(Greek: κρυπτεία / krupteía, from κρυπτός / kruptós, “hidden, secret things”)

Archive for the ‘PLA’ Category

Handwringing, Moralizing, Anonymous, Paedophilia, and Digital Vigilantism

with 2 comments


I recently posted about the Hidden Wiki and its prevalence in hosting paedophilia content. This post may or may not have left an impression on some of the  anonymous collective to take action and perhaps sow good will for their group by hacking into the “Lolita City” site within the DarkNet and releasing thousands of users email addresses and personal data (such as it is on such a site) for the Internet to feast upon. The Anon’s are doing this for their own reasons, but the upshot of it all is that they are causing the paedophiles pain in making it hard for them to get their content as well as potentially outing them online as purveyors and consumers of this wretched content.

Since my post applauding them and giving them some direction as to how to become more of an intelligence gathering apparatus for the LEO community, some in the infosec world have come forward and voiced concerns about this line of thought. All of the talk about the morals, legalities, and philosophical aspects of Anonymous undertaking such actions has gotten me thinking quite a bit.It all raises some interesting questions and philosophical challenges.

Anonymous and Digital Vigilantism:

What I think that most people with reservations about Anonymous taking up such operations as the DarkNet op have are that these people are for the most part kids without training and without any kind of oversight. Oversight in that they could get too big for their britches (one could say that many already have) and think that they are invulnerable to attack never mind the respective laws of our society. That said, it would seem that Anonymous, Antisec, and LulzSec have already decided to take up the mantle of vigilante’s already. However, the targets have been, for the most part, varied parties that could be seen as hapless victims or as malefactors, it all depends on the point of view really.

In the case of Scientology, well, aside from religious freedoms (trust me, they are not a religion) generally the Scientologists have been pretty much seen as getting what they deserved. Today though, years later, Anonymous has begun to take on the governments of the world as well as the likes of Paedophiles online. Once again, generally, people see what they want to concerning whether governments are good or bad. Paedophiles though, pretty much are outlawed universally. So, when Anonymous decided to attack, I could not fault them one bit. However, I could perhaps fault their methods.. Only in that they were bound to only let the paedo’s get away in the end.

I have said it before and I will say it again.. “One man’s freedom fighter is another man’s terrorist” It all depends upon your perspective really. While I do not think all of their targets have been chosen wisely, I cannot fault the true believers out th4ere that they are doing something out of conscience and good. This is not to say that a certain element of the movement is in fact just in it for the lulz (i.e. Antisec and LulzSec) There certainly are factions at play who just want to see the world burn as well as garner themselves digital street cred.

Overall though, the term Vigilante denotes a person or persons (committee’s) who dole out justice summarily when the law is seen as ineffective by them. In this case, the Anon’s have taken up the mantle of vigilante in order to rid the DarkNet of paedophile content because law enforcement seems unable to effectively. Now this is also the crux of the issue in another way, as the police generally are not allowed to hack into sites and dump the dirt so to speak.. The Anon’s are unhindered here. Just as they have felt the same way about other operations where they have denied service to corporations (likening it to a digital sit in) they have crossed the line of the law, but, their methods and motivations are free of it… Until they get caught that is.

The essence of the thing is this.. “Don’t do the crime unless you can do the time” If they believe in it strongly and act upon it, then they must accept the risks of being caught and incarcerated. So far, much of the motivation I have seen by a good deal of anon’s has been motivated by convictions and beliefs. All others have been for Lulz, which is what made LulzSec even more of a problem as they just did not care. The current Antisec movement that LulzSec begat also seems to lack the conviction of their beliefs and seems more driven by ego than anything else by their writings.

And this is the difference between the chaotic Joker like actors and the Batman types.

Anonymous vs. PLA, vs. Patriot Hackers:

Pulling back a bit now, I would like to look at the macroscopic view of Vigilante behaviour versus nation state sanctioned or perhaps, a better word for it would be “condoned” actions and groups. I have written in the past about groups like the Honker Union in China as well as the colourful character known as th3j35t3r. both of these entities have had an effect on the collective consciousness concerning digital vigilante justice and I think it important that they form the contextual base for Anonymous’ actions in Operation DarkNet.

First off, ALL of these entities have been doing what they do (Jester DDOS of Jihadi sites and Anonymous, Honker, hacking against the enemies of China, and Anonymous, attacking sceintology, the gov, and paedo’s) with a mind toward doing “good” In the case of Jester, he thinks DDoS-ing jihadi sites out of a patriotic bent that will stop them from communicating. In the case of the Honker Union, they are patriots to their homeland and attack others who would do their country slight or harm. Anonymous though, started out of /b/ … Which really is a band of miscreants for the most part. However, a core group decided to take on the mantle of doing right somewhere down the line and we find swaths of them today supporting Occupy Wall Street and other political agenda’s.

The basic idea here is that they are all motivated by a belief in some greater good.. Mostly. I am sure there are on individual levels, many more motives (ego, greed, ego… the list goes on) but I will just put it to a gross generality that these people want to effect some kind of change.

At least I hope that this is the case…

What is really different though is that in the case of Jester and the Honker Union, they both are condoned if not outright supported efforts by the countries they reside in. In the case of the PLA and the Honker, there is clear connection between the state and their actions. In the case of Jester, there are allegations (made by him) that his is state sponsored.. But, I think more to the point he is condoned. Either way, the Anon’s may indeed be getting some support (moral or other) from state sponsors and not even know it. In the case of Anon, they could just become the tool of another nation state and not know any better.

Which is pretty scary.

All of these entities though, have had a greater or less effect upon the internet these last few years through their online shenanigans via hacking. The secret is this, they are just the first. There will be others to be sure.. The genie is out of the bottle on this one.

Anonymous vs. LulzSec & Antisec:

Conversely, we have LulzSec and Antisec, who both wreaked havoc on the corporations and the police of the world lately. Their reasons for doing so pretty much have been stated as “because we are bored” At the core though, there seems to be a couple of motives here from postings online. One is the afore mentioned Lulz, the other, seems to be a kind of abject hatred of authority and police. In recent hacks on the police though, there seems to be a bent toward supporting the Occupy movement as the police have had some transgressions against them. So.. They hacked the police and dumped all their data to spite them. Frankly, I see no value to this and once again, even if motivated by supporting the movement, it has no real effect on the police other than to make them more angry and reactive against the protesters.

Basically, I still see Antisec as the Penguin & Joker while Lulz as The Riddler though while Anonymous has become more like The Batman in certain quarters

Anonymous on the other hand has had its lulz, but seems to be growing up a bit and maturing. The social conscience of anon has begun to take shape and within it (movement wise) may well be the lasting component that will be its Raison d’être in the end. Time will tell though, and I hope that this is the case more so than just a bunch of malcontent’s seeking attention and excitement.

The Hand Wringing by The Infosec Community At Large:

Alright, back to the hand wringing and the moralizing post the Op DarkNet…

Certain people in the community wrote that while the empathised with what Anon was trying to do with Op DarkNet, they felt that these people were not the folks they would have doing this to start. Most of this comes from the fact that many of the players are not trained investigators and not LEO’s. I can agree with this from the perspective of legal proceedings later on. If Anonymous hacks a server and then dumps data, it could have an effect on the court case from a few perspectives;

  1. Contamination: The defense could claim that the server was hacked and the data planted
  2. The data could have indeed been tampered with by anon’s
  3. The backend of the server/dbase could in fact be shared and all those who share could be swept up in the legalities/implications
  4. The hack is enough to raise reasonable doubt

So, yes, it could be counter productive to have a vigilante force actually hack a system and report it to law enforcement. However, I would advocate that in the case of Anonymous and the paedo’s at the least, they not just hack and dump data, but instead give that data to law enforcement to start an investigation. For that matter, if Anonymous just located the servers and authenticated (sans hacking) that the content was there, they could in fact just tip off the police.

And this is at least part of what they did with Lolita City in the DarkNet. They tried to locate the server location and this alone could be a great boon for the authorities.

On the other hand, there are moral/ethical objections on the parts of some who think that perhaps letting Anonymous do this type of thing, or even encourage it is setting a bad precedent. To them, Vigilante’s are outside the scope of good behaviour and the law.. They cannot be tolerated. Personally, I think that that is a sanctimonious load of crap, but, that’s just me.

Sometimes when the system cannot function other means need to be taken to effect change. In this case, within a network that is anonymized and the authorities have had little success in catching anyone trading in paedophilia, I see no harm in Anonymous outing them.. Though, I would rather they just passed the intelligence to the LEO’s instead. It is my opinion, that if done correctly, intelligence gathering of this type with a tip off to the police has a better chance at actual arrests and convictions than to just let them go on about their peddling of child pornography.

Just one man’s opinion…

Philosophical and Ethical Stands On Being The Digital Batman:


This is the philosophical and ethical standpoint I take in being the digital Batman. Strict utilitarianism dictates that maximizing overall good is key. In this case and perhaps others, the taking down of the paedophile’s content and capturing their login credentials is enough “good” to allow for the action to be seen as acceptable. This is really the basis of The Batman’s ethics in the comics and ideally, for me on this particular incident with Anonymous.

Now, this does not mean I agree with all of their operations as well as certainly not agreeing with the bulk of the actions carried out by the Antisec movement. However, the perspective is the key I suppose. It’s a slippery slope I admit, but, in this case of OpDarkNet, I agree with the greater good being served in this case.


Here we have the Deontologists like Sam Bowne. Deontology is a nice thing to cling to the ethical rules of a governing system of laws. However, it seems to me, and others here, that this system of laws is not working against these offenders in the hidden wiki. Sure, you could say that the LEO’s have ongoing investigations, but, just how many busts have there been as opposed to the massive amount of content located on the hidden wiki and within i2p, Freenet, and TOR?

So far, I have not seen law enforcement really winning this battle.

Oh well, the Deontologists have their point of view and others have theirs. The key here is that Sammy and others like Packetknife are entitled to their point of view. They are right for themselves, and that is the issue with all philosophy and ethics arguments. Like I said, it’s all about your world view. However, I do not ascribe to a moral absolute unlike someone like Sammy.

There are no right answers. There is only what you are willing to accept for yourself.

Legal Aspects of Digital Vigilantism:

Now, on to the legal aspects here.

18 U.S.C. § 2252 : US Code – Section 2252: Certain activities relating to material involving the sexual exploitation of minors 

The US code on activities related to sexual exploitation of minors alludes to the fact that one has to “knowingly” access such content and to have more than 3 pieces of “content” to be considered guilty of child exploitation/pornography. This of course also alludes to the trafficking thereof etc etc in legalese. Where this is important for the digital Batman is where there are caveats.

(c) Affirmative Defense. - It shall be an affirmative defense to
a charge of violating paragraph (4) of subsection (a) that the
defendant -
(1) possessed less than three matters containing any visual
depiction proscribed by that paragraph; and
(2) promptly and in good faith, and without retaining or
allowing any person, other than a law enforcement agency, to
access any visual depiction or copy thereof -
(A) took reasonable steps to destroy each such visual
depiction; or
(B) reported the matter to a law enforcement agency and
afforded that agency access to each such visual depiction.

So, as I said before, if you are trying to take one of these sites down, then do turn off your browser’s images capabilities.. Hell, why not just use Lynx for that matter so as to negate the issue. However, there is a key point here that you all should take into account. It’s the bit about making the LEO’s aware of the content. This is what I was trying to get at before. If Anonymous or anyone is going to go after this content, then it would be best if you tipped off the LEO’s to the site and the content. Now, the above statement implies that if you make the tip, then you are going to let the police have your system to look at… And we all know Anonymous is not going to do that. So, just be judicious about your tip off’s to the authorities. Do your homework and dump the data to them directly, not on Pastebin.

Of course, then there are the issues of hacking a system in the first place… Well, in the DarkNet, the only thing as I see it that is key would be not leaving a trace that you were there. You know, kinda like the whole hiking ethos of only leaving footprints.. But in this case I would suggest not even a footprint should be left behind. It seems to me, that if you hack a paedo site, even with good intentions, you could get the double whammy from the authorities of hacking as well as accessing child porn…

And that could really be problematic.

So, in the end, I circle back to recommending that you become intelligence gatherers and locate the sources to report. If you locate them, and you get some good details for the authorities without having to SQLi them, all the better. You will be doing a good thing AND you will be satisfying the Deontologists in the room.

Keep your wits about you kids.


The Dragon and Eagle: China’s Rise from Hacking To Digital Espionage

with 2 comments

黑客 Transliteration into English ‘Dark Visitor’, more specifically in our colloquial language ‘Hacker’ The Dark Visitor movement of the 1990’s has morphed into a more sophisticated and government connected espionage wing today. What was once a loosely affiliated group of patriotic hackers, has been honed by the PLA (Peoples Liberation Army) into a force to be reckoned with on the stage of digital espionage and data theft.


Back in the latter 1990’s the Internet made its way to China and soon hackers began to see how the system worked. These hackers were curious about systems to start, but soon the motives changed in the Chinese hacker community due to patriotism and the inherent nature of the Chinese culture, to feel that they could avenge their country for perceived sleights by hacking web pages and defacing them. It was in 1997 that the first hacker collective was formed and named the “Green Army” and in 1998, the “Red Hacker Alliance” was formed after an Indonesian incident involving riots against the Chinese caused them to band together.

Over time, many groups would form and dissipate only to re-form. The groups would have various reasons to go on campaigns of hacking against other countries like Taiwan over political issues and the like, but it seemed for the most part the general aegis was just to hack. A change though came in the 2000’s when commercialism started to come to play. It seems that as in the West, the hackers began to see that their skills could be put to use to make money, and many of them began working as security consultants. As with the country itself, commercialisation that Deng Xiaoping had put into play with his ‘market economy’ afforded them the idea of not just being politic but also in some ways, Capitalist.

From the “Dark Visitor” by Scott Henderson its a good albeit short read on the subject. You can buy it on his site I think..

The paradigm however has changed a bit since 2005 and since, more of the hacking and the groups doing it have dual motives. Due to the PLA co-opting the hacker groups, a healthy dose of patriotism, and the general socio-political environment that the Chinese live in today, we now have both forces at work. The political and the market driven.

Motivations for APT Attacks:

Since the market economy’s beginning with Deng, China has brought itself up out of the depths that the Mao government dragged them into a burgeoning super power. Most of this economic feat has been driven by the sheer ability of the Chinese to throw immense amounts of workforce at problems. While producing cheaper and perhaps lower quality goods, they have plaid upon the capitalist nature of the west to pivot themselves into the controlling seat economically and production wise. America and other countries have locked on to the idea that hiring out to foreign workers (outsourcing) they are saving a lot on their bottom line. As well, the consumer, be they American or other, have enjoyed the advantages of cheaper products, thus they save more money on their purchases, and thus have more disposable income.

This model however has one flaw for the Chinese. While the Chinese have great skill in replicating technologies, and have created clever contracts that in the end, garner them all of the specs on how to make just about everything, they lack in the area of generating new technologies. This is the basis for their efforts within the industrial espionage area that make up quite a great number of the persistent attacks on companies in the West that have succeeded in stealing IP. It seems that the Chinese need for political status as well as economic status have created the perfect incubator for the likes of the Honker Union or the Green Army, to turn their efforts toward making China a complete superpower.

State vs. Non State Actors:

The lines between the state actor and the non state are very much blurred in China. Due to the culture, many of the hackers work together for the common goal of the state. Since 2001 though, the notion of the state actor has been more common since the PLA began to incorporate the hackers into their ranks as well as to begin training programs at universities like the Chengdu University of Technology, which, just happens to be situated within the province where the first directorate of cyber intelligence resides.

There are certainly likely to be other hackers or groups also working for themselves selling 0day and the like, but I can also envision that certain state actors might also want in on that action as well. How better to control some of the malware out there than to actually create it and sell it? Either way, the notion of separating state and non state actors in China has pretty much been a non starter for me when looking into this issue.

In the end, they all are state actors I think just by the nature of the regime.


In the beginning, the Chinese hackers were just defacing pages, but after Cult of the Dead Cow created Back Orifice, the face of hacking changed. Huang Xin
took note and created the first Chinese trojan ‘glacier‘ since then, it’s been an ever increasing world of trojans and means to get the users of systems to install them. As time progressed, and hackers had to deal with more security measures (i.e. firewalls) they all began to use guile to get the end user to do the work for them. Over the years the Chinese have gotten much better at crafting decent emails that will not ring alarm bells in users heads. These emails and exploits are what we now call ‘phishing

Additionally, the Chinese have honed the attacks to not only be sly but also they have added a very regimented structure of keeping access to the networks they have compromised. Through thorough placement of further back doors as well as creating custom code to apply to applications inside of their target infrastructures, they have managed to keep the access that they desire to exfiltrate data at their own pace. Using multiple nodes within a compromised network, they will just shrug and move on to another compromised node once they have been discovered and stopped on the original. THIS is the true meaning of “Advanced Persistent Threat” and for me it’s mostly on the persistence that the emphasis should be kept.

Moving Forward:

Recent events with Lockheed have moved me to write this blog post as well as begin a series of them on the Chinese hacking community today. My initial searches online have provided all too much data and it admittedly has me overwhelmed. This I decided to parse this all out. I wanted to cover the history, motivations, and means today. Soon I will be writing more about infrastructure and methodologies to try and give a map so to speak, of what we are dealing with as the Chinese continue to use those ‘Thousand Grains of Sand‘ against us.

But, just to give you a taste of what I am seeing… Here is just one site that I did a relational link search on:

More to come…


MID’s “Seventh Bureau” and You.

with one comment

Two examples of Chinese firms buying U.S. companies are China National Aero-Technology Import & Export Corp. (CATIC) and Huawei. In the first case, CATIC bought the American defense technology firm Mamco Manufacturing, a Seattle-based aircraft parts manufacturer, in 1990. CATIC has a direct connection to the PLA and probably wanted to use the Seattle firm to acquire aerospace technology. The U.S. investigation also found that Mamco technology itself was already under export limitations. Huawei has attempted to buy many foreign firms outright, includingU.S.-based 3com.

Huawei established a joint venture with the U.S. anti-virus software company Symantec in 2008, headquartered in Chengdu, China. At this point it only offers software in China, but STRATFOR sources say that if Huawei were to be used for Chinese intelligence, it could easily insert spyware into computer systems subscribing to the service.

In Hong Kong, agents are recruited by the MSS’ Third Bureau, which handles Chinese intelligence operations in Taiwan, Hong Kong and Macao. One of their major tasks is purchasing targeted technologies through front companies. These businesses are usually not run by intelligence officers themselves but by people who have connections, sometimes overt, to the MSS.

One recent case involved the 88 Queensway Group, named for the address of an office building in central Hong Kong that houses many state-owned Chinese companies, along with the China Investment Corporation, the country’s sovereign wealth fund. A U.S. Congressional report claimed a possible link between the building and “China’s intelligence apparatus.”

“If” Huawei were to be used for Chinese intelligence? I would probably just say “when” but, I guess one can’t be sure unless there are some serious code checks going on in the US. Anyone you know actually done a security code review of Symantec lately?

The above text comes from a recent STRATFOR bulletin on Chinese espionage tactics and organizational structure. A rather enlightening piece really for anyone interested in how the Chinese juggernaut of espionage works. Of course when you think about it, their paradigm is much different than ours of any of the other intelligence agencies in other countries just from their “Human Wave” aegis.

What I really hope here is that more corporate types are actually able to get this content from Stratfor and get enlightened on how things work. As the report states, and many of us in the security business have known, is that the Chinese are VERY focused on industrial espionage. They also carry out this espionage in rather interesting ways.

Another fascintating factoid was the following passage:

In the past, a major criticism of China’s intelligence operations was the time it took to clone a weapons system — gather the information, reverse-engineer the system and put the pieces back together. By the time something was copied from an adversary’s arsenal, the adversary had already advanced another step ahead. That does not seem to be such a problem today, especially in those areas involving asymmetrical technologies such as anti-ship ballistic missiles, which China is developing on its own.

I believe that this paragraph infers a lot on the revelations about Operation “AURORA” and others like it of late. You see, traditional espionage takes more time to develop assets and get the data. With the new techniques of Advanced Persistent Threat technology, they can harvest the data at the speed of PWN. So, it’s in their best interest for getting the data and reverse R&D to just steal  it through hard to detect channels.

THIS is something that the mainstream media nor the “in the know” guys are not getting across to the masses. It is only natural that their paradigm would change and thus the “attacks” would ramp up.. Well, at least that we would finally catch on to the fact that they are doing this. We have been asleep at the digital security wheel far too long.

So, there you have it. Take a look at the report and read for yourselves.

“Know your enemy, Know yourself, Win the battle”