Loading ...
Sorry, an error occurred while loading the content.

Re: [iwar] Is China's Guandong province ground zero for hackers?

Expand Messages
  • Brian McWilliams
    Vamosis s article is interesting speculation, but in the case of Code Red, there s evidence China *wasn t* ground zero:
    Message 1 of 6 , Sep 1, 2001
    • 0 Attachment
      Vamosis's article is interesting speculation, but in the case of Code Red,
      there's evidence China *wasn't* ground zero:

      http://www.newsbytes.com/news/01/169636.html

      China and Korea are renowned for having lots of easily compromised systems
      with non-existent system administrators. What's to say some kid from Fargo
      isn't using Guangdong as his launch pad?

      Brian


      At 02:46 AM 9/1/01, Fred Cohen wrote:
      >Is China's Guandong province ground zero for hackers?
      >
      >By Robert Vamosi, AnchorDesk, 8/31/2001
      >http://dailynews.yahoo.com/h/zd/20010830/tc/is_china_s_guandong_province_ground_zero_for_hackers__1.html
      >
      >Last week, while discussing new priorities for the Department of Defense
      >(news - web sites), Secretary of Defense Donald Rumsfeld told the
      >Washington Post that "serious moves to transform the military to meet
      >such emerging threats as computer warfare, terrorism and missile
      >proliferation will not produce new war-fighting capabilities for a
      >number of years." Although paraphrased, it sounds to me like Secretary
      >Rumsfeld just told our enemies that we're years away from defending
      >ourselves against cyberterrorism. Oops. Now is not the time to admit
      >weakness in this area, Mr. Secretary.
      >
      >Quietly, the U.S. government had been hacking away at cyberterrorism.
      >The EP-3E spy plane that crash-landed in China earlier this year was,
      >according to James Bamford in his keynote speech at this year's Black
      >Hat Briefing, working for the National Security Agency. Even the 1999
      >war in Kosovo featured early information warfare techniques against the
      >Serbian government. A recent report by MSNBC explains the emerging
      >global information warfare threat in greater detail. If the secretary
      >is serious about transforming the U.S. defense department, then let me
      >suggest that it is much more prudent to shore up our computer networks
      >today than to invest in the 20-year-old concept of laser-toting
      >satellites orbiting the earth tomorrow: Our computer networks are
      >already under serious attack.
      >
      >HOSTILE NATIONS, and for that matter, hostile groups, such as Osama bin
      >Laden (news - web sites)'s followers, realize they can't challenge the
      >U.S. military one-on-one. But they can disrupt our utilities, our
      >telecommunications, and our e-commerce. Just last spring, during a
      >period of rolling blackouts in Northern California, someone hacked into
      >the California Independent System Operators system, which regulates the
      >flow of power in the state. The malicious users were stopped before
      >they caused any damage, but the incident shows how vulnerable our
      >ancillary government agencies are to attack. The hack was traced back
      >to the Guangdong province in China. Turns out, this was not an isolated
      >incident.
      >
      >A few weeks ago, I wrote that students at Foshan University in
      >Guangdong, China, may have created the Code Red worm. Shortly after
      >that column appeared, someone at the Defense Department called me with a
      >serious interest in that information. Now, the recent and very nasty
      >Offensive Trojan horse also happens to share a connection to Guangdong.
      >I don't think this is a coincidence.
      >
      >Guangdong is the largest and wealthiest province, and Hainan Island, the
      >site where the American EP-3E plane was held after landing last April,
      >is nearby. According to a report prepared by the security company
      >Vigilinx, Guangdong is also home to hacker groups, such as the Honker
      >Union of China (also known as the Red Guest Alliance) and China Eagle,
      >and to criminal extortionists who have been terrorizing Hong Kong's
      >financial networks for years. Guangdong also happens to be very
      >beautiful, historic, and the focus of major Western investment and
      >tourism.
      >
      >RATHER THAN ASSUME the Chinese government is behind Code Red and
      >Offensive, I think it is more credible that different groups of
      >individuals within Guangdong might be hacking the United States and
      >other nations (like Japan) for their own reasons. Like the cracker
      >activity once seen in Eastern Europe, these exploits may not be a
      >political expression against, but a general frustration with, Western
      >arrogance and influence. The crackers in Guangdong seem to be doing
      >their own thing, and they are definitely pushing the envelope of what is
      >possible in terms of malicious activity on the Internet.
      >
      >Whatever their motives, I suggest we'll hear even more from the crackers
      >in Guangdong. If ego is involved, these crackers probably aren't done
      >flexing their programming muscles or announcing themselves to the world.
      >Now, thanks to comments from the U.S. Defense Secretary, others
      >elsewhere might also be tempted to join in their fun.
      >
      >
      >
      >------------------
      >http://all.net/
      >
      >Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    • e.r.
      SURE IS. LOOK AT THE PLA WIREING DIAGRAM, AND IT IS QUIRE CLEAR/ ... __________________________________________________ Do You Yahoo!? Get personalized email
      Message 2 of 6 , Sep 1, 2001
      • 0 Attachment
        SURE IS. LOOK AT THE PLA WIREING DIAGRAM, AND IT IS QUIRE CLEAR/
        --- Brian McWilliams <brian@...> wrote:
        > Vamosis's article is interesting speculation, but in the case of Code
        > Red,
        > there's evidence China *wasn't* ground zero:
        >
        > http://www.newsbytes.com/news/01/169636.html
        >
        > China and Korea are renowned for having lots of easily compromised
        > systems
        > with non-existent system administrators. What's to say some kid from
        > Fargo
        > isn't using Guangdong as his launch pad?
        >
        > Brian
        >
        >
        > At 02:46 AM 9/1/01, Fred Cohen wrote:
        > >Is China's Guandong province ground zero for hackers?
        > >
        > >By Robert Vamosi, AnchorDesk, 8/31/2001
        >
        >http://dailynews.yahoo.com/h/zd/20010830/tc/is_china_s_guandong_province_ground_zero_for_hackers__1.html
        > >
        > >Last week, while discussing new priorities for the Department of
        > Defense
        > >(news - web sites), Secretary of Defense Donald Rumsfeld told the
        > >Washington Post that "serious moves to transform the military to
        > meet
        > >such emerging threats as computer warfare, terrorism and missile
        > >proliferation will not produce new war-fighting capabilities for a
        > >number of years." Although paraphrased, it sounds to me like
        > Secretary
        > >Rumsfeld just told our enemies that we're years away from defending
        > >ourselves against cyberterrorism. Oops. Now is not the time to
        > admit
        > >weakness in this area, Mr. Secretary.
        > >
        > >Quietly, the U.S. government had been hacking away at
        > cyberterrorism.
        > >The EP-3E spy plane that crash-landed in China earlier this year
        > was,
        > >according to James Bamford in his keynote speech at this year's
        > Black
        > >Hat Briefing, working for the National Security Agency. Even the
        > 1999
        > >war in Kosovo featured early information warfare techniques against
        > the
        > >Serbian government. A recent report by MSNBC explains the emerging
        > >global information warfare threat in greater detail. If the
        > secretary
        > >is serious about transforming the U.S. defense department, then let
        > me
        > >suggest that it is much more prudent to shore up our computer
        > networks
        > >today than to invest in the 20-year-old concept of laser-toting
        > >satellites orbiting the earth tomorrow: Our computer networks are
        > >already under serious attack.
        > >
        > >HOSTILE NATIONS, and for that matter, hostile groups, such as Osama
        > bin
        > >Laden (news - web sites)'s followers, realize they can't challenge
        > the
        > >U.S. military one-on-one. But they can disrupt our utilities, our
        > >telecommunications, and our e-commerce. Just last spring, during a
        > >period of rolling blackouts in Northern California, someone hacked
        > into
        > >the California Independent System Operators system, which regulates
        > the
        > >flow of power in the state. The malicious users were stopped before
        > >they caused any damage, but the incident shows how vulnerable our
        > >ancillary government agencies are to attack. The hack was traced
        > back
        > >to the Guangdong province in China. Turns out, this was not an
        > isolated
        > >incident.
        > >
        > >A few weeks ago, I wrote that students at Foshan University in
        > >Guangdong, China, may have created the Code Red worm. Shortly after
        > >that column appeared, someone at the Defense Department called me
        > with a
        > >serious interest in that information. Now, the recent and very
        > nasty
        > >Offensive Trojan horse also happens to share a connection to
        > Guangdong.
        > >I don't think this is a coincidence.
        > >
        > >Guangdong is the largest and wealthiest province, and Hainan Island,
        > the
        > >site where the American EP-3E plane was held after landing last
        > April,
        > >is nearby. According to a report prepared by the security company
        > >Vigilinx, Guangdong is also home to hacker groups, such as the
        > Honker
        > >Union of China (also known as the Red Guest Alliance) and China
        > Eagle,
        > >and to criminal extortionists who have been terrorizing Hong Kong's
        > >financial networks for years. Guangdong also happens to be very
        > >beautiful, historic, and the focus of major Western investment and
        > >tourism.
        > >
        > >RATHER THAN ASSUME the Chinese government is behind Code Red and
        > >Offensive, I think it is more credible that different groups of
        > >individuals within Guangdong might be hacking the United States and
        > >other nations (like Japan) for their own reasons. Like the cracker
        > >activity once seen in Eastern Europe, these exploits may not be a
        > >political expression against, but a general frustration with,
        > Western
        > >arrogance and influence. The crackers in Guangdong seem to be doing
        > >their own thing, and they are definitely pushing the envelope of
        > what is
        > >possible in terms of malicious activity on the Internet.
        > >
        > >Whatever their motives, I suggest we'll hear even more from the
        > crackers
        > >in Guangdong. If ego is involved, these crackers probably aren't
        > done
        > >flexing their programming muscles or announcing themselves to the
        > world.
        > >Now, thanks to comments from the U.S. Defense Secretary, others
        > >elsewhere might also be tempted to join in their fun.
        > >
        > >
        > >
        > >------------------
        > >http://all.net/
        > >
        > >Your use of Yahoo! Groups is subject to
        > http://docs.yahoo.com/info/terms/
        >
        >


        __________________________________________________
        Do You Yahoo!?
        Get personalized email addresses from Yahoo! Mail
        http://personal.mail.yahoo.com/
      • David Kennedy CISSP
        ZDNet: Is China s Guandong province ground zero for hackers? Is China s Guandong province ground zero for hackers? By Robert Vamosi, AnchorDesk August 28, 2001
        Message 3 of 6 , Sep 4, 2001
        • 0 Attachment
          ZDNet: Is China's Guandong province ground zero for hackers?


          Is China's Guandong province ground zero for hackers?
          By Robert Vamosi, AnchorDesk
          August 28, 2001 9:00 PM PT
          URL: http://www.zdnet.com/zdnn/stories/comment/0,5859,2808609,00.html

          Last week, while discussing new priorities for the Department of Defense,
          Secretary of Defense Donald Rumsfeld told the Washington Post that "serious
          moves to transform the military to meet such emerging threats as computer
          warfare, terrorism and missile proliferation will not produce new
          war-fighting capabilities for a number of years." Although paraphrased, it
          sounds to me like Secretary Rumsfeld just told our enemies that we're years
          away from defending ourselves against cyberterrorism. Oops. Now is not
          the time to admit weakness in this area, Mr. Secretary.

          Quietly, the U.S. government had been hacking away at cyberterrorism. The
          EP-3E spy plane that crash-landed in China earlier this year was, according
          to James Bamford in his keynote speech at this year's Black Hat Briefing,
          working for the National Security Agency. Even the 1999 war in Kosovo
          featured early information warfare techniques against the Serbian
          government. A recent report by MSNBC explains the emerging global
          information warfare threat in greater detail. If the secretary is serious
          about transforming the U.S. defense department, then let me suggest that it
          is much more prudent to shore up our computer networks today than to invest
          in the 20-year-old concept of laser-toting satellites orbiting the earth
          tomorrow: Our computer networks are already under serious attack.

          HOSTILE NATIONS, and for that matter, hostile groups, such as Osama bin
          Laden's followers, realize they can't challenge the U.S. military
          one-on-one. But they can disrupt our utilities, our telecommunications, and
          our e-commerce. Just last spring, during a period of rolling blackouts in
          Northern California, someone hacked into the California Independent System
          Operators system, which regulates the flow of power in the state. The
          malicious users were stopped before they caused any damage, but the
          incident shows how vulnerable our ancillary government agencies are to
          attack. The hack was traced back to the Guangdong province in China.
          Turns out, this was not an isolated incident.

          A few weeks ago, I wrote that students at Foshan University in Guangdong,
          China, may have created the Code Red worm. Shortly after that column
          appeared, someone at the Defense Department called me with a serious
          interest in that information. Now, the recent and very nasty Offensive
          Trojan horse also happens to share a connection to Guangdong. I don't
          think this is a coincidence.

          Guangdong is the largest and wealthiest province, and Hainan Island, the
          site where the American EP-3E plane was held after landing last April, is
          nearby. According to a report prepared by the security company Vigilinx,
          Guangdong is also home to hacker groups, such as the Honker Union of China
          (also known as the Red Guest Alliance) and China Eagle, and to criminal
          extortionists who have been terrorizing Hong Kong's financial networks for
          years. Guangdong also happens to be very beautiful, historic, and the focus
          of major Western investment and tourism.

          RATHER THAN ASSUME the Chinese government is behind Code Red and Offensive,
          I think it is more credible that different groups of individuals within
          Guangdong might be hacking the United States and other nations (like Japan)
          for their own reasons. Like the cracker activity once seen in Eastern
          Europe, these exploits may not be a political expression against, but a
          general frustration with, Western arrogance and influence. The crackers in
          Guangdong seem to be doing their own thing, and they are definitely pushing
          the envelope of what is possible in terms of malicious activity on the
          Internet.

          Whatever their motives, I suggest we'll hear even more from the crackers in
          Guangdong. If ego is involved, these crackers probably aren't done flexing
          their programming muscles or announcing themselves to the world. Now,
          thanks to comments from the U.S. Defense Secretary, others elsewhere might
          also be tempted to join in their fun.
        • Leo, Ross
          I agree with some of what Vamosi has stated - The Honourable Rumsfield should know better than to display his hoof-in-mouth illness so publicly - From the Say
          Message 4 of 6 , Sep 5, 2001
          • 0 Attachment
            I agree with some of what Vamosi has stated - The Honourable Rumsfield
            should know better than to display his hoof-in-mouth illness so publicly -

            From the "Say It Ain't So" Desk:

            The EP-3 was working for the NSA (duh)!? And this is supposed to be news?
            To Whom? Certainly not to the PRC folks...

            From the "Buy the Farm, But Don't Bet Your Life On It" Department:

            Just because it appears to be frustrated hackers doing their own thing
            against the soulless, repressive Western Capitalist pigs doesn't mean it is.
            Seemingly disorganized, disparate groups using diverse methods to harass is
            a very old tactic employed by the USSR (and others, including the US) in
            years past. It is currently in use by terrorist groups that we all know.
            The spreading of disinformation is an old trick that continues to work well
            - even better with the Internet to help it. This is once again an example
            of [naive] perception becoming the asymptotic equivalent of reality.

            From the "Trust But Verify" Division:

            Re The PRC Government's denial of involvement in Code Red: How difficult is
            it to flatly deny something you know with certainty can't be conclusively
            proven, especially when you control the source?






            -----Original Message-----
            From: David Kennedy CISSP [ mailto:david.kennedy@...
            <mailto:david.kennedy@...> ]
            Sent: Tuesday, September 04, 2001 13:14
            To: access; IWAR
            Subject: [iwar] Is China's Guandong province ground zero for hackers?


            ZDNet: Is China's Guandong province ground zero for hackers?


            Is China's Guandong province ground zero for hackers?
            By Robert Vamosi, AnchorDesk
            August 28, 2001 9:00 PM PT
            URL: http://www.zdnet.com/zdnn/stories/comment/0,5859,2808609,00.html
            <http://www.zdnet.com/zdnn/stories/comment/0,5859,2808609,00.html>

            Last week, while discussing new priorities for the Department of Defense,
            Secretary of Defense Donald Rumsfeld told the Washington Post that "serious
            moves to transform the military to meet such emerging threats as computer
            warfare, terrorism and missile proliferation will not produce new
            war-fighting capabilities for a number of years." Although paraphrased, it
            sounds to me like Secretary Rumsfeld just told our enemies that we're years
            away from defending ourselves against cyberterrorism. Oops. Now is not
            the time to admit weakness in this area, Mr. Secretary.

            Quietly, the U.S. government had been hacking away at cyberterrorism. The
            EP-3E spy plane that crash-landed in China earlier this year was, according
            to James Bamford in his keynote speech at this year's Black Hat Briefing,
            working for the National Security Agency. Even the 1999 war in Kosovo
            featured early information warfare techniques against the Serbian
            government. A recent report by MSNBC explains the emerging global
            information warfare threat in greater detail. If the secretary is serious
            about transforming the U.S. defense department, then let me suggest that it
            is much more prudent to shore up our computer networks today than to invest
            in the 20-year-old concept of laser-toting satellites orbiting the earth
            tomorrow: Our computer networks are already under serious attack.

            HOSTILE NATIONS, and for that matter, hostile groups, such as Osama bin
            Laden's followers, realize they can't challenge the U.S. military
            one-on-one. But they can disrupt our utilities, our telecommunications, and
            our e-commerce. Just last spring, during a period of rolling blackouts in
            Northern California, someone hacked into the California Independent System
            Operators system, which regulates the flow of power in the state. The
            malicious users were stopped before they caused any damage, but the
            incident shows how vulnerable our ancillary government agencies are to
            attack. The hack was traced back to the Guangdong province in China.
            Turns out, this was not an isolated incident.

            A few weeks ago, I wrote that students at Foshan University in Guangdong,
            China, may have created the Code Red worm. Shortly after that column
            appeared, someone at the Defense Department called me with a serious
            interest in that information. Now, the recent and very nasty Offensive
            Trojan horse also happens to share a connection to Guangdong. I don't
            think this is a coincidence.

            Guangdong is the largest and wealthiest province, and Hainan Island, the
            site where the American EP-3E plane was held after landing last April, is
            nearby. According to a report prepared by the security company Vigilinx,
            Guangdong is also home to hacker groups, such as the Honker Union of China
            (also known as the Red Guest Alliance) and China Eagle, and to criminal
            extortionists who have been terrorizing Hong Kong's financial networks for
            years. Guangdong also happens to be very beautiful, historic, and the focus
            of major Western investment and tourism.

            RATHER THAN ASSUME the Chinese government is behind Code Red and Offensive,
            I think it is more credible that different groups of individuals within
            Guangdong might be hacking the United States and other nations (like Japan)
            for their own reasons. Like the cracker activity once seen in Eastern
            Europe, these exploits may not be a political expression against, but a
            general frustration with, Western arrogance and influence. The crackers in
            Guangdong seem to be doing their own thing, and they are definitely pushing
            the envelope of what is possible in terms of malicious activity on the
            Internet.

            Whatever their motives, I suggest we'll hear even more from the crackers in
            Guangdong. If ego is involved, these crackers probably aren't done flexing
            their programming muscles or announcing themselves to the world. Now,
            thanks to comments from the U.S. Defense Secretary, others elsewhere might
            also be tempted to join in their fun.





            ------------------
            http://all.net/ <http://all.net/>

            Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
            <http://docs.yahoo.com/info/terms/>





            [Non-text portions of this message have been removed]
          • Tony Bartoletti
            ... I cannot resist ... :) ... Perhaps he was taking a page from Sun Tsu: When you are strong, make the enemy believe you are weak. ... Gee, I thought it was
            Message 5 of 6 , Sep 5, 2001
            • 0 Attachment
              ... I cannot resist ... :)

              At 08:50 AM 9/5/01 -0500, you wrote:
              >I agree with some of what Vamosi has stated - The Honourable Rumsfield
              >should know better than to display his hoof-in-mouth illness so publicly -

              Perhaps he was taking a page from Sun Tsu: When you are strong, make the
              enemy believe you are weak.

              > >From the "Say It Ain't So" Desk:
              >
              >The EP-3 was working for the NSA (duh)!? And this is supposed to be news?
              >To Whom? Certainly not to the PRC folks...

              Gee, I thought it was the Department of Agriculture that conducted foreign
              signals surveillance ...

              > >From the "Buy the Farm, But Don't Bet Your Life On It" Department:
              >
              >Just because it appears to be frustrated hackers doing their own thing
              >against the soulless, repressive Western Capitalist pigs doesn't mean it is.
              >Seemingly disorganized, disparate groups using diverse methods to harass is
              >a very old tactic employed by the USSR (and others, including the US) in
              >years past. It is currently in use by terrorist groups that we all know.
              >The spreading of disinformation is an old trick that continues to work well
              >- even better with the Internet to help it. This is once again an example
              >of [naive] perception becoming the asymptotic equivalent of reality.

              Too much to say on this one. The observation cuts both ways. The activity
              in question is so easily accomplished by almost any small ring of dedicated
              code-heads, it could have been Elbonians who developed the virus and
              planted it surreptitiously.

              The related article on the GAO report seems particularly provocative. "...
              is believed to have started at a university in
              Guangdong, China." Without any further elaboration. Does the GAO maintain
              foreign operatives that ferret out this information? Was the conclusion
              based upon some kind of firsthand evidence? Perhaps a leak from a U.S.
              security agency? Or was the statement simply a reflection of the
              "consensus gut feeling". Curiously gratuitous offering from a
              congressional report.

              > >From the "Trust But Verify" Division:
              >
              >Re The PRC Government's denial of involvement in Code Red: How difficult is
              >it to flatly deny something you know with certainty can't be conclusively
              >proven, especially when you control the source?

              Not sure what you mean by "control the source". I can "flatly deny"
              involvement myself (or, claim to be the actual author, having subsequently
              destroyed all source material.) What percentage of people who hear this
              proclamation would be in a position to assess its accuracy?

              For that matter, suppose both that China "created or endorsed" this virus,
              and knew that it could be "conclusively proven" (to some tiny band of
              highly compartmented analysts.) What harm would there be in "flatly
              denying" involvement? Some 99.99% of the audience would have no way to
              appreciate or understand such a "proof of involvement". What would China
              care about the fact that some tiny number of people know that the denial
              was a falsehood? Do they get assessed some extra penalty points in the big
              game?

              (Man, this iwar/misinformation stuff can make you real cynical ;)

              ___tony___




              Tony Bartoletti 925-422-3881 <azb@...>
              Information Operations, Warfare and Assurance Center
              Lawrence Livermore National Laboratory
              Livermore, CA 94551-9900
            Your message has been successfully submitted and would be delivered to recipients shortly.