The Dark Visitor

New stats out on the Chinese online gaming industry poised to reach 2.67 billion dollars by 2010.

We know that Chinese hackers specialize in writing trojans for the purpose of stealing virtual property from games abroad…how about now?  With the massive market starting to take off…trouble, trouble, trouble.

I’ve come across several incidents of blackmail against Chinese online game companies, it will only get worse.

2009 prediction #1

Not to mention, China’s E-commerce rose over 20% in 2008.

Oh, the title…”that’s where the money is.” New theme around here.

The following post has gone viral in the Chinese hacker community, as well as other social network sites in China.  It is a call for the Red Hacker Alliance to assist the Pakistan online community in fighting off Indian hackers who have broken into large social network sites such as Orkut.

A Pakistani wrote the original e-mail requesting assistance from his Chinese friend, claiming that his group, which has 42,000 members, was under constant assault from Indian hackers.  His Chinese friend then reposted their correspondence with a list of reasons why Chinese hackers should come to their aid.  The posting hit a cord with the Chinese and it has gone viral.

This looks very similar to the warning signs we saw during the run up to the CNN attack.  However, we have not found specific targets or groups organizing/planning attacks.

(The following post is very long but should give you an idea why the letter has appealed to the Chinese sense of nationalism and calls for assistance.)

Our Pakistani brothers hope that the Chinese Red Hacker Alliance will reach out their hand in mutual assistance

I am a normal Chinese citizen and due to a lucky coincidence, have become acquainted with several Pakistani friends. After knowing them for a short period of time, I have come to the profound understanding that even though the Chinese and Pakistani people have different religions, there is an ingrained friendship.

Continue Reading »

Xin Net, the world’s largest registrar of Chinese domain names, suffered an 8-hour attack yesterday that lasted from 4:00pm until 12:00am.

During that time period, 30% of the names registered through Xin Net could not be accessed normally.

The company put out an official reply expressing regret to all of its customers in a three-part memo (my shorthand):

1) Rotten hackers

2) Working furiously to restore

3) No refunds, we are a victim too!

We have posted about Chinese hackers and the World Bank before.  This was just a “shot” at the China World bank website.  Sorry, couldn’t resist.

As of writing, the webpage is still not repaired.

Chinese hackers?  Don’t know for sure but the screenshot was found on a Chinese hacker webpage.

On 24 December 08, Chinese hackers once again defaced the Yasukuni Shrine website.  Here is a little background from The Dark Visitor:

(Cyber Conflict of 2001)

August of 2001 would again see attacks on Japanese web sites in response to former Prime Minister Junichiro Koizumi’s visit to the controversial Yasukuni war memorial.  Chinese hackers struck first on 13 August, attacking the server for the Japan Meteorological Agency.   Following that, a large number of Japanese government web sites were attacked, such as “the Chemicals Evaluation and Research Institute, the the Defense Systems Research Committee, the Central Convention Service, Inc., the Fire and Disaster Management Agency, the Defense Facilities Administration Agency, the Communications Research Laboratory, and web sites for members of Parliament. The Honker Union of China issued the following statement:
Continue Reading »

This year, just as every year, Chinese hackers have been sending out Christmas cards to all their friends.  Remember, you’ll probably be getting one for New Year’s too:

Nguyen Minh Duc, the manager of Bach Khoa’s application security group, said that XmasStorm originated in China. Hackers have registered at least 75 domain names relating to the malware campaign’s holiday theme in the last month, including “superchristmasday.com” and “funnychristmasguide.com.” According to WHOIS searches, those domains were registered to a Chinese address on Dec. 1 and Dec. 19, respectively.

Internal hacking looks like it is having an impact on Chinese business/e-commerce and the government is considering legislation to both clarify the law and increase criminal penalties.

The article makes it very clear that China will retain jurisdiction over all of these cases and no citizen will be sent to a foreign country for trial.

BEIJING, Dec. 22 (Xinhua) — Computer hackers could meet tough penalties under a draft amendment of the criminal law being debated by China’s top legislature.

The draft amendment under review by the Standing Committee of the National People’s Congress (NPC) would impose steep fines and prison sentences of three-to-seven years, depending on the severity of the offense.

The existing criminal law only imposes penalties on hackers who break into government, military and scientific research institutes’ computer systems.

Introduction: Rambling thoughts

There is an old military expression that says, “Amateurs study strategy,  professionals study logistics.” Logistics is the ability to drive the train, to make sure that the troops have the capability to accomplish the strategy.  What are the logistics behind a Chinese hacker attack?

1) Computers

2) Personnel

3) Transportation (Access to the internet)

3) Knowledge

4) Malware (Trojans, Viruses….etc)

5) Programs (Scanners, Dictionary attack tools…etc)

6) Money

7) More?

There is also a formula for determining threat analysis:

1) Intent:  Without the intent to do harm, the threat assessment is considered minimal.  Friends and allies are considered extremely low-level threats even if they have the capability to cause great destruction.  Capability without intent lowers the risk factor considerably.

Clearly, Chinese hackers have demonstrated intent in the form of nationalism and monetary gain. CHECK

2) Capability:  Does an adversary have the means to carry out the threat?  While the enemy may wish to do you great harm, without capability it means little.

With a number of governments scrambling to secure and/or repair their information systems, there is little doubt Chinese hacker have the capability. CHECK

3) Motivation:  The determination to carry out and sustain the attack.

Motivation started in the form of nationalism but quickly turned to cash.  Either way, the motivation to continue and sustain attacks is still present and shows no sign of decreasing.  CHECK

So, what binds these rambling thoughts?  Money, money money!  Without the financing to support their logistics, operations come to a standstill.  Pull out logistics and you lose capability, leaving only intent.

Final random thought: A reporter once asked Willy Sutton, a bank robber, why he robbed banks?

“Because that’s where the money is”

-Willy Sutton, Bank Robber

And Now, back to your regularly scheduled program:

From Chinanews.com, the Wuxi court has found a gang of six Chinese hackers guilty of running phony websites designed to steal the passwords of online gamers.  In less than half a year, the crew had earned over one million yuan (USD 146,000).

In July of 2007, the defendant, Mr. Ma, learned of a method to hijack domain name servers in order steal account names and passwords from online gamers.  He then asked his co-conspirator, Mr. Peng, to write the hijacking program.

In August and September of last year, Mr Ma brought four other members into the gang and together they developed a scheme to get rich.  In order to carry out the crime, the group invested 22,000 yuan (USD 3,200) in a computer, server and room rental.

Peng’s program was used to capture the domain name servers in ten provinces and cities such as Jiangsu Province, Liaoning Province, Shanghai, Chongqing…etc.  After a user register for the website, they would automatically be redirected to the gang’s forged website.

The gang members were sentenced from 1-4 years for the crime.

iDefense 2009 Cyber Threats and Trends via Earthtimes:

Additionally, cyber warfare has become a reality in today’s political climate, and several regions are seeing a rise in politically and financially motivated activities. According to VeriSign iDefense, Russian hackers are the most effective group when it comes to cyber fraud, while Chinese hackers utilize amateur hacking groups for low-level espionage operations.

Very informative article from Cyber Crime Updates on Chinese InfoTech espionage:

BANGALORE: A few months ago, a major Bangalore-based infotech company lost out on a $8 million contract. The company was expecting a business delegation to visit India before signing the contract, but 15 days before the date set for the deal, the meeting was abruptly called off.

The same team went to China instead. When the Indian firm investigated the matter, it discovered a gaping hole in its security. The computers of several of its top executives had been compromised by Chinese hackers and privileged information leaked to a Chinese competitor, who walked away with the deal by quoting a lesser price.