06/22/13

China Hackers found in Tor

China Hackers found in Tor

gAtO bEeN crawling - Tor and found China — China, Fujian IP found in Tor but is it really the Chinese or someone else. As I work on the Tor-Directory-Project to map out every URL in Tor. I came to these site

Anonetchina-computer-hac_1963116c

http://yaiaqf3te6khr3nd.onion/ – This sites has 3 different sites in one – 3 index front pages-DOORS - fUnNy nO?

http://lw7b7t7n7koyi6tb.onion

Now what’s so weird about these 2 sites 4 IP address on the site for proxies and Tor in CHINA.  This ain’t right, China does it’s best to block Tor and keep it’s citizens away from Tor so why would a website in Tor place these explicit IP address and telling you to use them.  In Tor you try to hide not give IP out that can be traced, so why is this different???

So I back trace these 4 sites 3 in China 1 is Soul,Korea, then you google “Fujian Providence hacking”

Yeah there are a lot of things happening in that part of China but is it really the Chinese or others. Russians maybe??

These 2 sites are linked to “Anonet” the funny (ha ha) thing is this one person that keeps popping up – (Anonymous Coward ) on both these sites-  and he/she leads back to China too mAyBe -Si-nO. The Chinese use the Anonymous Coward to mock Anonymous which are very dangerous in China but this does not look good folks.

We talk about China hacking us and when people like myself find these sites and try to report them  – no way- I’m just a nobody that has one of the largest Tor search engines around. Just from these 2 sites I have 56 URL’s – Maybe one of these cyber Professional should check these 2 sites out – I have a subscription service for Tor Search engine any governments or law enforcement out there that need this — talk to gAtO—

They may find one source of China Hacking the US and other places – gAtO oUt

Chinanet Fujian Province Network

http://1.1.7.10/  IP Address:

Chinanet Fujian Province Network

http://1.1.7.7/  IP Address:

Chinanet Fujian Province Network

http://1.234.56.4/  IP Address:

1.234.56.4  ISP: SK Broadband Co Ltd Region:

Seoul (KR)

http://1.56.75.16/  IP Address:

China Unicom Heilongjiang Province Network

1.56.75.16  ISP: Region: Harbin (CN)

02/3/13

Offensive Cyber Capabilities

Companies Need Offensive Cyber Capabilities

gAtO hEaR - about banks seek U.S Help on Iran Cyberattack’s. We hear about cyber attacks in the financial sector, the oil and energy sectors, then Leon Panetta warned perpetrators to cease hacking the US while we have all kinds of sanctions against Iran -/ this is insanity. Your telling unknown hackers (we suspected Iran) to  just stop, or what. What can we do to prevent them from launching cyber attacks against America.

So Iran has only 3 NAT-access points and 1 submarine cable (Al-Faw, Iraq submarine cable)

 

Then you have all these security people putting up defenses without building a firewall so bad-ass that they cannot do business. If we keep building these defenses it will get to a point where it defeats the purpose of the Internet. So what is the logical next move, offensive cyber weapons and capabilities. We can find these attacks and pinpoint the IP of where they are coming from then all we need is offensive tools to find them and do a seal-team 6 extraction of something like that and get the word out that we will find you and hunt you down.

One little hacker can keep a bank tied up for days in the middle of the desert. They could go after our traffic system, our rail system we know that SCADA is so messed up and in some cases open with defaults passwords. So we beat our chest like some mad gorilla and hope to scare these hackers.

My friends we must take initiative and find ways to counter these attacks no more just defense and I don’t mean a Ddos attack that can be circumvented. We need to plant Bot-nets on these people’s machines and monitor them and if we have to go physical and bring them to justice. Forget about Iran and let’s just talk about Chinese hacker attacks of our intellectual property. They just denied it and go about planning the next attack. We seen Skynet were thousands of computers were given a disk wipe and the blue screen of death. Why don’t we do the same to these hackers going after our infrastructure.

We must change our tactics and be a little more aggressive and become real cyber warriors not just defenders but attacking them and destroying their machines, their servers and routers. How about we just monitor the 1 submarine cable and 3 access points in Iran that should lead us to some of these people. The US monitors our own people then we stand by and allow other hostile countries to go and hack us. This is cyber insanity - gAtO OuT

 

09/23/11

China gone Cyber Wild- Cyber-attacks By China

Are we Cyber-weaklings? For the last 10 years China has gone Cyber attack Crazy.  China is the United States’ biggest creditor and our second largest (behind Canada) trade partner. China’s massive human rights violations, however, are a continuing reminder that the Communist-ruled “Middle Kingdom” is far from attaining the reformed status that is often wrongly bestowed upon it by journalists, politicians, and business leaders eager to  exploit the China market. Another reminder comes in the form of China’s aggressive espionage and cyber attacks.

Meanwhile China has cyber attacked Military, Civil and private sectors all over the world. And we are not doing anything about it because the got us by the short hair. China has been taking in money from it’s manufacturing and seeding the world with that money. While they attack everyone via cyberspace.

gAtOmAlO sAy's -- i LoVe mOuSeS tO PiEcEs -

Lockheed got cracked and not even a slap on the wrist. Were is the backlash for China? As I was researching China’s hacks in the last 10 years. I was blown away. Below is just an example of some of the attacks. Why? Why? Why? Why does the US do nothing? Why do these heavy military players have such lousy security? Why after Lockheed got hit did we give them a lucrative contract to secure our power grid? These are some of the questions that go around in my head till it hurts. Beside the military they’re going after the political arms of these entity’s. And still no response that makes sense to me.

Countries that China has Attacked

China Cyber Hackers has gone after the U.S, India, Japan, S.Korea, the UK, Gremany, Australia, France, Canada, Lantin America, New Zealand, Netherlands, Belgium, Poland, Russia, Sweden, Nepal, Sri Lanka, Taiwan, Tibet, Pakistan, Bangladesh, Iran, Latvia

China Cyber Offensives

Byzantine Hades, GhostNet, Honker Union, Titan Rain, Operation Aurora, The Dark Visitor, Red Hacker Alliance, Vulcanbot,  Lockheed Martin’s F-35 program, State Department’s East Asia Bureau, Offices of Rep. Frank Wolf, Commerce Department, Naval War College, Commerce Secretary Carlos Gutierrez and the 2003 blackout, McCain and Obama presidential campaigns, Office of Sen. Bill Nelson, D-FL, Epsilon’s email address databreach, Operation Shady RAT,

Chiese Spy’s

Larry Wu-Tai Chin, Katrina Leung, Peter Lee, Chi Mak, Ko-Suen “Bill” Moo, Shanshan Du,  Yu Qin,

 

According to U.S. investigators, China has stolen terabytes of sensitive data — from usernames and passwords for State Department computers to designs for multi-billion dollar weapons systems. And Chinese hackers show no signs of letting up. “The attacks coming out of China are not only continuing, they are accelerating,” says Alan Paller, director of research at information-security training group SANS Institute in Washington, DC.

A Wall Street Journal article in 2009 reported:Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.”The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”The espionage appeared pervasive across the U.S. and doesn’t target a particular company or region, said a former Department of Homeland Security official. “There are intrusions, and they are growing,” the former official said, referring to electrical systems.

“There were a lot last year.”

Attackers using several locations in China have leveraged C&C servers on purchased hosted services in the United States and compromised servers in the Netherlands to wage attacks against global oil, gas, and petrochemical companies, as well as individuals and executives in Kazakhstan, Taiwan, Greece, and the United States to acquire proprietary and highly confidential information. The primary operational technique used by the attackers comprised a variety of hacker tools, including privately developed and customized RAT tools that provided complete remote administration capabilities to the attacker. RATs provide functions similar to Citrix or Microsoft Windows Terminal Services, allowing a remote individual to completely control the affected system.

Starting in November 2009, coordinated covert and targeted cyberattacks have been conducted against global oil, energy, and petrochemical companies. These attacks have involved social engineering, spear-phishing attacks, exploitation of Microsoft Windows operating systems vulnerabilities, Microsoft Active Directory compromises, and the use of remote administration tools (RATs) in targeting and harvesting sensitive competitive proprietary operations and project-financing information with regard to oil and gas field bids and operations. We have identified the tools, techniques, and network activities used in these continuing attacks-which we have dubbed Night Dragon-as originating primarily in China.Some of China’s Hacks

1) Titan Rain

In 2004, an analyst named Shawn Carpenter at Sandia National Laboratories traced the origins of a massive cyber espionage ring back to a team of government sponsored researchers in Guangdong Province in China. The hackers, code named by the FBI “Titan Rain,” stole massive amounts of information from military labs, NASA, the World Bank, and others. Rather than being rewarded, Carpenter was fired and investigated after revealing his findings to the FBI, because hacking foreign computers is illegal under U.S. law. He later sued and was awarded more than $3 million. The FBI renamed Titan Rain and classified the new name. The group is still assumed to be operating.

2) State Department’s East Asia Bureau

In July 2006, the State Department admitted it had become a victim of cyber hacking after an official in “East Asia” accidentally opened an email he shouldn’t have. The attackers worked their way around the system, breaking into computers at U.S. embassies all over the region and then eventually penetrating systems in Washington as well.

3) Offices of Rep. Frank Wolf

Wolf has been one of the most outspoken lawmakers on Chinese human rights issues, so it was of little surprise when he announced that in August 2006 that his office computers had been compromised and that he suspected the Chinese government.  Wolf also reported that similar attacks had compromised the systems of several other congressmen and the office of the House Foreign Affairs Committee.

4) Commerce Department

The Commerce Department’s Bureau of Industry and Security had to throw away all of its computers in October 2006, paralyzing the bureau for more than a month due to targeted attacks originating from China. BIS is where export licenses for technology items to countries like China are issued.

5) Naval War College

In December 2006, the Naval War College in Rhode Island had to take all of its computer systems offline for weeks following a major cyber attack. One professor at the school told his students that the Chinese had brought down the system. The Naval War College is where much military strategy against China is developed.

6) Commerce Secretary Carlos Gutierrez and the 2003 blackout?

A National Journal article revealed that spying software meant to clandestinely steal personal data was found on the devices of then Commerce Secretary Carlos Gutierrez and several other officials following a trade mission to China in December 2007. That same article reported that intelligence officials traced the causes of the massive 2003 northeast blackout back to the PLA, but some analysts question the connection.

7) McCain and Obama presidential campaigns

That’s right, both the campaigns of then Senators Barack Obama and John McCain were completely invaded by cyber spies in August 2008. The Secret Service forced all campaign senior staff to replace their Blackberries and laptops. The hackers were looking for policy data as a way to predict the positions of the future winner. Senior campaign staffers have acknowledged that the Chinese government contacted one campaign and referred to information that could only have been gained from the theft.

8) Office of Sen. Bill Nelson, D-FL

At a March 2009 hearing, Nelson revealed that his office computers had been hacked three separate times and his aide confirmed that the attacks had been traced back to China. The targets of the attacks were Nelson’s foreign-policy aide, his legislative director, and a former NASA advisor.

9) Ghostnet

In March, 2009, researchers inToronto concluded a 10-month investigation that revealed a massive cyber espionage ring they called Ghostnet that had penetrated more than 1,200 systems in 103 countries. The victims were foreign embassies, NGOs, news media institutions, foreign affairs ministries, and international organizations. Almost all Tibet-related organizations had been compromised, including the offices of the Dalai Lama. The attacks used Chinese malware and came from Beijing.

10) Lockheed Martin’s F-35 program

In April, 2009, the Wall Street Journal reported that China was suspected of being behind a major theft of data from Lockheed Martin’s F-35 fighter program, the most advanced airplane ever designed. Multiple infiltrations of the F-35 program apparently went on for years.

My 2© cents – gatoMalo_at_uscyberlabs_dot_com

http://USCyberLabs.com/blog/

http://cyber.uscyberlabs.com

http://ChinaCyberWarfare.wordpress.com

http://HacktivistBlog.wordpress.com/