|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: black hat .cn networks
I found a myth on this list that hacking a computer system is a death sentence. I really don't know where and when this mythin is spreading on the Internet. I guess the myth came from a case that a hacker was executed, maybe two years ago, and he was the first hacker sent on trial. I read that news couple of years ago both in English and Chinese. The hacker actually was executed for stealing millions of dollars from a bank he used work for, NOT for HACKING. According to Chinese law, any criminal commited to crime that evolves more than $100,000 (the exact number might be wrong) can be sentenced to death. However, nobody noticed the crime behind of hacking but only hacking itself. As far as I know, again my information might be out-of-date, China does not have a law specifically for hacking a computer system if the hacking itself does not cause any "damage" (I cannot define the damage here however). Recently I read a news on the 'Net saying that the People's Daily, which is the official newspaper of China government, posted a message said, it was illegel to lauch attack to any computer system. I don't have more detailed information on this since I am not in Beijing at this moment. Justin Hinderliter wrote: > > For those looking for evidence of attacks, I personally know of 3 boxes that > were hit and rooted this morning. The three attacks happened between 6:20am > and 7:04am. One NT box, one Linux box, and one as of yet unknown OS > (haven't gotten ahold of the person yet, but his bandwidth's maxed out and > way over what it ever is by about 15x). They're hitting port 80 this > morning. One hit from a Mapquest IP, one from bucket.rutgers.edu > 165.230.8.106, and one from an APNIC netblock 210.33.68.1 . The webpages > they left indicated "fuq you, Americans" and indicated that they were part > of the Chinese offensive. PAM session authentication on the linux box noted > that a session was opened by user htdig (uid 0) and closed 4ms later. > Syslogs were wiped, so were last and lastlog output. The logs are available > still despite their efforts since the precaution was taken to have them sent > elsewhere and mailed immediately to boot. Other boxes may have been gotten > to as well, still looking at them all and unplugging them as I go/advising > suspected customers to unplug as well as I find them. > > Fuq U2, Chinese. Got plenty of evidence here, and there's a death sentence > in China for doing this... provided it was really Chinese responsible. I'm > happily contributing all info I have towards investigation and prosecution, > and am going to get Mapquest and rutgers.edu to dig up all info they can to > track this shit back to where they got hit from. > > Hey, just found another one. Note that all Linux boxes were locked pretty > damned tight, and even blocked numerous connection attempts on port 80 with > portsentry killing the connection and then dropping them to a null route. > But all it took was 4ms to run that script. Apparently there's probably a > hole in apache 1.3.14-2, as there were no world-writable files in the htp > root structure... bugtraq should be interested in this. Have to see what I > can dig up post mortem as far as what they used. > > "Time for a malenki lemtock of the ole ultraviolence, me droogs." > > Cheers. -- --------------------------------------------------------------- Franklin Lian (Lian Zidan) Global One Principal Engineer Mailstop: VAOAKM0201 Email: [email protected] 13775 McLearen Road Tel: (703)375-7893 Oak Hill, VA 20171 Fax: (703)471-3380 U.S.A. ---------------------------------------------------------------
|