Search the Community
Showing results for tags 'chinese'.
-
The United States expressed concern Friday over reports China has used a powerful censorship tool dubbed “Great Cannon” to attack websites around the world. Researchers reported in April that the “Great Cannon” is an online attack system used to hijack web traffic and enforce the country’s broad censorship of information online. The system was used to shut down websites aimed at helping Chinese bypass the country’s extensive online restrictions known as the “Great Firewall,” experts said. “We are concerned by reports that China has used a new cyber capability to interfere with the ability of worldwide internet users to access content hosted outside of China,” State Department spokesman Jeff Rathke said following a question about the program. Rathke said the cyber attack manipulated Chinese web traffic and “and turned it into malicious traffic directed at US sites.” “We have asked Chinese authorities to investigate this activity and provide us with the results of their investigation,” he said. Experts at the University of Toronto reported on the Great Cannon last month, noting denial of service attacks carried out by the system. The report supported claims by an activist organization which said China was seeking to shut down its online service that offer ways to access content from blocked websites. Great Cannon gives China cyberattack capabilities similar to the US National Security Agency’s Quantum program, revealed in documents leaked by former NSA contractor Edward Snowden, experts said. sursa: US 'Concerned' Over Reported Chinese Global Censorship Tool
-
As a Chinese living outside of China, I frequently visit Chinese websites, many of which use advertising and visitor tracking provided by Baidu, the largest search engine available in China. As I was browsing one of the most popular Chinese infosec community in China, zone.wooyun.org, at around 12:00pm GMT+8, my browser suddenly started to pop up JS alerts every 5 seconds. Baidu’s traffic hijacked to DDoS GitHub.com | Insight-labs
-
China finally admits it has special cyber warfare units — and a lot of them. From years China has been suspected by U.S. and many other countries for carrying out several high-profile cyber attacks, but every time the country strongly denied the claims. However, for the first time the country has admitted that it does have cyber warfare divisions – several of them, in fact. In the latest updated edition of a PLA publication called The Science of Military Strategy, China finally broke its silence and openly talked about its digital spying and network attack capabilities and clearly stated that it has specialized units devoted to wage war on computer networks. An expert on Chinese military strategy at the Center for Intelligence Research and Analysis, Joe McReynolds told TDB that this is the first time when China has explicit acknowledged that it has secretive cyber-warfare units, on both the military as well as civilian-government sides. CHINESE CYBER WARFARE UNITS According to McReynolds, China has three types of operational military units: Specialized military forces to fight the network -- The unit designed to carry out defensive and offensive network attacks. Groups of experts from civil society organizations -- The unit has number of specialists from civilian organizations – including the Ministry of State Security (its like China’s CIA), and the Ministry of Public Security (its like FBI) – who are authorized to conduct military leadership network operations. External entities -- The unit sounds a lot like hacking-for-hire mercenaries and contains non-government entities (state-sponsored hackers) that can be organized and mobilized for network warfare operations. According to experts, all the above units are utilized in civil cyber operations, including industrial espionage against US private companies to steal their secrets. CHINESE CYBER UNIT 61398 In 2013, American private security firm Mandiant published a 60-page report that detailed about the notorious Chinese hacking group 'Unit 61398', suspected of waging cyber warfare against American companies, organizations and government agencies from or near a 12-story building on the outskirts of Shanghai. The UNIT 61398 also targeted a number of government agencies and companies whose databases contain vast and detailed information about critical United States infrastructure, including pipelines, transmission lines and power generation facilities. MOST WANTED CHINESE HACKERS Last year, the United States filed criminal charges against five Chinese military officials, named Wang Dong, Sun Kailiang, Wen Xinyu, Huang Zhenyu, and Gu Chunhui, for hacking and conducting cyber espionage against several American companies. The alleged hackers were said to have worked with the PLA’s Unit 61398 in Shanghai. Among spying on U.S companies and stealing trade secrets, they had also accused for stealing information about a nuclear power plant design and a solar panel company’s cost and pricing data. Source
-
Beijing has rejected President Obama's criticism of its plan to make tech companies put backdoors in their software and share their encryption keys if they want to operate in China. On Monday, Mr Obama told the Reuters news agency he had "made it very clear" China had to change its policy if it wanted to do business with the US. But Beijing said it needed the powers to combat terrorism and tackle leaks. It also suggested the West was guilty of having double standards. "The legislation is China's domestic affair, and we hope the US side can take a right, sober and objective view towards it," said Chinese foreign ministry spokeswoman Hua Chunying. "On the information-security issue, there was a [recent] media revelation that a certain country embedded spying software in the computer system of another country's Sim card maker, for surveillance activities. This is only one out of the recently disclosed cases. "All countries are paying close attention to this and taking measures to safeguard their own information security, an act that is beyond any reproach." The case she was referring to involved allegations that US cyber-spies had hacked a Dutch Sim card manufacturer in order to help decrypt their targets' communications. At another press conference, parliamentary spokeswoman Fu Ying drew attention to the fact that the US government had imposed restrictions on Chinese companies including Huawei and ZTE. And she suggested that Beijing's proposals were in line with the same kind of access to internet correspondence sought by the US and British governments. "We will definitely continue to listen to extensive concerns and all the parties' views, so we can make the law's formulation more rigorous," she added. The rules are part of a proposed counter-terrorism law set to be discussed by China's annual parliament session, the National People's Congress (NPC), which opens on Thursday. 'Paranoid espionage' President Obama's comments had followed the publication of a fresh draft of the proposed law, which was made public last week. It "would essentially force all foreign companies, including US companies, to turn over to the Chinese government mechanisms where they can snoop and keep track of all the users of those services", the US leader said. "As you might imagine tech companies are not going to be willing to do that," he added. Microsoft, Cisco, Oracle and IBM are among firms that would potentially be affected. While the comments by Chinese officials were measured, the government's press service, Xinhua, was more critical. It accused the US leader of arrogance and hypocrisy, noting that the FBI had criticised Apple and Google last year for building encryption into their smartphone operating systems, and again drew attention to allegations about the US National Security Agency's activities made public by the whistleblower Edward Snowden. "With transparent procedures, China's anti-terrorism campaign will be different from what the United States has done: letting the surveillance authorities run amok and turn counter-terrorism into paranoid espionage and peeping on its civilians and allies," Xinhua wrote. "Contrary to the accusations of the United States, China's anti-terror law will put no unfair regulatory pressures on foreign companies, because the provisions will apply to both domestic and foreign firms." Insecure systems The Conservative party has indicated it wants to expand the UK's cyber-spies' surveillance powers it if wins the May election. US firms, including Microsoft, are hoping to boost profits by selling their services to China "Our manifesto will make clear that we will... use all the legal powers available to us to make sure that, where appropriate, the intelligence and security agencies have the maximum capability to intercept the communications of suspects while making sure that such intrusive techniques are properly overseen," Home Secretary Theresa May told Parliament in January. One expert said it should be no surprise that the West was finding it difficult to prevent China seeking greater cyber-surveillance powers of its own, but added there were good reasons to fear its proposals. "Either behind the scenes or increasingly openly, the US and UK are justifying similar behaviour for their own purposes, but are extremely concerned when China asks for its own capabilities," said Dr Joss Wright, from the Oxford Internet Institute. "But what we don't want to see is a world in which internet-based products and services are riddled with backdoors by every state that says it needs to act against terrorism. "A backdoor is always a concern because the moment it can be exploited, you have an insecure system by default, and that could make everyone less safe." Source
-
Spoiler alert: Those who haven’t yet seen the film, but plan to, please skip to the summary. Hollywood has tried to depict cyberwarfare and “hacking” many times. Hackers and The Net are just a couple of examples. Blackhat, a Michael Mann directed film, debuted in wide theatrical release on January 16th. Chris Hemsworth plays Nicholas Hathaway, a man who was serving time in prison for some sort of computer related crime. Viola Davis plays FBI Agent Carol Barrett. Leehom Wang plays Captain Dawai Chen, an officer of China’s cyberwarfare unit. Wei Tang plays his sister, Lien Chen. Lien’s character is central to the movie, she helps with the investigation and (spoiler alert!) falls in love with Nicholas. Here’s a quick synopsis. A nuclear power plant in Chai Wan, Hong Kong is attacked with a remote access tool (RAT.) Through the RAT, the plant’s programmable logic controllers are tampered with, causing the coolant pumps to overheat and explode. People within a ten kilometer radius of the plant are evacuated. Captain Dawai Chen has to find the culprit. He discovers, through his sister Lien and FBI Agent Carol Barrett, that the RAT contains code he wrote himself years ago, collaborating with Nicholas Hathaway. Nicholas was in prison, and Agent Barrett helped to release him, because of course, Nick’s help is crucial to the investigation. Coincidentally, the Mercantile Trade Exchange in Chicago is attacked with the same RAT, and soy prices skyrocket. It’s a commodities trading disaster! That incident makes the Chinese and American officials willing to collaborate. Our characters spend time in the US, travel to various locations in China, and eventually they travel to Malaysia and Indonesia as well. There’s lots of explosions, lots of super intense gunfire, one of the main characters is murdered while in his car, and of course, that explodes as well. I went into the movie theater with very low expectations for the film’s technical accuracy. Actually, Hollywood has done much worse when it comes to depicting cyberwarfare and information security attacks in general. There were highlights and lowlights. First, I’ll explain what I think the film got right. Accuracies It was quite correct to state that a RAT can be used to wreak havoc, such as causing a nuclear disaster. And malware has attacked nuclear facilities before, such as when Stuxnet hit Iran. Some of the GNU/Linux BASH shell commands were accurate. I saw a “sudo” here and there. It’s possible for the Chicago Mercantile Exchange to be attacked through a RAT. Yes, IPSes and firewalls are indeed network security devices. Kudos! Correct usage of the right kind of proxy servers can make tracing a blackhat’s activity a lot more difficult. What really impressed me was that at one point, someone filebound a keylogger to a PDF in order to acquire a password. The PDF was for the user to review their organization’s password policy when he was instructed to change his password. This was the very first time in American film and television that I’ve seen filebinding and software keylogging used properly, and the social engineering it may require to be successful. In NCIS and Hackers, they make it seem like “hacking” requires ultra fast typing. Supposedly, the way to “hack” or defend against a “hack” is to type at 327 words per minute! The faster the typing, the more hackerific the hacking! I didn’t see any of that BS in Blackhat. Very good. Now, here’s where Blackhat errs. Inaccuracies In the first scene that Chris Hemsworth’s Nicholas Hathaway appears in, he’s interrogated in prison about something he did. The interrogater says, “You used this to open a command line?” As if opening a command line on a machine is some super impressive, devious feat. Notice that he didn’t say “acquire root access.” Just “open a command line.” Groan… Although this has nothing to do with information security, I noticed that Hong Kong and the Chinese cities in the movie were completely devoid of air pollution. Beijing and other Chinese cities are notorious for having horrific air quality, to the extent that it even interferes with landings and departures at Beijing’s international airport. Absolutely all of the code displayed in the movie was hexidecimal. Or random combinations of letters and numbers, sometimes it was difficult to tell. I highly doubt that the coders in the movie work purely in assembly. Especially when they develop applications like RATs. An NSA information security professional was extremely perplexed that his data center was penetrated, because they have firewalls and IPSes. Those things are bulletproof, don’t ya know? Likewise, checking physical security amounted to verifying that the door to the server room was protected by a fingerprint scanner, and that’s it. A monitoring device was put on Nick for his release. Fair enough. It was controlled by an Android app. One of the settings was for how frequently the app checked the geolocation of Nick’s monitoring device. Nick was able to grab the Android phone at one point and change its settings so that it checked his location a lot less frequently. Why would the backend of a convict’s monitoring device be so insecure, physically and otherwise? Apparently, you can do a “whois” on both usernames and IP addresses. That’s news to me. On a related note, once you’ve found an IP address, you’ve definitely got someone! It’s not like dynamic IP addresses and IP address spoofing exist, or anything like that. Also, that contradicts how the movie shows that proxy server use can make attackers more difficult to find. In one scene, Nick and Lien eat at a Korean restaurant that’s somewhere in the United States. Hangul (Korean) characters can be seen here and there, but for some reason, there are Chinese characters to be seen as well. All that funny Asian writing is all the same, isn’t it? Anyway, at some point, Nick goes to the restaurant’s backroom, where there’s a PC with a couple of monitors. I could tell that Nick didn’t boot an OS from a USB stick or DVD. He didn’t use any external media, so he couldn’t have loaded applications from them either. A restaurant’s PC will typically have standard OS applications, financial software, and some sort of POS backend, without much else. I’d be surprised to find something like Wireshark or Nessus on a restaurant’s PC. Nonetheless, within mere seconds of acquiring physical access to the PC, Nick runs some pretty heavy duty network penetration tools. Black Widow is a fictional Nessus/OpenVAS-like program. Or perhaps it’s something like Kali Linux. It’s a super secret tool that only the FBI is supposed to have access to! As if these sorts of things are only developed by and used by the FBI! At one point, Nick and Lien are in the middle of a rural part of Malaysia. It’s really, really rural. There’s just a very tiny village there, and that’s it. Somehow, Lien is able to whip out her laptop and enjoy instant network connectivity. Maybe she’s using satellite technology, but that’s doubtful. FBI Agent Carol Barrett assures her colleagues that the Chinese can be trusted because “they’ve been cooperative so far.” I’ve written about Chinese cyber attacks on the United States before. Such incidents have been very frequent, and very recent. The movie takes place in March 2015. There was Operation Aurora in late 2009 that targeted Google and Adobe. The Office of the National Counterintelligence Executive reported Chinese cyber attacks on American military servers to Congress in November 2011. Backdoors have been found in devices sold to the United States and manufactured by Huawei and ZTE, both of which are closely tied to the Chinese government. That’s just the tip of the iceberg. The FBI should be well aware that collaborating with the Chinese to investigate cyberwarfare is a bad idea. There are probably intelligence types who laughed while watching this movie. Summary It’s obvious to me that some effort was made to make Blackhat technically accurate. But clearly, there were still blunders. As far as the American and Chinese collaboration in the film is concerned, I think that can be explained with three words: International box office. More and more, major Hollywood studios are relying on it to make movies that cost $70 to 150 million profitable. For instance, by Hollywood blockbuster standards, Pacific Rim didn’t do very well in the United States. But it ended up making a lot of money anyway, largely from Chinese moviegoers. Hollywood looks at China with dollar signs in her eyes. So, it was an absolute must that the Chinese government was depicted positively in the movie. Compared to previous attempts, Blackhat is an improvement in how information security and computer technology is portrayed in fiction. But it’s only a minor improvement. Source
-
Chinese hackers have launched a wave of man-in-the-middle (MITM) attacks capable of stealing emails, contacts and passwords is targeting Microsoft Outlook users in the country. Greatfire.org, a group that reports on and works to combat Chinese government online censorship and surveillance, reported uncovering the campaign this week. "On January 17, we received reports that Microsoft's email system, Outlook (which was merged with Hotmail in 2013), was subjected to a MITM attack in China," read the Greatfire threat advisory. "This form of attack is especially devious because the warning messages users receive from their email clients are much less noticeable than the warning messages delivered to modern browsers." The attack reportedly uses a bogus certificate to push a malicious alert to Outlook users that siphons information from the victim's account if it is opened. "Users will only see an abrupt pop-up warning when the client tries to automatically retrieve messages. Users will then be able to tap on a 'continue' button and ignore the warning message," explained the advisory. "If users do click on the 'continue' button, all of their emails, contacts and passwords will be logged by the attackers." The number of affected Outlook users remains unknown, although a Microsoft spokesperson confirmed to V3 that the firm is aware of the attacks. "We are aware of a small number of customers impacted by malicious routing to a server impersonating Outlook.com. If a customer sees a certificate warning, they should contact their service provider for assistance," they said. Greatfire believes that the Chinese government is responsible for the attacks, citing similarities to previous attacks it believed were state sponsored. "Because of the similarity between this attack and previous, recent MITM attacks in China on Google, Yahoo and Apple, we once again suspect that Lu Wei and the Cyberspace Administration of China have orchestrated this attack," it said. "If our accusation is correct, this new attack signals that the Chinese authorities are intent on further cracking down on communication methods that they cannot readily monitor." The attack on Apple's iCloud occurred at the end of 2014 and was serious enough for CEO Tim Cook to fly to China. F-Secure security advisor Sean Sullivan told V3 that the Outlook attacks follow a similar pattern to the iCloud campaign and warned business users visiting China to be extra cautious. "This case appears similar to the move against iCloud back in October. Any business person travelling or working in China should use a VPN (or other measures) to access their email - or else pay very careful attention to warning messages," he said. "If you're doing business in China, be very mindful of the situation. I'd even recommend using separate hardware for the trip." Jason Steere, director of technology strategy at FireEye, mirrored Sullivan's sentiment, pointing out that, even if focused on monitoring Chinese citizens alone, the attacks could cause trouble for Western professionals visiting the country. "I suspect this attack is more about gathering intel on Chinese citizens - using international mail systems to communicate information that they could not do with a Chinese web platform due to censorship," he told V3. "However, many other people are collateral damage with information exposed that I'm sure they would prefer not to be picked up. "Anything sent or received, such as usernames, passwords, holidays, journalist sources, new stories, personal information etc, would all have been exposed during the time of the attack. "All of that information can be collected and used for intel, surveillance etc." The attack on Outlook comes less than a month after Chinese authorities began blocking local access to Google services including Gmail. Prior to the Google blockade the Beijing government mounted a mass censorship campaign that cut off access to thousands of websites, applications and cloud services in November 2014. Source