China takes off cyber gloves

China takes off cyber gloves
China takes off cyber gloves

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Transfer-Encoding: QUOTED-PRINTABLE

By Richard Stiennon
Stiennon on Security

I have a picture in my head of a huge building just outside of the 
Forbidden City in Beijing.  It is post industrial classical like a lot 
of the newer government buildings in China=E2=80=99s capital city. It has few 
windows and no identifier on the front, just a big red poster acclaiming 
the 2008 Olympics.  Inside there are vast rooms with desks and 
computers. Sitting at those desks are uniform wearing Red Army Hackers.  
There are large overhead screens reminiscent of Japanese KanBan systems 
with attack targets and progress charts depicting the daily activity.  
One floor might be dedicated to censors. Most of them are busy 
identifying pornography sites but special groups are dedicated to 
finding and blocking Chinese access to information on Tibet, Taiwan, and 
Falun Gong.

Another room is dedicated to espionage where tools are developed and 
deployed to attack the Pentagon, Whitehall, and the German Chancellery.  
In this room last week the order was spread to infiltrate and spy on 
organizers and supports of Tibetan protests.  The coders quickly modify 
Trojan Horse software and package it for the English speaking 
infiltrators to append to documents carefully crafted email messages and 
documents.  Attackers then send the messages to lists of members of 
Tibetan organizations.  Hundreds of =E2=80=9Csignal analysts=E2=80=9D then pour through 
the results of captured files, keystrokes, and Skype conversations of 
the unwitting targets.

That is modern information warfare. The fact that the Chinese are doing 
this indicates to me that the picture in my head is probably fairly 
accurate.  From F-Secure=E2=80=99s superb analysis of one such email:

    The exploit silently drops and runs a file called C:\Program 
    Files\Update\winkey.exe. This is a keylogger that collects and sends 
    everything typed on the affected machine to a server running at And is a Chinese DNS-bouncer system that, 
    while not rogue by itself, has been used over and over again in 
    various targeted attacks.

Are you a manufacturer? Are you responsible for IT Security at a 
government agency or research lab? Are you an athlete? Do you represent 
the cause of freedom in Tibet or peace in Darfur ?  If so, you have a 
new enemy.  The government of the largest country in the world is after 
your data. They have resources you cannot even dream of. They are 
organized. They know what they are doing.

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods