The Dark Visitor

Meet Demon Group, an organization that specializes in providing much needed hacking services…their fellow citizens would like to see them dead or jailed…in no particular order or combination.

The screen capture above had to be taken from a Google cache because Demon Group’s website (www.ddosx.cn) seems to have vanished from the interwebs. I have some theories on why it disappeared, which I will share later.

First noticed the group when I found one of their advertisements on Baidu Postings (Large Chinese BBS):

The group claims to provide various types of DDoS attack services on internet cafes, websites, private servers, servers…etc. They sell attack software packages and rent out specialized tools to gather up infected computers (Guaranteed to gather up no fewer than 600-900 in a single day). The contact number provided is QQ:81991.

Demon Group Spams

Demon group, you spam your services…you spam them a lot! You spam them too much! Now you have ticked off a guy named Good Good, he would like to see you go to jail, he has reported you to the INTERNET POLICE!

Continue Reading »

Yeah, sorry about the title…

This story comes via the news.china.com and is an inteview with a Chinese hacker named Hu.  The good news is that it is one of the most candid interviews I have ever read. The bad news is that it is very long and has a lot of technical language that I constantly struggle with.  So, it will be at least a three-part post (if not more) and will be heavily edited in some places. I also may call on one or two of you to lend a hand in coming up with the exact technical jargon. Our hacker Hu gives a very detailed look inside the economy of the underground world of Chinese hackers.

The article begins with a story about a Miss Liu, who returns home, turns on her computer and as she is skimming through webpages, a Word document suddenly opens.  At the top of the document, it begins to automatically write, “I have seen your picture, you are certainly very pretty!”

Due to her job at a large website portal, she immediately realizes this as a Trojan sequence and shuts off the power to the computer. (Miss Liu) “I didn’t expect that my computer could be hit by the Gray Pigeon (Trojan) and turned into a meat chicken (肉鸡). If I hadn’t turned off the computer, the hacker would still be controlling my computer and would also be able to send out data packets giving away all my computers secrets.

The term Rouji (肉鸡), Meat Chicken, I believe is slang for a compromised/infected computer. (a little help!)

It is reported that Gray Pigeon is one of the most virulent viruses in the last several years. The 2007 China Computer Virus Epidemic Network Security Report classified it as the 3rd largest virus.  After infection, the computer can be completely controlled through long-distance attack. The hacker can easily copy, delete or download documents on the computer. Through long-distance attack (the hacker) can also record every keystroke, the users QQ number and online game user information. Furthermore, after infection, the computer that the hacker has invaded is called meat chicken.

In fact, in China, there are several million users just like Miss Liu who are unaware that they are contributing to the strength of this network underground industrial chain.  According to statistics from the Kingsoft Global Anti-Virus Monitoring Center, in 2007, the nation (China) had over 50 million infected computers; an 18.15 percent increase over the same time last year with 90.56 percent of internet users suffering a virus attack. Among those, over 5 million of the infected computers were in Guangdong.

End Part I…tomorrow we will actually get into the interview with hacker Hu.

WTOPnews.com is reporting that Chinese hackers have forced the Pennsylvania government’s website to shut down.

Hackers broke into the pages of the departments of Labor and Industry, Education, and Military and Veterans Affairs, as well as the Pennsylvania Lottery, said Mia DeVane said, a spokeswoman for the Office of Administration.

Political or monetary motivation?  Or, just a wonderful combination? Penssylvania’s government is going off the air, read their parting words.

Over at Honeyblog.org, Thorsten Holz has a great post detailing the underground economy of the Chinese web. It explains the different “professions” and how they interact with each other to produce income. I feel this is an extremely important part of the Chinese hacker network (even though the article isn’t confined to that) and is at least a partial explanation of how it fuels itself. The Underground Economy of the Chinese Web.

Hat-tip again to Jumper!

Jeff Atwood, at Coding Horror, has an excellent post on CAPTCHA tech and how it is implemented. He includes a section on a Chinese hacker who has posted a price list based on the probability of breaking different encoding. Well worth the read here.