to link the school to the compromise but it is an interesting coincdence that one of the most prolific Chinese hackers has a close connection to the school.

There are many possibilities for SJTU’s IP addresses being involved in the incident. Any assessments made about SJTU’s involvement at this point would be just a guess.

19 responses so far

Jan 20 2010

PRC Gov Responses to Hacking Allegations – Timeline

All dates represent the date the article was published, not necesarily the date that the quote was made.

July 26, 2004
In response to accusations that the Chinese government was involved in computer intrusions against ROK government agencies
“Some media reports that the Chinese government might be behind the hacking incident are groundless” – Chinese Embassy in Seoul (no personal attribution)

December 15, 2005
Response to SANS comments about China being involved in world wide hacking
“Work units and individuals are not permitted to use the Internet to be engaged in illegal activities or commit crimes,… China has laws that make tampering with or cracking a computer’s code illegal.” – Qin Gang

August 27, 2007
In response to a Der Spiegel article that reported intrusions into the German governemnt
“The Chinese government attaches great importance to the hacker attack on the German government networks,” adding China would take “determined” and “forceful” measures to combat hacker activities. – Wen Jiabao

August 28, 2007
In response to the reports of Chinese attributed intrusions into the government of Germany
“The Chinese government has always opposed and prohibited any criminal activity that breaks down computer networks, including hacker attacks,… China has clear rules and regulations on this.” – Jiang Yu

September 4, 2007
In a public response to the FT article that suggested PRC government involvement in a Pentagon intrusion
“The Chinese government has always opposed any Internet-wrecking crime, including hacking, and cracked down on it according to the law” – An Lu (editor)

September 10, 2007
Response to reports about intrusions into the French government for which the French plainly stated that they have no evidence to indicate PRC gov involvement.
“Saying that the Chinese military has made cyber-attacks on the networks of foreign governments is groundless and irresponsible and are a result of ulterior motives” – Jiang Yu

April 9, 2008
In response to Business Week’s e-Spionage article
“The Chinese Government always opposes and forbids any cyber crimes including “hacking” that undermine the security of computer networks. Chinese laws and regulations are explicit in this regard.” – Wang Baodong

April 1, 2009
In response to Ghostnet report
“There is a ghost called the Cold War and a virus called the Theory of China’s Threat overseas,… Some people, possessed by this ghost and infected with this virus, ‘fall ill’ from time to time. Their attempts at using rumors to disgrace China will never succeed…  It is the ghost and the virus that should be ferreted out” - Qin Gang

May 15, 2009
Response to accusations of Chinese espionage in PACOM.
“We urge the United States to abandon Cold War mentality, stop its groundless accusations against China and do more to help build mutual trust between the United States and China and the friendship between the two peoples,” – Ma Zhaoxu
“The intrusion doesn’t exist at all”
– Jiang Yu

Jun 12, 2008
In response to reports of Chinese hacking into computers in the offices of Rep. Frank Wolf and Rep. Chris Smith.
“Is there any evidence? … Do we have such advanced technology? Even I don’t believe it,… I’d like to urge some people in the U.S. not to be paranoid,… They should do more to contribute to mutual understanding, trust and friendship between the U.S. and China.” – Qin Gang

January 19, 2010
In response to Indian allegations of Chinese hacking (following the Google intrusion)
“I can say that these accusations are groundless… The Chinese government is firmly against hacking activities and will deal with relevant cases in accordance with the law” – Ma Zhaoxu

January 22, 2010
In response to US Sec of State Hillary Clinton’s remarks about Internet Freedom and the Google intrusion
“We urge the United States to respect the facts and cease using so-called Internet freedom to make groundless accusations against China” – Ma Zhaoxu
“China resolutely opposes Clinton’s remarks and it is not true that the country restricts online freedom…” – Ma Zhaoxu

January 25, 2010
In response to US Sec of State Clinton’s request for a transparent investigation into the Google intrusion
“We are resolutely against those who make a issue of things without referring to actual facts by needlessly accusing China, ignoring Chinese laws and interfering in Chinese internal politics” – unnamed spokesperson for the State Council Information Office

“As the global landscape is undergoing profound irreversible shifts, the calculated free-Internet scheme is just one step of a U.S. tactic to preserve its hegemonic domination” – Yan Xuetong

January 25, 2010
Response to Google intrusion
The “accusation that the Chinese government participated in (any) cyberattack, either in an explicit or inexplicit way, is groundless and aims to denigrate China… We are firmly opposed to that” – unnamed spokesman for the Ministry of Industry and Information Technology to Xinhua

26 responses so far

Aug 20 2009

Former Chinese nationalist hacker causes international incident


Kang Lingyi

According to reports, in 1999, Kang Lingyi participated in hacking the US Embassy and the White House over the accidental bombing of the Chinese Embassy in Belgrade.   He then went on to fame founding several nationalist websites.

An international controversy has broken out over an article he published on one of his websites called, the China International Strategy Net.  In the article, Kang suggests that India can be removed as a competitor by intentionally encouraging separatists to bring about the collapse of the state.  The statements caused such an uproar that the Indian government was forced to issue a statement saying that the relationship between China and India was peaceful.

As of this writing, Kang’s website has a message up saying that the site is currently under maintenance.  It has been up all day so let the wild speculations begin:


1) Beijing took it down as a concession

2) Indian hackers

3) The boring option of site maintenance          

Comments Off

Aug 05 2009

China starting to worry about its own hackers


The picture seen above is an advertisement for a Chinese hacker training course.  Now I know many of you are struggling to process this information;  something seems wrong with the picture.  The reason your brain is having trouble with the image,  is that it is located in a place called, the “outdoors”.  Like me, many of you spend way too much time online and this poster is horribly out of place.

The following report from China Daily talks about the growing public concern over hacking and online hacking courses.  It also interviews Wang Xianbing, a consultant for

“Lots of hacker schools only teach students how to hack into unprotected computers and steal personal information,” said Wang Xianbing, a security consultant for “They then make a profit by selling users’ information.”

For investing hundreds of yuan in hacker school, students could obtain the skills to make a fortune, Wang said.

“Hacker school is a bit like driving school – they teach you how to drive but it’s up to you if you are going to drive safely or kill someone,” said Wang.

What the article doesn’t tell you is that Wang Xianbing is also known as Janker and the Lonely Swordsman; one of China’s first generation of hackers and the leader of online conflicts with the US and Japan.

One response so far

Jul 08 2009

Recent South Korean and US attacks linked?

Published by under Other attacks,US attacks

It appears recent DDoS attacks on South Korean and US government websites are linked.  The attacks occurred over the 4th of July weekend and continued for several days after the US holiday.  Speculation has fallen squarely on either North Korean or Chinese hackers as the main culprits; perhaps even a combination of the two.

As I recall, the attacks coincide with the launch of a number of North Korean short-range missiles.  I haven’t looked into this, so just a guess but my money would be on the North Koreans.  Rather risky for China to be involved in cyber attacks on both South Korea and the US while the North is busy launching missiles all over the place.

National pride was hurt by the latest hacker attacks that disabled 25 Web sites, including 11 domestic ones, Tuesday and Wednesday. The so-called distributed denial-of-service (DDoS) attacks prompted the telecommunication regulator, the Korea Communications Commission (KCC), to issue a cyber security warning. The presidential office, the National Assembly, the Ministry of National Defense, the Ministry of Foreign Affairs and Trade, and other government agencies were caught off guard by the attacks. Web sites for Shinhan Bank, Korea Exchange Bank (KEB) and the daily newspaper Chosun Ilbo were also briefly shut down.

What’s more surprising is that about 14 American Web sites were also disabled by similar hackers over the July 4 holiday weekend. The attacks reportedly hit several U.S. government agencies, including the White House, the State Department, the Department of Homeland Security, the Treasury Department, the Transportation Department and the Federal Trade Commission. The attacks in both South Korea and the U.S. appear to be linked.

Comments Off

Apr 30 2009

Mr. Tim Thomas at Dartmouth

Published by under Uncategorized,US attacks

UPDATE:  The author of this article makes a slight mistake on the title of Tim’s book calling it, Fighting the Virtual Dragon.  The title is Decoding the Virtual Dragon.

Mr. Thomas has done extensive research into PLA cyber warfare and is the best in the business on PRC strategy.

Understanding China’s strategic approach to cyber warfare is essential to defending the United States from hackers, Timothy Thomas, an analyst at the Foreign Military Studies Office at Fort Leavenworth in Kansas, said in a lecture on Tuesday in the Haldeman Center. The anonymous nature of cyber attacks often complicates cyber defense, Thomas said in the lecture.

Dartmouth lecture on cyber warfare

18 responses so far

Apr 13 2009

Nart Villeneuve drops the hammer

Published by under Other attacks,US attacks

Nart Villeneuve reminds me once again why I shouldn’t post articles that seem too hyped.   Responding to the recent story from the WSJ on Chinese and Russian hacker attacking critical infrastructure, Nart gives them a full blast:

Articles like this are very irritating. They are short of detail and long on hype. And when that hype focuses on the wrong threat, it becomes the threat itself.

This WSJ article is a typical case. These stories are not new and the pop up from time to time usually focused on Russian or Chinese hackers — and in this case some unholy alliance of both (I’m surprised that Al Qaeda wasn’t thrown in to this “Haxis of Evil” :) ) Some have suggested that the article was planted for political purposes but, regardless, the hype seems to focus on the wrong threat.

Read Nart’s full reply, When hype is the threat.  Remind me not to get on his bad side, ouch.

5 responses so far

Apr 08 2009

Chinese hackers: You guys got candles? You’re going to need them.

Published by under US attacks

In the past, I’ve avoided posting articles on potential damage to US infrastructure from Chinese hackers and others because they seemed too hyped in my opinion.   However, this report on critical infrastructure from this WSJ is a tad bit better, even though they don’t name all of their sources…understand why but I still don’t like it:

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

UPDATE: Ned Moran, from the Cuckoo’s Egg, agrees that these types of articles get too much hype.  He makes a better case than I did.

13 responses so far

Jan 29 2009

Chinese hacker blooper…but success!

Published by under UK Attacks,US attacks

There isn’t a day that goes by that I don’t thank karma for Jumper.  He was blessed with the gift of not making people feel stupid for asking really dumb questions.

Me: It really hurts when I touch the light socket, what should I do?

Jumper: Hey, great question! Stop doing that.

He is good to me that way.

Over at, the New Year holiday has been a bit hectic for one of the boys.  He has taken over the job of website moderator and wants to keep the conversation lively.  Not a slacker by any means, he has been using the holiday season to sharpen his skills at manual SQL injection.  Our guru has posted his SQL injection attack on New York University and wants a little feedback/review of his methodology.

Problem: New York University is in the US.

Blooper: Our pilot drifts slightly east of target and hits York College in the UK.  Hey, we have all been there.

I could only tell that this was an SQL injection attempt and that he wanted to go after NYU and missed; then other stuff happened.  What, I had no idea.  So, I sent a note to Jumper pleading/begging for guidance…he was good enough not to laugh.

I will now turn you over to the smart guy on this site:

Jumper: That appears to be the wrong target indeed. It seems like he was able to obtain a username and password and that he used manual techniques to do this rather than HDSI or NBSI to automate it.  This PHP/MYSQL combination is a popular target for SQL injection and remote file includes (RFI).  Javaphile wrote a paper on blind SQL injection by the way.

Oh yeah – SQL Injection.  You probably know a little about database queries and boolean logic already.  SQL injection is basically where a hacker is able to escape the query structure and add additional queries such as username/password.

In the most classic example, one can inject ‘or 1=1– into the username field of a web form and authenticate as the first user in the users table.  The ‘or 1=1– bit forces the query to evaluate to true every time instead of actually comparing the input with a username in the table.

UPDATE: For those of you concerned, an attempt has been made to contact York College an inform them of the possible compromise.

Comments Off

Next »