Nov
01
2008
Thanks to Websense Security Labs for informing us about a new advance-fee scam targeting Chinese Skype users. Apparently, Chinese users get a message indicating that they have won a significant sum of money and prizes. They are directed to a phishing website where they fill out contact information for the prizes but nothing too suspicious. Finally, they are redirected to a bank transfer page where they will have to send in a fee of several hundred RMB to collect the prize. I wonder if the officials reading Tom Skype users’ messages are falling for this too.
Oct
02
2008
The WSJ – China Journal blog covered a recent report (pdf) by Nart Villeneuve of the Citizen lab that details some very interesting findings about PRC government monitoring of “Tom-Skype“, the Chinese localized version of Skype.
It probably isn’t suprising to anyone that Tom-Skype is being monitored. “Breaching Trust” details the process by which conversations with matching keywords are uploaded to a webserver. The suprising bit is that the server is pretty much accessible to anyone. From the report:
The full text chat messages of TOM-Skype users, along with Skype users who have
communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and
if present, the resulting data are uploaded and stored on servers in China.
These text messages, along with millions of records containing personal information, are
stored on insecure publicly-accessible web servers together with the encryption key required to
decrypt the data.
Update (2 Oct 08, 1617GMT): Some other news organizations have picked this up:
- International Herald Tribune
- CBC News Canada
- Wall Street Journal posts Skype’s response
Apr
12
2008
Stalin once said, “Quantity has a quality all its own.” I’m often reminded of this when it comes to Chinese hackers and their exploits.
One of the complaints I often hear, if you want to call it a complaint, is that Chinese hacker attacks aren’t very high-tech. Ever see the movie The Sting with Paul Newman and Robert Redford? One of my favorites. The difference between their method (what you might consider a high-tech grift) for getting cash and being mugged at gunpoint (low-tech) is obviously worlds apart. However, I would argue that both are equally effective. Do you spend an enormous amount of time putting together an elaborate ruse or simply hit someone over the head? Chinese hackers, who must have taken mass marketing, chose the latter.
Enough people, attempts, and e-mails and you don’t need a tech-guru-wizard to get you through the door, people will just let you in. Pretty sure Joe wasn’t thinking about this type of quantity when he made his speach but my guess is that he would approve.
So what is all this incoherent rambling about?
Bunch of e-mails, Skype, phishing site, steal your data…blah, blah, blah. Sorry, too early on a Saturday and I have to cut the lawn, so I’m grumpy.
Over the past few weeks, Chinese hackers targeted Google Adwords account holders, sending out scam emails designed to look like messages directly from Google. The messages aimed to catch business people unawares and trick them into giving up their account information.
Today, the scam switched focus to Skype…
Continue reading…
