beforeyoukillyourcomputer.com

Chinese military and education officials have dismissed reports linking them with a cyber attack on the Internet search engine Google. In an interview with China Daily, they said that a recent accusation printed in the New York Times was false.

In its report on Thursday, the New York Times linked two Chinese higher education institutions to cyber attacks on Google.

The world’s biggest search engine announced last month that it had been the target of a highly sophisticated attack in December. It said the hacking had come from a source within China.

The report claimed the two education facilities have close ties with the Chinese military and also Google’s competitor in China, Baidu.

Pan Zheng, an expert from the National Defense University, told China Daily that the attacks on Google had nothing to do with the Chinese government, nor the military. He went on to say that a hacking location inside China doesn’t necessarily mean the attacks were launched by the government or the military.

Major General Luo Yuan from the Academy of Military Science said that web hacking is against Chinese law. He stated that the Chinese military would not go against the rules. He claimed that it was irresponsible to blame the military when there was such a lack of evidence.

One of the accused schools is the Shandong-based Lanxiang Vocational School. School officials say they have been getting phone calls all day asking about the cyber attack. They say that the school provides lessons in I.T. and computing, and has no ties with the Chinese military.

A professor from Shanghai-based Jiaotong University, the other named Chinese institution, said he is not surprised by allegations that students hacked into websites. However he said that such acts were not malicious in motive, and that the students may simply have been testing out their Internet abilities. The professor added that the IP address of the university was often hijacked.

Source ~ CCTV.com

BEIJING, Feb. 23 (Xinhua) — The New York Times, the Wall Street Journal, Financial Times and some other newspapers have published articles indicating that cyber attacks targeting Google and several other U.S. companies were from China. Such allegations are arbitrary and biased.

These articles take as evidence that hackers’ IP addresses could be traced back to two schools in China. However, it is common sense that hackers can attack by hijacking computers from anywhere in the world. This fact also explains why hackers are hard to be tracked down.

Computers in China are easy to be hijacked by hackers as internet security technology and services are still underdeveloped in China. The majority of Chinese internet users also lack security awareness and adequate protection measures.

The hackers’ IP addresses could by no means vindicate the newspapers’ allegations that the attacks were carried out by Chinese citizens or from within China.

Certain newspapers went even further by indicating that the Chinese government and the military might have supported those cyber attacks.

Full Story ~ xinhuanet

With its sterling reputation and its scientific bent, Shanghai Jiaotong University has the feel of an Ivy League institution.

The university has alliances with elite American ones like Duke and the University of Michigan. And it is so rich in science and engineering talent that Microsoft and Intel have moved into a research park directly adjacent to the school.

But Jiaotong, whose sprawling campus here has more than 33,000 students, is facing an unpleasant question: is it a base for sophisticated computer hackers?

Investigators looking into Web attacks on Google and dozens of other American companies last year have traced the intrusions to computers at Jiaotong as well as an obscure vocational school in eastern China, according to people briefed on the case.

Security experts caution that it is hard to trace online attacks and that the digital footprints may be a “false flag,” a kind of decoy intended to throw investigators off track.

But those with knowledge of the investigation say there are reliable clues that suggest the highly sophisticated attacks may have originated at Jiaotong and the more obscure campus, Lanxiang Vocational School in Shandong Province, an institution with ties to the Chinese military.

Last weekend, the two schools strongly denied any knowledge of the attacks, which singled out corporate files and the e-mail accounts of human rights activists.

A spokesman for Jiaotong told local news outlets that school officials were “shocked and indignant” to learn of the allegations. And a Lanxiang spokesman called the reports preposterous.

Full Story ~ The New York Times

Police in central China have arrested three people and seized money and equipment worth hundreds of thousands of dollars in a crackdown on the country’s biggest commercial operation to train computer hackers, state media reported over the past two days.

But Western specialists in cybersecurity were skeptical that the arrests signified any broad commitment by China to halt the assaults on computer security that Google and other Western companies have endured in recent months.

China has not shut down the well-known servers that have been used in these attacks or arrested their operators, so the detention of three people in central China is unlikely to make much of a difference, said Ronald J. Deibert, a cybersecurity expert at the Munk Center for International Studies at the University of Toronto.

“Their crackdown on this apparent hacker group needs to be placed in a broader context,” Mr. Deibert said. “I would characterize it as window dressing.”

Public security officers in Hubei province also shut down a Web site said to be used to raise more than $1 million in membership fees from 12,000 paying members, according to the Wuhan Evening Post in Wuhan, the provincial capital of Hubei. The members received software tools for penetrating computer security systems and online accounts.

The Web site, the Black Hawk Safety Net, was started in 2005 and had another 170,000 free members, China’s official Xinhua news agency reported on Monday.

Full Story ~ The New York Times

Iowa investigators say they believe a breach of a state computer database can be traced to China. The Iowa Racing and Gaming Commission said someone hacked into one of its computer servers last week.

The server contained records of more than 80,000 casino employees including birth dates and Social Security numbers. While they believe the breach came from China, they acknowledge the hackers disguised their digital footprints.

Officials say they don’t know if personal information was stolen but they are proceeding as if all the data was compromised.

Source ~ WHO-TV

With a few quick keystrokes, a computer hacker who goes by the code name Majia calls up a screen displaying his latest victims.

“Here’s a list of the people who’ve been infected with my Trojan horse,” he says, working from a dingy apartment on the outskirts of this city in central China. “They don’t even know what’s happened.”

As he explains it, an online “trapdoor” he created just over a week ago has already lured 2,000 people from China and overseas — people who clicked on something they should not have, inadvertently spreading a virus that allows him to take control of their computers and steal bank account passwords.

Majia, a soft-spoken college graduate in his early 20s, is a cyberthief.

He operates secretly and illegally, as part of a community of hackers who exploit flaws in computer software to break into Web sites, steal valuable data and sell it for a profit.

Internet security experts say China has legions of hackers just like Majia, and that they are behind an escalating number of global attacks to steal credit card numbers, commit corporate espionage and even wage online warfare on other nations, which in some cases have been traced back to China.

Three weeks ago, Google blamed hackers that it connected to China for a series of sophisticated attacks that led to the theft of the company’s valuable source code. Google also said hackers had infiltrated the private Gmail accounts of human rights activists, suggesting the effort might have been more than just mischief.

In addition to independent criminals like Majia, computer security specialists say there are so-called patriotic hackers who focus their attacks on political targets. Then there are the intelligence-oriented hackers inside the People’s Liberation Army, as well as more shadowy groups that are believed to work with the state government.

Indeed, in China — as in parts of Eastern Europe and Russia — computer hacking has become something of a national sport, and a lucrative one. There are hacker conferences, hacker training academies and magazines with names like Hacker X Files and Hacker Defense, which offer tips on how to break into computers or build a Trojan horse, step by step.

For less than $6, one can even purchase the “Hacker’s Penetration Manual.” (Books on hacking are also sold, to a lesser extent, in the United States and elsewhere.)

And with 380 million Web users in China and a sizzling online gaming market, analysts say it is no wonder Chinese youths are so skilled at hacking. Many Chinese hackers interviewed over the last few weeks describe a loosely defined community of computer devotees working independently, but also selling services to corporations and even the military. Because it is difficult to trace hackers, exactly who is behind any specific attack and how and where they operate remains to a large extent a mystery, technology experts say.

And that is just the way Majia, the young Chinese hacker, wants it. On condition that he not be identified by his real name, Majia agreed two weeks ago to allow a reporter to visit his modest home in a poor town outside Changsha, and watch him work.

Slim and smartly dressed in black, Majia seemed eager to tell his story; like many hackers, he wants recognition for his hacking skills even as he prizes anonymity to avoid detection. The New York Times found him through another well-known hacker who belongs to a hacker group and vouched that Majia was skilled at what he did.

While Majia’s claims, of course, cannot be verified, he is happy to demonstrate his hacking skills. He met a journalist at a cafe one night just over a week ago, and then invited him to his home, where he showed how he hacked into the Web site of a Chinese company. Once the Web site popped up on his screen, he created additional pages and typed the word “hacked” onto one of them.

Majia says he fell in love with hacking in college, after friends showed him how to break into computer systems during his freshman year.

After earning a degree in engineering, he took a job with a government agency, largely to please his parents. But every night after work, he turns to his passion: hacking.

He is consumed by the challenges it presents. He reads hacker magazines, swaps information with a small circle of hackers and writes malicious code. He uses Trojan horses to sneak into people’s computers and infect them, so he can take control.

“Most hackers are lazy,” he says, seated in front of a computer in his spare bedroom, which overlooks a dilapidated apartment complex. “Only a few of us can actually write code. That’s the hard part.”

Computer hacking is illegal in China. Last year, Beijing revised and stiffened a law that makes hacking a crime, with punishments of up to seven years in prison. Majia seems to disregard the law, largely because it is not strictly enforced. But he does take care to cover his tracks.

Partly, he admits, the lure is money. Many hackers make a lot of money, he says, and he seems to be plotting his own path. Exactly how much he has earned, he won’t say. But he does admit to selling malicious code to others; and boasts of being able to tap into people’s bank accounts by remotely operating their computers.

Financial incentives motivate many young Chinese hackers like Majia, experts say. Scott J. Henderson, author of “The Dark Visitor: Inside the World of Chinese Hackers,” said he had spent years tracking Chinese hackers, sometimes with financial help from the United States government. One Chinese hacker who broke into a United States government site later lectured on hacking at a leading university, Mr. Henderson said, and worked for China’s security ministry. But recently, many have been seeking to profit from stealing data from big corporations, he said, or teaching others how to hijack computers.

“They make a lot of money selling viruses and Trojan horses to infect other people’s computers,” Mr. Henderson said in a telephone interview. “They also break into online gaming accounts, and sell the virtual characters. It’s big money.”

Majia lives with his parents, and his bedroom has little more than a desktop computer, a high-speed Internet connection and a large closet. The walls are bare.

Most of his socializing occurs online, where he works from about 6:30 p.m. to 12:30 a.m., starting every evening by perusing computer Web sites like cnBeta.com.

Asked why he doesn’t work for a major Chinese technology company, he sneers at the suggestion, saying that it would restrain his freedom.

He even claims to know details of the Google attack. “That Trojan horse on Google was created by a foreign hacker,” he says, indicating that the virus was then altered in China. “A few weeks before Google was hijacked, there was a similar virus. If you opened a particular page on Google, you were infected.”

Oddly, Majia said his parents did not know that he was hacking at night. But at one point, he explained the intricacies of computer hacking and stealing data while his mother stood nearby, listening silently, while offering a guest oranges and candy.

Majia and his fellow hackers keep secret their knowledge of certain so-called zero-day vulnerabilities — software flaws — for future use, he says.

“Microsoft and Adobe have a lot of zero days,” he said, while scanning Web sites at home. “But we don’t publish them. We want to save them so that some day we can use them.”

When asked whether hackers work for the government, or the military, he says “yes.”

Does he? No comment, he says.

Source ~ New York Times