Ever played Sudoku? There was a time when I couldn’t get away from the game.  Maybe it is my obsessive-complusive personality but finding out who hacked what is getting to be a lot like that.

Fair warning, this Chinese hacker hunt isn’t very satisfactory, no picture of the guy at the end of the trail.  Still, I did it, so you will have to suffer the disappointment with me.

Went back to an old favorite of mine, zoneh.cn and started looking at the hacked websites.  I don’t bother with  internal Chinese hacks but the ones outside of China just annoy me.

Coming in at number 6 in the standings of Top 20 Users is Webshell with 689:

One of the websites outside of China, listed under Webshell’s credits is http://www.photozone.co.kr: (Korean)

Here is the mirror of Webshell’s hack:

Translation: Whoosh, an amateur passed by. I am just a very young amateur.

The next website was http://www.casepower.com.tw: (Taiwanese)

 and Webshell’s hack…

    So what has Webshell given us to go on?  His e-mail address of course.  If Chinese hackers use e-mail addresses to recon their potential victims, I figure we can use them to find out about these guys.  Spare you the details of popping through a bunch of websites but finally it led to his blog at http://www.webshell.cn/.

     Unfortunately, the only two pieces of information from the site of any use are that he was born on 27 April 1990 (yeah, a young one) and that he comes from Guangzhou City, Guangdong. While not useful, he also has a storefront on Taobao.com titled 0-day work room under http://shop35213037.taobao.com:

    But, you roll through enough websites and you hit some interesting tid-bits.  Under an ICANN thread on registry failure he made the following post http://blog.icann.org/?p=134:

     Tried to find listings under the name Lidongwei (wasn’t sure if this was a play on the name Li Deng Hui) but no  luck. However, a little more running around and I did bump into another one of his hacks on a Chinese website:

    The hack is on a Chinese site that advertises bathroom fixtures.  Webshell tells the site admin, much like our friend Tom, that he has fixed the loopholes and is welcome to join his website security group.  Once again, this is for a bathroom fixture site admin.