06/22/13

China Hackers found in Tor

China Hackers found in Tor

gAtO bEeN crawling - Tor and found China — China, Fujian IP found in Tor but is it really the Chinese or someone else. As I work on the Tor-Directory-Project to map out every URL in Tor. I came to these site

Anonetchina-computer-hac_1963116c

http://yaiaqf3te6khr3nd.onion/ – This sites has 3 different sites in one – 3 index front pages-DOORS - fUnNy nO?

http://lw7b7t7n7koyi6tb.onion

Now what’s so weird about these 2 sites 4 IP address on the site for proxies and Tor in CHINA.  This ain’t right, China does it’s best to block Tor and keep it’s citizens away from Tor so why would a website in Tor place these explicit IP address and telling you to use them.  In Tor you try to hide not give IP out that can be traced, so why is this different???

So I back trace these 4 sites 3 in China 1 is Soul,Korea, then you google “Fujian Providence hacking”

Yeah there are a lot of things happening in that part of China but is it really the Chinese or others. Russians maybe??

These 2 sites are linked to “Anonet” the funny (ha ha) thing is this one person that keeps popping up – (Anonymous Coward ) on both these sites-  and he/she leads back to China too mAyBe -Si-nO. The Chinese use the Anonymous Coward to mock Anonymous which are very dangerous in China but this does not look good folks.

We talk about China hacking us and when people like myself find these sites and try to report them  – no way- I’m just a nobody that has one of the largest Tor search engines around. Just from these 2 sites I have 56 URL’s – Maybe one of these cyber Professional should check these 2 sites out – I have a subscription service for Tor Search engine any governments or law enforcement out there that need this — talk to gAtO—

They may find one source of China Hacking the US and other places – gAtO oUt

Chinanet Fujian Province Network

http://1.1.7.10/  IP Address:

Chinanet Fujian Province Network

http://1.1.7.7/  IP Address:

Chinanet Fujian Province Network

http://1.234.56.4/  IP Address:

1.234.56.4  ISP: SK Broadband Co Ltd Region:

Seoul (KR)

http://1.56.75.16/  IP Address:

China Unicom Heilongjiang Province Network

1.56.75.16  ISP: Region: Harbin (CN)

06/12/13

Government use of Cyber Weaponized Exploits

gAtO rEaD- The government is buying hackers exploits – not to stop these sophisticated cyber exploits but to use these tools against it’s own people- they are using the tools to infiltrate computer networks worldwide, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.network

The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired. So your computer is vulnerable and the governments knows it and will not disclose this information, but use it against you to place cookies,RAT’s or other spyware into your computer -maybe- I trust our government don’t you?

If you got nothing to hide, you should not be worried… right????

So our Tax dollars are going to Hackers and cyber criminals that sell these exploits all over the world. As a tax payer I don’t like this part at all. But the worst part is by us taking the lead of cyber offensive cyber tools -example.. Stuxnet – it is a plan book for other countries to do the same. So what we do in cyberspace has become socially acceptable to do in cyberspace and then we bitch about China. I don’t get it – mEoW

Officials have never publicly acknowledged engaging in offensive cyber-warfare, though the one case that has beenmost widely reported – the use of a virus known as Stuxnet to disrupt Iran’s nuclear-research program – was lauded in Washington. Officials confirmed to Reuters previously that the U.S. government drove Stuxnet’s development, and the Pentagon is expanding its offensive capability through the nascent Cyber Command.

Then you have the Prism disclosure and PoW- US Cyber Agents Disrupt Publication of Popular Al Qaeda Magazine – This means that Obama’s cyber military is potentially capable of more targeted attacks, specified at damaging particular pieces of information or infrastructure. I wonder where they got those vulnerabilities? maybe some bad guys—/Nato_cyber_plat

What worries me is as the U.S engages in these attacks our enemies are learning what is acceptable in cyberwar. So we must be careful not to lose the fact that everyone is watching what we do and how we treat cyberspace and others governments will follow, defensive and offensive, they are learning from the best the U.S. Government -gAtO oUt

ref: http://www.reuters.com/article/2013/05/10/us-usa-cyberweapons-specialreport-idUSBRE9490EL20130510

 

http://www.businessinsider.com/us-cyber-agents-disrupt-inspire-magazine-2013-6

 

 

02/12/13

China Cyber Attack -AGAIN

gAtO tHiNk- about 2½ years ago I was reading about the Glass Dragon and Dillion Beresford ( one of my heroes) was just snooping in China, peeking and poking with a translate button. gAtO tried it and you know what – uscyberlabs.com was born. China may of been working in cyberspace for the last few years but here was proof that their infrastructure is just as shitty as ours is. china-computer-hac_1963116c

Like a gAtO I walked on by in the cyber China firewall and beyond, translated by google most of the time and the number of basic open SCADA and other sites WIDE open. What got me really hfffffiisssss gAtO mAD was that our side was doing squat. Here we where doing security like I did before I retired. Come on 6-8 years and you guys still have that same PIX firewall full of holes, outdated patches and some nameless Chinese Telecom that has installed it’s routers into the US infrastructure, come on dude, that’s not right, who approved that purchase order.

Huawei has been dropping great deal all over the world while we been in 2 major wars, China has been making friends in the Tell-com business and at one point directing 15% of all Internet traffic thru China for almost 1 hour. THAT IS BIG boys and girls.

Today China cyber warfare is no longer just talk, we have accepted it as part of life, because it is. In cyberspace there are no geo-political barriers to figure out. “They have no rules and we do”, so who do you think is going to win..ummmm let me think.// I been preaching cyber offensives solutions for a while now and yes I know the legality of it all. check out China Jinan -PLA – 12 Universities – high Tech Zone – one of the high tech China center 4 warfare – open sites…

From and old cyber hippy if you give it away to the protocol then anyone can collect it. Google, Yahoo, hell most department stores take every click, you make and store it, and dice it, and slice it, data farming -BIG DATA- to see how they can make YOU SPEND MORE MONEY on the WEB—Now if we apply the same rules that business is doing and apply it to the bad guy’s then hay we may have a good security solution. We can even apply the same practices that the bad actors use and use it ourselves. By the time you see me in your logs it’s too damm late, I’m-gAtO oUt

 

02/18/12

Joint Chiefs Chair: Chinese Hackers ‘Not Necessarily Hostile

This headline from CNN – “Joint Chiefs Chair: Chinese Hacking Not Necessarily a Hostile Act” – reads like it came from the Onion. But don’t jump into your bunker yet – the reasoning behind this apparently blissfully naive statement by General Martin Dempsey is at least slightly plausible:

Gen. Martin Dempsey, the chairman of the Joint Chiefs of Staff, said he “believe(s) someone in China is hacking into our systems and stealing technology and intellectual property, which at this point is a crime.”

But Dempsey said in testimony to the Senate Armed Services Committee that he cannot attribute the Chinese hacking to China’s military, the People’s Liberation Army (PLA).

Asked by Sen. Lindsey Graham, R-South Carolina, that if it could be proven that the PLA was behind a hacking of the defense infrastructure, whether it would it be considered a “hostile act,” Dempsey said such wasn’t necessarily the case.

Now, you can quibble over the semantics in this. A cyberattack on the United States’ defenses might not come from the Chinese government itself – though one has to wonder how much privacy hackers enjoy, given China’s notoriously censor-happy culture. Moreover, even if a private hacker was good enough to evade the Chinese government’s own crop of cybersecurity experts and bypass our security, it’s fairly obvious that the hacker in question would be able to sell his method for a very high price.

via Joint Chiefs Chair: Chinese Hackers ‘Not Necessarily Hostile’ | TheBlaze.com.

02/17/12

Hacked: How China is stealing Americas business secrets

Sen. John Kerry is fed up with Chinas penchant for looting technology from U.S. businesses — up to $400 billion worth of data each year. When will it stop?POSTED ON FEBRUARY 16, 2012, AT 3:52 PMChinese gamers at an internet cafe: Sen. John Kerry D-Mass. says Chinese hackers are illegally stealing business secrets from American firms. Photo: Imaginechina/Corbis SEE ALL 54 PHOTOSChinese Vice President Xi Jinping, slated to be the next leader of the worlds most populous nation, is getting an earful from U.S. officials over Chinas shady business practices. During Xis first official tour of the U.S. this week, Sen. John Kerry D-Mass. accused a Chinese company of bankrupting a U.S. competitor by ransacking its software. And thats just the tip of the iceberg, alleges Kerry, implicating China in “cyber-attacks, access-to-market issues, espionage [and] theft.” And, indeed, a flurry of recent reports indicate that Chinese hackers, backed by the government, are stealing business secrets from the U.S. Here, a guide:

via Hacked: How China is stealing Americas business secrets – The Week.

11/7/11

Chinese Cyber-Espionage Growing

TAIPEI – A new U.S. intelligence report declares the most active and persistent perpetrator of economic espionage is China.The report, issued by the U.S. Office of the National Counterintelligence Executive ONCIX, draws on the inputs and reporting from more than a dozen U.S. law enforcement and intelligence collection bodies, including the CIA, FBI, DIA and NSA.RELATED TOPICS. Americas-Asia & Pacific RimChina views economic espionage as an “essential tool in achieving national security and economic prosperity,

” the report said.The report – “Foreign Spies Stealing U.S. Economic Secrets in Cyberspace: Report to Congress on Foreign Economic Collection and Industrial Espionage, 2009-2011″ -

indicates the U.S. intelligence community judges the use of cyber tools is now a greater threat than more traditional espionage methods.

via Chinese Cyber-Espionage Growing: U.S. Report – Defense News.

10/22/11

Computers in China Hit by Virus -72 Percent

It’s been reported that in China the onslaught of computer virus is going up and this includes the fastest growing device smart phones. In China users are just coming from plowing fields to smartphones and computers they are not very sophisticated. They will fall victim to spams and all kinds of Social Engineering attacks. The people are just beginning to except that online services are the real world and not a virtual world. So when there online at a cafe and someone ask them for their password and login in an email they do it, or click on this link. The people in CHina as any communist country are used to someone motoring them this in it self is why they feel comfortable giving information they assume they know anyway so why not click on a link.

In the article it states that even the officials in the National Computer Virus Emergency Response Center of China are infected from cyber security incidents. The biggest culprit are smart-phones, why? Well today Smart-phones are out selling computers and hackers know this.If you infect a phone and they connect it to their computers at home wamo you have 2 for the price of one hack. SO now you have a bot-master who has control of one of the largest growing population in the world. Have you wondered why if China is not that sophisticated in computers how come a lot of attacks have come from that country. Think About it.

 

http://www.siliconindia.com/shownews/72_Percent_of_Computers_in_China_Hit_by_Virus-nid-95498-cid-2.html

 

10/21/11

China’s Cyber Militia

There’s been an interesting new development in China’s use of cyber space as an element in its intelligence and security operations. The People’s Liberation Army (PLA) is reportedly funding a vast complex of part-time cyber-devotees to supplement and compliment the official structure of cyber interception and invasion.

Equally as interesting is the willingness of the Chinese authorities to allow the publication of this fact. The first official recognition of this program occurred in one chosen hi-tech factory in 2002. According to an official PLA publication, there are now thousands of such units around the country. Obviously the proliferation was considered too great to hide.

via The American Spectator : China’s Cyber Militia.

09/23/11

China gone Cyber Wild- Cyber-attacks By China

Are we Cyber-weaklings? For the last 10 years China has gone Cyber attack Crazy.  China is the United States’ biggest creditor and our second largest (behind Canada) trade partner. China’s massive human rights violations, however, are a continuing reminder that the Communist-ruled “Middle Kingdom” is far from attaining the reformed status that is often wrongly bestowed upon it by journalists, politicians, and business leaders eager to  exploit the China market. Another reminder comes in the form of China’s aggressive espionage and cyber attacks.

Meanwhile China has cyber attacked Military, Civil and private sectors all over the world. And we are not doing anything about it because the got us by the short hair. China has been taking in money from it’s manufacturing and seeding the world with that money. While they attack everyone via cyberspace.

gAtOmAlO sAy's -- i LoVe mOuSeS tO PiEcEs -

Lockheed got cracked and not even a slap on the wrist. Were is the backlash for China? As I was researching China’s hacks in the last 10 years. I was blown away. Below is just an example of some of the attacks. Why? Why? Why? Why does the US do nothing? Why do these heavy military players have such lousy security? Why after Lockheed got hit did we give them a lucrative contract to secure our power grid? These are some of the questions that go around in my head till it hurts. Beside the military they’re going after the political arms of these entity’s. And still no response that makes sense to me.

Countries that China has Attacked

China Cyber Hackers has gone after the U.S, India, Japan, S.Korea, the UK, Gremany, Australia, France, Canada, Lantin America, New Zealand, Netherlands, Belgium, Poland, Russia, Sweden, Nepal, Sri Lanka, Taiwan, Tibet, Pakistan, Bangladesh, Iran, Latvia

China Cyber Offensives

Byzantine Hades, GhostNet, Honker Union, Titan Rain, Operation Aurora, The Dark Visitor, Red Hacker Alliance, Vulcanbot,  Lockheed Martin’s F-35 program, State Department’s East Asia Bureau, Offices of Rep. Frank Wolf, Commerce Department, Naval War College, Commerce Secretary Carlos Gutierrez and the 2003 blackout, McCain and Obama presidential campaigns, Office of Sen. Bill Nelson, D-FL, Epsilon’s email address databreach, Operation Shady RAT,

Chiese Spy’s

Larry Wu-Tai Chin, Katrina Leung, Peter Lee, Chi Mak, Ko-Suen “Bill” Moo, Shanshan Du,  Yu Qin,

 

According to U.S. investigators, China has stolen terabytes of sensitive data — from usernames and passwords for State Department computers to designs for multi-billion dollar weapons systems. And Chinese hackers show no signs of letting up. “The attacks coming out of China are not only continuing, they are accelerating,” says Alan Paller, director of research at information-security training group SANS Institute in Washington, DC.

A Wall Street Journal article in 2009 reported:Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.”The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”The espionage appeared pervasive across the U.S. and doesn’t target a particular company or region, said a former Department of Homeland Security official. “There are intrusions, and they are growing,” the former official said, referring to electrical systems.

“There were a lot last year.”

Attackers using several locations in China have leveraged C&C servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage attacks against global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information. The primary operational technique used by the attackers comprised a variety of hacker tools, including privately developed and customized RAT tools that provided complete remote administration capabilities to the attacker. RATs provide functions similar to Citrix or Microsoft Windows Terminal Services, allowing a remote individual to completely control the affected system.

Starting in November 2009, coordinated covert and targeted cyberattacks have been conducted against global oil, energy, and petrochemical companies. These attacks have involved social engineering, spear-phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations. We have identified the tools, techniques, and network activities used in these continuing attacks-which we have dubbed Night Dragon-as originating primarily in China.Some of China’s Hacks

1) Titan Rain

In 2004, an analyst named Shawn Carpenter at Sandia National Laboratories traced the origins of a massive cyber espionage ring back to a team of government sponsored researchers in Guangdong Province in China. The hackers, code named by the FBI “Titan Rain,” stole massive amounts of information from military labs, NASA, the World Bank, and others. Rather than being rewarded, Carpenter was fired and investigated after revealing his findings to the FBI, because hacking foreign computers is illegal under U.S. law. He later sued and was awarded more than $3 million. The FBI renamed Titan Rain and classified the new name. The group is still assumed to be operating.

2) State Department’s East Asia Bureau

In July 2006, the State Department admitted it had become a victim of cyber hacking after an official in “East Asia” accidentally opened an email he shouldn’t have. The attackers worked their way around the system, breaking into computers at U.S. embassies all over the region and then eventually penetrating systems in Washington as well.

3) Offices of Rep. Frank Wolf

Wolf has been one of the most outspoken lawmakers on Chinese human rights issues, so it was of little surprise when he announced that in August 2006 that his office computers had been compromised and that he suspected the Chinese government.  Wolf also reported that similar attacks had compromised the systems of several other congressmen and the office of the House Foreign Affairs Committee.

4) Commerce Department

The Commerce Department’s Bureau of Industry and Security had to throw away all of its computers in October 2006, paralyzing the bureau for more than a month due to targeted attacks originating from China. BIS is where export licenses for technology items to countries like China are issued.

5) Naval War College

In December 2006, the Naval War College in Rhode Island had to take all of its computer systems offline for weeks following a major cyber attack. One professor at the school told his students that the Chinese had brought down the system. The Naval War College is where much military strategy against China is developed.

6) Commerce Secretary Carlos Gutierrez and the 2003 blackout?

A National Journal article revealed that spying software meant to clandestinely steal personal data was found on the devices of then Commerce Secretary Carlos Gutierrez and several other officials following a trade mission to China in December 2007. That same article reported that intelligence officials traced the causes of the massive 2003 northeast blackout back to the PLA, but some analysts question the connection.

7) McCain and Obama presidential campaigns

That’s right, both the campaigns of then Senators Barack Obama and John McCain were completely invaded by cyber spies in August 2008. The Secret Service forced all campaign senior staff to replace their Blackberries and laptops. The hackers were looking for policy data as a way to predict the positions of the future winner. Senior campaign staffers have acknowledged that the Chinese government contacted one campaign and referred to information that could only have been gained from the theft.

8) Office of Sen. Bill Nelson, D-FL

At a March 2009 hearing, Nelson revealed that his office computers had been hacked three separate times and his aide confirmed that the attacks had been traced back to China. The targets of the attacks were Nelson’s foreign-policy aide, his legislative director, and a former NASA advisor.

9) Ghostnet

In March, 2009, researchers inToronto concluded a 10-month investigation that revealed a massive cyber espionage ring they called Ghostnet that had penetrated more than 1,200 systems in 103 countries. The victims were foreign embassies, NGOs, news media institutions, foreign affairs ministries, and international organizations. Almost all Tibet-related organizations had been compromised, including the offices of the Dalai Lama. The attacks used Chinese malware and came from Beijing.

10) Lockheed Martin’s F-35 program

In April, 2009, the Wall Street Journal reported that China was suspected of being behind a major theft of data from Lockheed Martin’s F-35 fighter program, the most advanced airplane ever designed. Multiple infiltrations of the F-35 program apparently went on for years.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/

http://cyber.uscyberlabs.com

http://ChinaCyberWarfare.wordpress.com

http://HacktivistBlog.wordpress.com/

 

08/23/11

DailyTech – China Brazenly Brags About Internet Attacks on U.S. in Leaked Video

Despite “smoking gun” U.S. is unlikely to act as it has a long history of tolerating China’s abuse

It seemed like just another Chinese propaganda video, designed to promote the fighting spirit of soldiers in China’s People’s Liberation Army and rouse anti-American sentiments.  The Chinese narrator boldly proclaimed, “America is the first country to propose the concept of a cyberwar, and the first country to implement it in a real war.”

I. Proof of Chinese Government Cyber-Attacks

But, as first noted by TheEpochTimes, the Chinese government unwittingly dropped a bomb shell when it used a clip of what it must have thought was stock footage.

Between 12:57 and 13:05 in the video, the B-roll clip rolled, revealing what is most westerners’ first glimpse at a live Chinese cyber-attack on the U.S.  Videographic proof that recent cyber-attacks were indeed the work of the Chinese government had never been found — until now.

At the start of the clip the reflection of a PLA officer in uniform can be seen.  We’re not sure what the text up top or below says, but if you speak Chinese please let us know…

 

The officer quickly leaves that screen, using a keyboard shortcut…. 

 

…and fires up an application whose creator is identified in GUI text as the Electrical Engineering University of China’s People’s Liberation Army.  The GUI panel contains the text “Choose Attack Target” and offers the user a choice of what reportedly are multiple Falun Gong websites (a forbidden Chinese spirtual movement) (feel free to chime in if you can read this…).

 

 

The “attack” button is pressed in the lower left-hand corner, and the video fades out, as presumably a distributed denial of service attack (possibly botnet assisted) is carried out.

 

So there it is — straight from the horse’s mouth, as they say, proof that China is indeed attacking entities in the U.S. online.


The video is available here, beware the rewind capability seems to be messed up, so just skip to around 10 minutes if you want to see the good part.

II. U.S. is Too Afraid to Stand up For Itself

We’re guessing President Barack Obama’s (D) response to this video will fall somewhere between “silence” and  ”sweeping it under the rug”.  After all, while the U.S. talked tough of physical retaliation for cyberattacks, it continues to let China bully it online.

China controls a great deal of U.S. debt and rare earth metals – a critical component to high-performance electronic devices.  The U.S. also deeply depends on China for its manufacturing needs, having done away with its own capacity to produce most products decades ago.

Likewise there’s a sort of grim complacency in the corporate world.  Google, Inc. (GOOG) claims to have its source code stolen by Chinese hackers, but has been forced into silence by the Chinese government.  The message is clear — put up with abuse, or get out of the world’s biggest market.

Similarly, antivirus firm McAfee last month aired a report on the world’s largest series of cyber-attacks dubbed “ShadyRAT”, which it said were perpetrated by a nation state.  However, when faced with the overwhelming public assumption that the attacker was China, McAfee equivocated refusing to confirm that the attacks came from China.

What reason would McAfee have for keeping the identity of the attacker in history’s most financially damaging cyberattack a secret?  Well, its parent company, Intel Corp. (INTC) has invested much in research and development and production facilities in China — facilities it doesn’t want to lose by alienating the local government.

The few people and organizations who do speak out are largely ignored.

Recent attacks on American advocacy site Change.org, who launched a campaign to free imprisoned Chinese artist Ai Weiwei, led to Secretary of State Hillary Clinton admonishing China.  But at the end of the day no decisive action was taken by the executive branch or Congress.

In short, China is reportedly gaining advanced intelligence on the U.S. military and its technological secrets; is infiltrating U.S. utilities; and stealing hundreds of millions of dollars of corporate secrets, but the U.S. has thus far kept its mouth shut.

For that reason we don’t hold much hope that this “smoking gun” will change much of anything in the way U.S. business and the U.S. government bow down to their Chinese abusers.

via DailyTech – China Brazenly Brags About Internet Attacks on U.S. in Leaked Video.