Video Tracks Chinese Hacker In Action

glutto

Limp Gawd
Joined
Apr 8, 2003
Messages
396
China will deny it.
The US will say there is no threat.
And round and round we go.
 

stiltner

[H]F Junkie
Joined
Mar 16, 2000
Messages
10,669
All that he just did.

And people are worried about their antivirus software.

We are behind this curve by easily 2-3 years. We need
a lot of catching up to get anywhere near where we need to
be to defend against this.

All those tools were nothing special, but boom, done
 

NeoNemesis

2[H]4U
Joined
Mar 10, 2004
Messages
2,464
Now I undertand why movie hacking always features colorful, flying, rotating objects, etc. real hacking is boring as shit to watch.
 

colinstu

2[H]4U
Joined
Oct 11, 2007
Messages
3,563
out of date operating systems and some script kiddies' garbage hacking tools.

Nothing special.
 

colinstu

2[H]4U
Joined
Oct 11, 2007
Messages
3,563
Doesn't have to be special if it's effective.

Didn't say if wasn't effective.

I have no remorse for people and companies who use tragically out of date software that is connected to the internet and expect to NOT be fucked with.
 

Hedonist

Limp Gawd
Joined
Feb 13, 2013
Messages
145
Didn't say if wasn't effective.

I have no remorse for people and companies who use tragically out of date software that is connected to the internet and expect to NOT be fucked with.

Oh, definitely. But the general populace is pretty naive when it comes to PC security regardless of using antiquated software.

So it's kind of damned if you do, damned if you don't update constantly. (Java/Flash zero days come to mind)
 

Ducman69

[H]F Junkie
Joined
Jul 12, 2007
Messages
10,542
out of date operating systems and some script kiddies' garbage hacking tools.

Nothing special.
Multiplied by a team of probably sixty guys working around the clock with impunity and government protection... yeah, that's a problem.

The Great Wall was just a bunch of bricks laid on top of each other, but the Chinese are masters of persistence and quantity or cheap labor.
 

Ducman69

[H]F Junkie
Joined
Jul 12, 2007
Messages
10,542
I have no remorse for people and companies who use tragically out of date software that is connected to the internet and expect to NOT be fucked with.
I'm sorry, but I find this such a dumb attitude. This is akin to saying that fat people deserve to be beat up. I mean, how can you walk around all weak and NOT expect to get a punch in the face and your underwear pulled over your head? You deserve it, hit the gym fatass! :rolleyes:
 

MoFoQ

Gawd
Joined
Sep 18, 2002
Messages
847
note to self...add 58.247.0.0/16 to iptables drop list.

oh china unicom.
 

pelo

2[H]4U
Joined
Apr 23, 2011
Messages
2,911
Big enterprise should really get accustomed to using a private LAN infrastructure and keep anything WAN to a bare minimum. From the video, it seems that whatever trojans were downloaded on the users' PCs were via email + (spear)phishing.

I'm not a hacker, but that really doesn't look all that complicated. It seems like the penetration point is always email, and it seems like it's an assumption that they're internal emails from within the company. Why not then have dedicated WAN PCs that can't interact at all with the local network? Give a few people some net access. Set up a few WAN stations with internet access that can be utilized by employees but yank the USB.

Like someone said, it's clearly effective, but it doesn't seem all too complicated either. It just goes to show that the weakest point when it comes to security are the user themselves.
 

TorxT3D

Gawd
Joined
Apr 30, 2006
Messages
649
while i do believe having an antivirus is a good thing..

it also makes people lazy in understanding how their system can be compromised.
people rely too much on it to "safe guard" them from everything.. then they wonder why they have malware and intrusion software hidden installs..
 

colinstu

2[H]4U
Joined
Oct 11, 2007
Messages
3,563
I'm sorry, but I find this such a dumb attitude. This is akin to saying that fat people deserve to be beat up. I mean, how can you walk around all weak and NOT expect to get a punch in the face and your underwear pulled over your head? You deserve it, hit the gym fatass! :rolleyes:

What's the right attitude? "Oooh such a pooooor baby. Here let me try to catch those terrible chinese people for you and maybe make some legislation so an already illegal activity is extra illegal." ?? I don't get it. This is far from the "fat people deserve it" analogy. Bad people will do bad things regardless. But innocent people can take steps to prevent it.

Since when was having up-to-date systems not a good thing? Sure when internal software is broken by updates but that's why things are tried on test beds first. If there isn't a work around, then try one's best to prevent an attack from getting through. And if an attack does get through, make it hard for anything to be stolen or seen.
 

RedSh1rt

Limp Gawd
Joined
Jul 27, 2012
Messages
132
It's naive to think China's government aren't using cyber espionage. However, before everyone goes all "OMG China is evil!" on us - it's also extremely naive to think that the west don't do it too.

CNN, BBC News etc. aren't going to report on us hacking other countries are they? Does the Chinese news/press report on their government hacking the west?! I doubt it.

Obviously I don't know for certain, but I really do think we're every bit as bad as everyone else. And if we aren't then we're in trouble if some kind of conflict ever does occur. It's the nature of the beast.
 

Draktharbar

Weaksauce
Joined
Feb 14, 2008
Messages
114
Big enterprise should really get accustomed to using a private LAN infrastructure and keep anything WAN to a bare minimum. From the video, it seems that whatever trojans were downloaded on the users' PCs were via email + (spear)phishing.

I'm not a hacker, but that really doesn't look all that complicated. It seems like the penetration point is always email, and it seems like it's an assumption that they're internal emails from within the company. Why not then have dedicated WAN PCs that can't interact at all with the local network? Give a few people some net access. Set up a few WAN stations with internet access that can be utilized by employees but yank the USB.

Like someone said, it's clearly effective, but it doesn't seem all too complicated either. It just goes to show that the weakest point when it comes to security are the user themselves.

You're confusing two things here. You can pull WAN access from people's computers, but email gets managed at the server level and still goes out to the internet. And it's a little difficult for most companies to block all external email for people when nearly every business has to use email to contact customers.
 

Xee

[H]ard|Gawd
Joined
Nov 18, 2004
Messages
2,020
It's naive to think China's government aren't using cyber espionage. However, before everyone goes all "OMG China is evil!" on us - it's also extremely naive to think that the west don't do it too.

Case in point, this video was probably obtained by exploiting the same weaknesses the hackers were exploiting themselves.
 

pelo

2[H]4U
Joined
Apr 23, 2011
Messages
2,911
You're confusing two things here. You can pull WAN access from people's computers, but email gets managed at the server level and still goes out to the internet.

I know, but I'm just stating that that's unnecessary, particularly for what look like internal company emails rather than external ones (given the titles to some of the emails, that's what they should have been)

And it's a little difficult for most companies to block all external email for people when nearly every business has to use email to contact customers.

That's definitely true, but there are countless PCs which don't need internet access that are still hooked up to the net; in particular the PCs with confidential files.

What's wrong with a messaging system for employees that's LAN only? They'd clearly need emails connected to the web, but it would certainly add another layer of (apparently much needed) security. It wouldn't purge them of their issues, but given that phishing is the most popular tactic you'd have to figure that they should at least try to approach it differently.
 

Methadras

Supreme [H]ardness
Joined
Dec 19, 2000
Messages
6,132
Funny to see the chinese hacker being vnc'ed while he tried to unsuccessfully hack, while not realizing he's been hacked himself.
 

BladeVenom

Supreme [H]ardness
Joined
Jun 29, 2005
Messages
7,707
You don't watch the news much do you? And no, Fox "News" doesn't count.

Maybe you should watch Fox, and think for yourself for once, instead of being a sheep and bashing Fox like the liberal propaganda tells you to. Fox is better than ABC, CBS, NBC, or CNN.
 

pelo

2[H]4U
Joined
Apr 23, 2011
Messages
2,911
Maybe you should watch Fox, and think for yourself for once...

image.jpg
 

spamhunter

Limp Gawd
Joined
Feb 16, 2013
Messages
211
Maybe you should watch Fox, and think for yourself for once, instead of being a sheep and bashing Fox like the liberal propaganda tells you to. Fox is better than ABC, CBS, NBC, or CNN.

You forgot MSNBC, the worst of the lot.
 

Winwolf

Limp Gawd
Joined
Nov 2, 2010
Messages
328
This guy is a glorified scriptkiddy and he is spearfishing. How to catch up to this guy? Stop opening attachments and random fucking pdf files. I assure you 99% of the "hacks" being preformed by the Chinese are no different than this. The real problem is the computer illiterate people in society seeking employment in sensitive positions. These are the sorts of things kids should be learning in school these days and sadly arent.
 

Mini-Me

Gawd
Joined
Oct 23, 2004
Messages
567
It's naive to think China's government aren't using cyber espionage. However, before everyone goes all "OMG China is evil!" on us - it's also extremely naive to think that the west don't do it too.

CNN, BBC News etc. aren't going to report on us hacking other countries are they? Does the Chinese news/press report on their government hacking the west?! I doubt it.

Obviously I don't know for certain, but I really do think we're every bit as bad as everyone else. And if we aren't then we're in trouble if some kind of conflict ever does occur. It's the nature of the beast.

Indeed, it would be silly to think the US government is somehow more ethical in this regard. I'm usually highly critical and suspicious of the US government and everything it does, but...in this case, I do hope the talents who wrote Stuxnet are keeping good enough tabs on China instead of wasting too much time obsessing over Iran.

What I wonder about is China's angle here: I suppose they could be doing it for general intelligence or merely as a show of strength of sorts, but there's probably more to it. They could really wreak havoc on US daily life (in the event of war) by hacking into the right poorly secured banks, power companies, ISP's, hospitals, etc. but they'd only have an incentive to pull out the stops in the event of war, and it wouldn't benefit them to start one spontaneously in the current geopolitical climate. It makes me wonder if they're worried about the dollar hyperinflating before they transfer their wealth, or if they're worried about the US going to war to protect the petrodollar or avoid paying its foreign debt.

In the meantime, perhaps the Chinese government is selling US corporate secrets to Chinese companies? This would be reminiscent of the reasons for ECHELON's disclosure: IIRC, we only know about ECHELON because of the French (I think) government getting angry about another government (the US I think?) selling French corporate secrets to domestic companies. (The US continued to publicly deny ECHELON's existence for years after that even.)

Regardless, I wouldn't be too quick to dismiss "Chinese military script kiddies." These guys seem knowledgeable enough about how their tools work, and at least some of them are probably capable of writing tools themselves...it just isn't always the most efficient strategy when an entire toolbox is already at their disposal. It's nice to know they aren't good enough to avoid intrusion themselves though. ;)
 

wtiger

[H]ard|Gawd
Joined
Jun 21, 2004
Messages
1,600
Maybe you should watch Fox, and think for yourself for once, instead of being a sheep and bashing Fox like the liberal propaganda tells you to. Fox is better than ABC, CBS, NBC, or CNN.

They can all be pretty biased in some ways. FOX is just the most obvious about it.
 

Red Squirrel

[H]F Junkie
Joined
Nov 29, 2009
Messages
9,211
Kind of neat, but I would expect them to not use windows, but some highly customized version of Linux or something.
 
Top