SecureWorks brings us a question and answer secession conducted with Chinese hackers at a conference sponsored by Yesky in Beijing.  The title of the conference was “Chinese Hackers Talk Hacking.”

In interviews given at the conference and online, we get some insight into the Chinese hacking subculture and how it is growing at such a rapid pace. Translated below are some interesting responses that seemed to reflect the attitude of the populace:

Q: Under what circumstances will you perform a hack?

A: If it is a matter that affects us internationally, then we will gather members to perform the attack. Most of the time, we attack through the web site.

Cont…

1) 溯雪 (Snow Trace) – Password decoder
2) 乱刀 (Chaotic Knife) – Password analyzer for UNIX
3) 天网 (Sky Net) – Firewall approved by Ministry of Public Security
4) 冰河 (Glacier) – Trojan developed by Huang Xin
5) 小分析家 (Little Analyst) – Monitoring software sniffer similar to NetXray
6) 快速搜索 (Fast Search) – Port scanner with multiple thread search

Yes, I know hosted in China does not mean Chinese hackers…fine.

RSA mentions that the “gang” is known but checking the links did not indicate if they were Chinese or from another source. Left them a comment on the site requesting more info…so, I leave you with this until informed otherwise.

We know that Chinese hackers specialize in writing trojans for the purpose of stealing virtual property from games abroad…how about now?  With the massive market starting to take off…trouble, trouble, trouble.

I’ve come across several incidents of blackmail against Chinese online game companies, it will only get worse.

2009 prediction #1

Not to mention, China’s E-commerce rose over 20% in 2008.

Oh, the title…”that’s where the money is.” New theme around here.

A Pakistani wrote the original e-mail requesting assistance from his Chinese friend, claiming that his group, which has 42,000 members, was under constant assault from Indian hackers.  His Chinese friend then reposted their correspondence with a list of reasons why Chinese hackers should come to their aid.  The posting hit a cord with the Chinese and it has gone viral.

This looks very similar to the warning signs we saw during the run up to the CNN attack.  However, we have not found specific targets or groups organizing/planning attacks.

(The following post is very long but should give you an idea why the letter has appealed to the Chinese sense of nationalism and calls for assistance.)

Our Pakistani brothers hope that the Chinese Red Hacker Alliance will reach out their hand in mutual assistance

I am a normal Chinese citizen and due to a lucky coincidence, have become acquainted with several Pakistani friends. After knowing them for a short period of time, I have come to the profound understanding that even though the Chinese and Pakistani people have different religions, there is an ingrained friendship.

Perhaps you are all aware that China and Pakistan established diplomatic relations more than half a century ago and the relationship has always been one of intimate friends and brothers. Even during the crisis of ’89, Pakistan was the only country in the world to stand by China (North Korea and Cuba abstained from voting on UN sanctions against China).

During the time when India occupied our Tibetan territory and supported separatist activities, Pakistan and China signed a border agreement. You need to know that every inch of the Pakistani controlled section of Kashmir land that was turned over to China, required the Islamic fighter’s blood to snatch it back from India. Furthermore it is the only country in the entire world that has a children’s elementary textbook which has expressly written, “China is our staunch ally.”

During the earthquake on May 12th, I was in the disaster stricken area and saw the homeless suffering in the torrential rains. The Pakistani strategic reserve continuously brought streams of tents to the disaster stricken area, even though they are not wealthy. (fuzzy here) When we wanted to pay for these materials, Pakistani officials declined saying, “During this time when our Chinese brethren need help, we would charge them?!” Similarly during the earthquake, a group of South Koreans on Youtube were taking delight at our misfortune and insulting the Chinese people. It was our Pakistani internet friend who rose up in mass against it. While there have been changes in the government due to Pakistan’s turbulent political situation, their friendship with China has not been altered. Moreover, they have done their utmost to fight terrorism (they have allowed China’s military forces to cross the border for counter-terrorism operations…in addition, Pakistan beheaded the East Turkestan Liberation Organization bandit Hasan Mahsum.)

I remembered in ’06, participating in the reception for Pakistani premier’s visit to Chengdu and after planting a Sino-Pakistani friendship tree, he said sentence, “Deeper than the oceans higher than the mountains.” Even now, this was unforgettable. Our Pakistani brothers don’t merely talk, they do what they say. For independently researching and developing the nuclear weapon after the mid-90s, they were isolated and sanctioned by the United States. However, Pakistan’s rival India also developed the nuclear weapon but was tolerated by the United States.

After 9/11, even though tensions between the US and Pakistan eased, the US requested that Pakistan end its alliance with China. Just like India, the US wanted Pakistan to become a bridgehead for containing China. However, the Pakistani president at that time, Musharraf, declined and conversely increased military cooperation with China. We jointly developed the FC-1 fighter with Pakistan, and when the “Fierce Dragon” flags of China and Pakistan were unfurled during the Pakistani troop review, it clearly gave the US an explicit answer of –NO! We have also received a lot of Western technology through Pakistan and Pakistan has no reservations about this at all. Our pilots can fly their F-16s at anytime. Isn’t this enough?

======The following is the important content========

Today, I came here to put up this post but not merely to tell you that Pakistan is our ally but because Pakistan has recently become stuck in a predicament. India, after the last terrorist abduction incident, even though its own response was detrimental blamed it on Pakistan. Not only are they massing troops on the border, they are using network attacks on Pakistan’s large-scale websites in order to provoke an incident. Below is an e-mail sent to me by a Pakistani friend:

(Text is in English)
Re: Special regards in this special day 2008/12/29
bro i need ur help infact i need china’s help…. at ORKUT(social networking site) indians hack our community ISLAMIC REPUBLIC OF PAKISTAN “IRP” this community has 42,000 members and now hindus pentrate and start abusing…plz do somthing plzzzzzzzzzzzzzzzzzzzzzz am waiting for ur help and reply..

(Text in Chinese)
======The meaning is that their social network has been attacked and hope that I/we can help them counter-attack====

The following is my reply mail:

(Text in English)
Re： Re: Special regards in this special day 2008/12/31
hi bro!
Happy New Year!
I know now Pakistan is facing difficulties. I assure you that we will at any time in the same boat. If the Indians need a war, we will give it,but the losers must be Indians.

Now we are on the Indian provocation,OK,PLZ wait a while. Needn’t a long time, Indians will know how stupid they are.
If the allies are in deep distress, we will use force to defend the dignity of the allies, Plz believe it.58 years ago, China had been established for ONE year. When the U.S. invasion of North Korea, we are duty-bound to send the army. To friends, we are never afraid of the enemy, no matter how powerful.
If China declare war to India, I will join the army, I am willing to fighting for brother.

BTW, I’m not a hacker, so sorry.

(Text in Chinese)
===Speaking truthfully, my letter is very half-hearted because there is little I can do to help them. Hacker attack and defense is all Greek to me. All I can do is console them but I always remember that they view us as very trustworthy people. However, when we do nothing, how can I tolerate that I am personally such a coward. Be aware that on the first day of the new year, replied to my e-mail. Below is the reply from my Pakistani friend:

(Text in English)
hi bro..
happy new year i’ve read in my books chinese people celebrate this event for 15days..hmmm long celebrations thanks a lot bro…we believe u and in case of any war i will fight along wid u brother in arms…hehe brother plz i know chinese hackers are best in the world as they r best in KUNG-FU i need help plz do somthing for me..

(Text in Chinese)
In their eyes, Chinese friends are very loyal and powerful but I have no way to help them at all. So I put up this post today hoping that all friends will help our Pakistani brothers (fuzzy) Okay? I can’t do anything but I can help everyone understand the situation. In Pakistan, people believe that all Chinese are good at Kung-Fu. I told them that everyone is good at Kung-Fu, that the justice in everyone’s heart is the power, if you are righteous, you have Kung-Fu. If you are an able knight, please help out our true friends, I know you all can!

benbenyw

Xin Net, the world’s largest registrar of Chinese domain names, suffered an 8-hour attack yesterday that lasted from 4:00pm until 12:00am.

During that time period, 30% of the names registered through Xin Net could not be accessed normally.

The company put out an official reply expressing regret to all of its customers in a three-part memo (my shorthand):

1) Rotten hackers

2) Working furiously to restore

3) No refunds, we are a victim too!

We have posted about Chinese hackers and the World Bank before.  This was just a “shot” at the China World bank website.  Sorry, couldn’t resist.

As of writing, the webpage is still not repaired.

Chinese hackers?  Don’t know for sure but the screenshot was found on a Chinese hacker webpage.

On 24 December 08, Chinese hackers once again defaced the Yasukuni Shrine website.  Here is a little background from The Dark Visitor:

(Cyber Conflict of 2001)

August of 2001 would again see attacks on Japanese web sites in response to former Prime Minister Junichiro Koizumi’s visit to the controversial Yasukuni war memorial.  Chinese hackers struck first on 13 August, attacking the server for the Japan Meteorological Agency.   Following that, a large number of Japanese government web sites were attacked, such as “the Chemicals Evaluation and Research Institute, the the Defense Systems Research Committee, the Central Convention Service, Inc., the Fire and Disaster Management Agency, the Defense Facilities Administration Agency, the Communications Research Laboratory, and web sites for members of Parliament. The Honker Union of China issued the following statement:

“Prime Minister Koizumi, in defiance of the protests across Asia and of those seeking peace within Japan, made a public visit to the Yasukuni Shrine, a shrine which symbolizes Japanese militarism.  This error by a Japanese leader has been gravely hurtful to the peoples of Asia especially to the feelings of the people of China, who were harmed most deeply.  Together with the issue of the textbooks, this stain is embodied by how the Japanese authorities treat this error without the slightest sense of repentance.  Immediately upon learning of this the Honkers convened a portion of its members to a meeting to discuss a strategy in response to this sudden incident.  The final decision, taken prior to our country having expressed its protest to Japan, was to use our skills to express the solemn and just protest of this youthful Internet generation against the new Japanese government, and its strong dissatisfaction with the leaders of Japan.  The Honker Union, in this emergency action, has replaced the main pages of the following government web sites in Japan. This is in no way inconsistent with our efforts to promote the Honker spirit.  The Honker Union expresses its regret that this matter has occurred, and takes responsibility for the attacks on the web sites listed below.  History should not be ignored.  How can the truth be changed? We win respect by counterattacking.  We are in the right!”

Nguyen Minh Duc, the manager of Bach Khoa’s application security group, said that XmasStorm originated in China. Hackers have registered at least 75 domain names relating to the malware campaign’s holiday theme in the last month, including “superchristmasday.com” and “funnychristmasguide.com.” According to WHOIS searches, those domains were registered to a Chinese address on Dec. 1 and Dec. 19, respectively.

The article makes it very clear that China will retain jurisdiction over all of these cases and no citizen will be sent to a foreign country for trial.

BEIJING, Dec. 22 (Xinhua) — Computer hackers could meet tough penalties under a draft amendment of the criminal law being debated by China’s top legislature.

The draft amendment under review by the Standing Committee of the National People’s Congress (NPC) would impose steep fines and prison sentences of three-to-seven years, depending on the severity of the offense.

The existing criminal law only imposes penalties on hackers who break into government, military and scientific research institutes’ computer systems.