Forgot your password?
typodupeerror
China Government Security

Chinese Hackers Launch Zero-Day Malware At Spiritual Activists, Military Groups 62

Posted by Soulskill
from the tired-of-farming-gold-in-WoW dept.
twoheadedboy writes "A Chinese hacker group is the chief suspect of spear phishing attacks against the Falun Dafa spiritual group and military organizations in the Philippines. Data handed to TechWeek by AlienVault Labs showed how zero-day malware, designed to pilfer Outlook email account logins, was just one strand of the attacks, which are ongoing. Other malware sought to steal passwords for other accounts, dodging many commercial AV products, whilst remote access tools indicate this is a serious surveillance operation. Chinese authorities have neither confirmed nor denied the claims. But it marks another case of Internet-led surveillance with China's name attached to it, following numerous reports of mass Chinese hacking, which has already allegedly hit massive firms like Facebook and Google."
This discussion has been archived. No new comments can be posted.

Chinese Hackers Launch Zero-Day Malware At Spiritual Activists, Military Groups

Comments Filter:
  • How are the Chinese doing this? Snowden hasn't said a word about Chinese espionage programs that I recall.

    • by Fluffeh (1273756) on Tuesday July 23, 2013 @11:36PM (#44367657)

      Snowden wasn't employed in a position where he had access to the Chinese espionage program. He was employed where he had access to the US programs. Maybe one day there will be a Chinese version of Snowden that will shine light on all the mischeif that the Chinese get up to...

      • I agree there will indeed be light shining on the day there is a Chinese Snowden. A Chinese Snowden might even have an easier time getting people to see his light since he will be able to make it more visible by reflecting it off the ice accumulated from hell freezing over. I'm not sure a Russian Snowden would have that advantage.

        • by sFurbo (1361249)
          A Russian Snowden would not help that much, as any illumination he did would be with alpha particles [wikipedia.org] which aren't very penetrating.
        • A Chinese snowden would be lucky to make it out of the country, and would likely be dead in an 'accident' a week after the first leak.

      • And that is how asymmetric advantage accrues to the genuinely oppressive regimes. Cripple intelligence agencies in free societies, do nothing about the actual oppressive regimes. What could possibly go wrong?

    • by Dr Max (1696200)
      Probably because he hasn't worked for them (but plenty of people are more than happy to tell you it's widespread and unstoppable apart from giving the NSA another trillion dollars). Also i think i would prefer the Chinese having all my data than the US, because china is a lot less likely to use it against me (not hand it over to the mpaa to sue me or something). Of course if i was a billion dollar defence contractor working on top secret weapon designs for the US, or a Chinese citizen, i might have a differ
      • No, China won't hand your information over to MPAA. They'll just imprison you indefinitely for speaking against the government.

        • by Dr Max (1696200) on Wednesday July 24, 2013 @12:08AM (#44367781)
          How exactly are they going to do that? Even if they managed to invade my country, finding me in that war zone wont be all that easy. But what the hell, lets find out what happens. CHINA GOVERNMENT EATS BABIES. How long do you think it's going to take to arrest me?
          • As soon as you go through customs if you ever decide to go to China, Taiwan or Hong Kong for a holiday?

            • by Dr Max (1696200)
              Yeah because there are all those reports from western peoples families, that their loved ones were abducting by the Chinese government while they were on a holiday in china. On the other hand there have been many stories of people being stopped entry to America because of something they wrote on the internet (no abductions that i know about at the airport, but i wouldn't like to be snowden or assange walking around over there) and if America finds you in a country they don't like (and are alot bigger than)
    • by AHuxley (892839)
      Re: How are the Chinese doing this?
      The same way the US tracks protesters/anti war groups or faith based charities are examined, Russia tracks the press/CIA/MI6 funded NGOs or dissidents.
      You find the 'easy' local groups, raid them and see what their admins are doing. Build up picture of their networks and then legend your sock puppets/long term infiltrators for the international supporters.
      Sock puppets get people taking, long term infiltrators build trust with the admins and become helpful leaders in t
  • Black hole them? (Score:3, Insightful)

    by CaptainDefragged (939505) on Tuesday July 23, 2013 @11:24PM (#44367607)
    Unless your business has a legitimate need to accept traffic from China or Russia, wouldn't it be possible, perhaps prudent even, to block any traffic to and from those countries?
    • by aliquis (678370)

      Yeah. Try to block all the spying organisations by blocking traffic from the countries they operate from ..

      At least you'll get local speed to all of your accessible part of the Internet!

    • by Yomers (863527)
      It will keep those hackers away, sure :) You really dont know about vpn, socks, ssh tunnel, server with remote access? Or you are just a voice from under the bridge?

      Having looked at the C&C IP addresses, domain names used by the attackers, shellcode inside the exploits and various pieces of metadata, AlienVault has surmised the attackers are operating out of China.

      AlienVaults make the same mistake - like Chinese servers and domains are available only to Chinese, lol. Couple of years ago .cn domains was almost free, so 90 percent of spam domains were .cn. Chinese servers frequently used as 'bullet-proof' as Chinese datacenter staff tends not to react on foreign abuse complaints. IP's and domains have no re

      • Hang on whilst I grab my flame retardant coat. I guess I should have been more specific and said "Chinese or Russian domains and IP blocks".
    • I'm sure that's delay any Chinese hackers, state-sponsored or otherwise, for a few minutes. They are as capable as anyone of using a previously-compromised host as a proxy. State-sponsored hackers may even use this as a false-flag approach: Hack a bunch of computers in Russia or Iran, and use those to attack American targets. For that matter, some of the many attacks seemingly coming from China may well be the work of Russia. It's very easy to frame someone else.

  • This seems consistent with the Mandiant report, at least the Spear Phishing attacks and maybe the tools?

  • by Anonymous Coward on Tuesday July 23, 2013 @11:41PM (#44367675)
    In China: Use metadata to find suspects, attempt to install a trojan to find additional information.
    In US: Use metadata to find suspects, request a secret warrant from a secret court (with a history of granting 100% of warrant requests) to find additional information.

    following numerous reports of mass Chinese hacking, which has already allegedly hit massive firms like Facebook and Google.

    Following a report that US surveillance consists of massive firms like Facebook and Google.

    Posting anonymously, because I often fly internationally, am already easily profiled, and do not want to increase my risk of showing up on a secret TSA hassle list.

  • by CodeBuster (516420) on Wednesday July 24, 2013 @12:52AM (#44367933)
    The targets alone prove that this was the work of the Chinese because there's no money to be made in attacking either of these groups. The criminals are in it for the money and they wouldn't waste zero days on military groups in the Philippines or some offshoot of the Falun group of religious people. Furthermore, everybody knows that the Chinese government employs hackers, it's now documented public information, so there's no obvious political value in staging a false flag operation to make it look like it was the Chinese because that cat's already out of the bag. The only government on the entire planet that would perceive any value in attacking either of these groups is the Chinese government.
    • by Anonymous Coward

      Data a criminal group might obtain on the Falun Gong is saleable to the Chinese government, false flag operations do have value in distracting from the current Snowden case for instance, or gaining credibility for the FG. Or it could just be a private enthusiast acting without sanction. It doesn't *have* to be the Chinese, though it does seem likely.

  • by Anonymous Coward

    At a previous gig I was tasked with setting up a network with VPN endpoints in Shanghai, Noida, SF, and NYC. Within months I was consulting with my buddies that started their own security company because my doorknob was rattling off the hook mainly in the Shanghai region. The data being protected was a AAA game engine under heavy development, which I can say never got leaked unlike the one from our sister studio in the UK. The mass of massive hacking coming my way did seem to be chinese govt related (in thi

  • It makes perfect sense that Chinese groups are attacking the military of the Philippines since China is paving the way for aggression. China is trying to claim sovereignty over islands claimed by many of its neighbors. The age old quest by China to establish its hegemony continues.

    Philippines Protests Renewed Chinese Pressure in South China Sea [the-americ...terest.com]
    China And The Biggest Territory Grab Since World War II [forbes.com]
    The Philippines and Japan want U.S. help in dealing with China’s aggression [washingtonpost.com]
    Philippines upgrades militar [globalpost.com]

    • by Anonymous Coward

      It also makes sense that the US is framing China for hacking attacks and trying to stir up age old tensions in China's backyard with it's neighbours.. I mean, the Phillipines and Japan are independent/impartial when it comes to China/US right and in no way would they be under US influence would they?

      The age old quest(ok maybe not that old) by the US to keep it's hegemony continues, and the age old quest by the US to frame others and continue to do what it accusers others of doing continues.

      China may have mo

      • by Anonymous Coward

        In China the anti-foreigner propaganda is against the Japanese - at least it was in 2005 when I was there. It is genuine and not being framed by the US.

        The Chinese use Japanese WW2 atrocities as an excuse. The real reason is the oil in the South China Sea. Now there is a similar oil dispute between China and the Philippines.

  • by ruir (2709173) on Wednesday July 24, 2013 @04:21AM (#44368459) Homepage
    Why foreign organisations are using: 1) a closed-source OS developed by a foreign power 2) software with all these security flaws 3) a software defective by design
  • by Anonymous Coward

    Unless they're moving against Christians, most of the western world doesn't care.
    China has a thriving trade in sex slaves, protected by official corruption - bigger fish to fry.

  • by asylumx (881307) on Wednesday July 24, 2013 @07:54AM (#44369077)
    How can malware be zero-day? If it's exploiting some security weakness, then it's a virus and not malware. If it's malware, then it's probably gotten itself installed (even if through nefarious means) via some social engineering technique. I suspect this is a stretched use of "zero-day" in order to make the headline & article more exciting.
    • by gman003 (1693318)

      You've got your definitions wrong.

      "Malware" is a superset of viruses, worms, trojans, and pretty much any software that inflicts harm. It can spread either through the network, over physical media, through social engineering, or any combination of the three.

    • It exploits security flaws that have been there since day zero, perhaps?

From Sharp minds come... pointed heads. -- Bryan Sparrowhawk

Working...