Tag Archive 'Withered Rose'

Apr 09 2009

Withered Rose…law done come and got him


I’m originally from down south and a local expression suddenly came back to me tonight.  We had this crazy guy named George, lived a couple of houses down the road, always doing really strange things.  I remember my uncle stopped by the house one day and said, “You know Ole George…law done come and got him.”  Not a word, just nods.  We all figured it was just a matter of time.

We’ve reported on Withered Rose here and hereTime Magazine has more on him here.

Well, for some reason, Withered Rose decided to start DDoS attacks on his fellow Chinese hackers at Hackbase, HackerXFiles and 3800hk.  Speculation points toward website blackmail, which Rose and his gang have been notorious for in the past.  Needless to say, the victims didn’t take very kindly to this sort of hacker-on-hacker violence.

What is kind of surprising, is that the hacker organizations he decided to attack turned over all of their evidence to the Public Security Department.  According to the report from Hackbase, Withered Rose’s website has been shut down by authorities and he faces 7 1/2 years in jail…

withered rose shut down

Withered Rose’s website closed

Yep, law done come and got him.

9 responses so far

Jul 13 2008

Chinese hacker Withered Rose returns

UPDATE: Dominic reminds me that some people might not be as Chinese hacker obsessed as myself and suggests I give some links as to why Withered Rose is important.  Whoops on my part! For some background on rose, read here and here.

As mentioned yesterday and updated today, Withered Rose (Tan Dailin) is back to his old haunts; both mghacker.com and ncph.net websites are up and running again. Just a couple of observations:

1) Rose has done some scrubbing of his personal blog mghacker.com. Had to go to the wayback machine to make sure but you can tell a number of posts have been deleted for some reason by comparing the wayback machine to what is listed on the current blog’s archive. Rose has wiped out everything prior to March of 2007 and selectively edited the months still showing.

2) Not sure why but at least four of the new post on ncph.net are old posts from the mghacker.com blog:


Mghacker 再现社会工程学 (29 Mar 2007)
Ncph 再现社会工程学 (31 May 2008)


Mghacker 3389密码的嗅探 (29 Mar 2007)

Ncph 3389密码的嗅探 (11 May 2008)


Mghacker Rainbow Table 分析 (10 Apr 2007)

Ncph Rainbow Table 分析 (11 May 2008)


Mghacker 获取cuteftp中的ssh密码 (16 May 2007)

Ncph 获取cuteftp中的ssh密码 (11 May 2008)

3) Whois data shows that NCPH.net administrative contact as:

Administrative Contact:
ncph studio
ncph studio ()
si chuan li gong xue yuan
zigong, Sichuan, cn 643000
P: +86.13154663992 F: +86.13154663992

Sichuan Ligong Xueyuan is the Sichuan University of Science and Engineering. Rose founded NCPH while a student at the university. A Chinese hacker going by the name of Rodag, who was also a member of NCPH lists the university as a contact on his blog.

The contact number 86.13154663992, was noted by Jumper in an IRC log:

# jumperon 08 Dec 2007 at 11:04 pm edit this

In the second picture of Rose, he is using a tool called Metasploit on his computer. http://www.metasploit.com.

IDefense has a lot of stuff on NCPH and Rose. There are a couple of archived webcast videos about them on idefense’ website. I did a bunch of searching and found this funny tidbit:

21:41 gila poyo
21:41 you computer is hack by chinese’s hack infall, shit!
21:41 from http://www.chinahonker.com my name is tan dailin
21:41 contact us with QQ 5372453 or
21:41 tel:86+0+13154663992
21:41 my blog :www.mghacker.com or http://www.ncph.net
21:41 ~~~~~~~~~~~~~~~~~~~~~~~~~shit! you are a pig !
21:41 i found this in some machine
21:41 haha

It is from an archived IRC log. There isn’t any more context to go off of so I’m not sure who is who in this. Gila poyo is malay but I don’t know what it means.

My guess is the at the two of them are old college buddies.

4) What does this random sampling of information mean? Not much. Just wanted people to be aware that Mr. Rose is back in business and on the internet.

4 responses so far

Jul 12 2008

Withered Rose, NCPH.net active again?

UPDATE 13 JULY 08: Still doing some research but at this point it is kind of a moot question… CHINESE HACKER WITHERED ROSE HAS RETURNED! Why I don’t do things the simple way is one of those questions that may never be answered. Did you check his blog site? Yep, Withered Rose reopened it on 2 July 08. The only explanation given for the long absence was that he was busy but his new job allows him time to blog. More later.

Jumper and I are in the process of looking through the posts at NCPH.net (it became active again on 14 April 08), a site previously run by Withered Rose, to determine if it is indeed the same organization. The site went down after it received a bit of notoriety from a Time’s article titled Enemies at The Firewall.

There are at least two articles that detail hacks of Taiwanese websites but it is uncertain if it is still run by Rose.

Hopefully, more to follow.

One response so far

Feb 26 2008

Chinese hackers…a dozen roses


This film came out on 19 June 2006, so it is a little old but has one, two or
three interesting things:

Title: Hacker Apocalypse

Running time: 67 minutes

Written by: Li Feng  (Who also wrote Hero)

Backed by: The famous Beijing amatuer film organization BAERXIU Movie Club

Plot:  Tieke, the proprietor of a computer company, is also the brains behind a secret hacker organization.  He accepts a large sum of money from an unnamed organization  to make preparations for a large-scale invasion campaign on the Japanese network using a virus he created called “The broken-hearted rose.”

The movie was not well received by some hackers and DVD fans…they hacked the movie’s website twice.

There was a TV show in 2002 on CCTV6 called the Rose hacker.

There is also a real Chinese Rose virus/trojan (rose.exe).  Jingtian talks a little about on the Kaspersky forum here.

Of course the most famous Chinese hacker Rose, the Withered.

Why all this? Not sure, but started to see a lot of refs in Chinese to 
rose hacker/virus this or that and now you have too.

Comments Off

Dec 08 2007

A Rose by Any Other Name…Sometimes, Not So Sweet!

Who is this guy?



        He is the “Withered Rose”. Just as mentioned in Time’s article, his website is undergoing renovation and my guess is that it will be doing so for a good long time. However, his blog is up and doing well. The new site is at mghacker.com and has been running since March of 2007. The mg probably stands for Mei Gui (玫瑰), the Pinyin for Rose in Chinese. Won’t go into too much detail about all the stuff on his blog since the most important stuff has been covered but it does contain some note worthy stuff.

        My guess is the Time’s reporter had some sort of agreement with Rose and his buddies not to take their photos for the article…me, no such agreement:


Withered Rose

More pictures of the happy hacker crew here and here.


        Never understand why Chinese hackers refuse to put a picture in their “About” page but then plaster them all over their website…who knows.

Blog name: Withered Rose’s Blog

Website Admin’s nickname: Withered Rose

Age: 23

Sex: Male

Blood type: (What the hell?) Either way, Withered Rose ain’t tellin’.

Your sign: Not giving this up either

Address: Chengdu

Personal Quote: “The pursuit of hacker technology is my life.”

Hobbies: Computers/Networks/Traveling/Hot Chicks (Yeah…)

Continue Reading »

30 responses so far

Dec 08 2007

Will the FBI Arrest Me?

Best article of the year! Time reporters Simon Elegant and Lin Yang’s interview with Withered Rose, the Chinese hacker accused of breaking into the Pentagon.

Suggest that they might hack for cash, and the NCPH crew is outraged. ‘The real hackers are not doing it for a name or money,’ says Fisherman, who sports a small diamond-stud earring. ‘The real hackers keep their heads down, finding network loopholes, write killer programs and live off social security.’

Classic…go read!

Comments Off