Home page logo

nanog logo nanog mailing list archives

Re: black hat .cn networks
From: "Franklin Lian" <Franklin.Lian () globalone net>
Date: Tue, 08 May 2001 12:27:30 -0400

I found a myth on this list that hacking a computer system is a
death sentence.  I really don't know where and when this mythin is
spreading on the Internet.

I guess the myth came from a case that a hacker was executed, maybe
two years ago, and he was the first hacker sent on trial.  I read
that news couple of years ago both in English and Chinese.  The
hacker actually was executed for stealing millions of dollars from
a bank he used work for, NOT for HACKING.  According to Chinese law,
any criminal commited to crime that evolves more than $100,000 
(the exact number might be wrong) can be sentenced to death.

However, nobody noticed the crime behind of hacking but only hacking

As far as I know, again my information might be out-of-date, China
does not have a law specifically for hacking a computer system if
the hacking itself does not cause any "damage" (I cannot define the
damage here however).

Recently I read a news on the 'Net saying that the People's Daily,
which is the official newspaper of China government, posted a message
said, it was illegel to lauch attack to any computer system.  I don't
have more detailed information on this since I am not in Beijing at
this moment.

Justin Hinderliter wrote:

For those looking for evidence of attacks, I personally know of 3 boxes that
were hit and rooted this morning.  The three attacks happened between 6:20am
and 7:04am.  One NT box, one Linux box, and one as of yet unknown OS
(haven't gotten ahold of the person yet, but his bandwidth's maxed out and
way over what it ever is by about 15x).  They're hitting port 80 this
morning.  One hit from a Mapquest IP, one from bucket.rutgers.edu,  and one from an APNIC netblock .   The webpages
they left indicated "fuq you, Americans" and indicated that they were part
of the Chinese offensive.  PAM session authentication on the linux box noted
that a session was opened by user htdig (uid 0) and closed 4ms later.
Syslogs were wiped, so were last and lastlog output.  The logs are available
still despite their efforts since the precaution was taken to have them sent
elsewhere and mailed immediately to boot.  Other boxes may have been gotten
to as well, still looking at them all and unplugging them as I go/advising
suspected customers to unplug as well as I find them.

Fuq U2, Chinese. Got plenty of evidence here, and there's a death sentence
in China for doing this... provided it was really Chinese responsible.  I'm
happily contributing all info I have towards investigation and prosecution,
and am going to get Mapquest and rutgers.edu to dig up all info they can to
track this shit back to where they got hit from.

Hey, just found another one.  Note that all Linux boxes were locked pretty
damned tight, and even blocked numerous connection attempts on port 80 with
portsentry killing the connection and then dropping them to a null route.
But all it took was 4ms to run that script.  Apparently there's probably a
hole in apache 1.3.14-2, as there were no world-writable files in the htp
root structure...  bugtraq should be interested in this.  Have to see what I
can dig up post mortem as far as what they used.

"Time for a  malenki lemtock of the ole ultraviolence, me droogs."


Franklin Lian (Lian Zidan)           Global One
Principal Engineer                   Mailstop: VAOAKM0201
Email: Franklin.Lian () Globalone net   13775 McLearen Road
Tel: (703)375-7893                   Oak Hill, VA 20171
Fax: (703)471-3380                   U.S.A.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]