From China With "Love" - Exposing the HKLeaks Propaganda Campaign - An OSINT Analysis

I've recently came across to a currently active information warfare operation propaganda campaign courtesy of China that somehow aims to successfully identify protesters using a variety of "leak" based Web sites.

In this analysis I'll provide actionable intelligence on the whereabouts of the individuals behind these campaigns and offer an in-depth technical discussion on their online whereabouts.

Based on a variety of publicly accessible sources including the use of  WhoisXML API's WHOIS database I've managed to find the following domains which are known to have been involved in the campaign including one personally identifiable email address which could lead to possible cyber campaign attribution campaigns.

Sample domains known to have been involved in the HKLeaks information warfare propaganda campaign:

hxxp://hkleaks.pk

hxxp://hkleaks.ru

hxxp://hkleaks.pk

hxxp://hkleaks.tj

hxxp://hkleaks.ml - Email: spiker@elude.in

hxxp://hkleaks.af

hxxp://hkleaks.cc

hxxp://hkleaks.pw

hxxp://hkleaks.kz

hxxp://hkleaks.kg

Sample email address accounts known to have been involved in the campaign:

hkleaks@yandex.com

hongkongmob@163.com

Hongkongmob@protonmail.com

hongkongmob@yandex.com

Sample responding IPs known to have been involved in the campaign:

185.178.208.132

185.178.208.152

96.126.123.244

194.58.112.174

45.33.18.44

45.33.23.183

72.14.178.174

186.2.163.203

45.33.20.235

72.14.185.43

173.255.194.134

45.79.19.196

186.2.163.140

45.56.79.23

186.2.163.60

186.2.163.7

45.33.2.79

186.2.163.210

198.58.118.167

185.53.177.31

45.33.30.197

186.2.163.216

Sample related photos from the HKLeaks information warfare online propaganda campaign:

Stay tuned!

Continue reading →

Exposing China's "Thousand Talents Program" - An OSINT Analysis

China's "Thousand Talents Program" is known to be the country's one of the main sources for attempting to steal and lure foreign scientists into falling victim into a vast network of scientific research activities for foreign countries which in reality can fall victim to active counter-intelligence and intellectual and technological "know-how" exchange and stealing for the purpose of exchanging financial incentives.

In this post I'll discuss in-depth China's "Thousand Talents Program" and provide actionable intelligence on the actual recruitment practices.

Sample Shanghai Jiao Tong University Application Form:

Sample personal emails known to be currently recruiting for China's "Thousand Talents Program":

wangenvwanghy@nankai.edu.cn
liuliuweiwei@nankai.edu.cn
yangjiangyinan@nankai.edu.cn
nkyangjun@163.com
jiaotedacollege@nankai.edu.cn
xielsxyrs@nankai.edu.cn
dingxdzhang@nankai.edu.cn
haohaoyongwei@nankai.edu.cn
lanecojobs@nankai.edu.cn

Stay tuned!

Continue reading →

Historical OSINT - Chinese Government Sites Serving Malware

It's 2008 and I'm stumbling upon yet another decent portfolio of compromised malware-serving Chinese government Web sites. In this post I'll discuss in-depth the campaign and provide actionable intelligence on the infrastructure behind it.

Compromised Chinese government Web site:
hxxp://nynews.gov.cn

Sample malicious domains known to have participated in the campaign:
hxxp://game1983.com/index.htm
hxxp://sp.070808.net/23.htm
hxxp://higain-hitech.com/mm/index.html

Currently affected Chinese government Web sites:
hxxp://www.tgei.gov.cn/dom.txt - iframe - hxxp://www.b110b.com/chbr/110.htm?id=884191
hxxp://hfinvest.gov.cn/en/aboutus/index.asp - iframe - hxxp://nnbzc12.kki.cn/indax.htm
hxxp://www.whkx.gov.cn/iii.txt - iframe - hxxp://user.free2.77169.net/shmilyzhutou/evil.htm
hxxp://xc.haqi.gov.cn/jay.htm - iframe - hxxp://xc.haqi.gov.cn/jay.htm - hxxp://qqnw.gov.cn/ST.htm
hxxp://www.whkx.gov.cn/mohajem.txt - iframe - hxxp://user.free2.77169.net/shmilyzhutou/evil.htm
hxxp://www.whkx.gov.cn/iii.txt - iframe - hxxp://user.free2.77169.net/shmilyzhutou/evil.htm

We'll continue monitoring the campaign and post updates as soon as new developments take place. Continue reading →

China's Interest of Censoring Mobile Communications

Just came across to a great article at the IHT on China's interest of tightening control of cellphones :

"The new measures being contemplated for tightening control of cellphone use reportedly include mandatory user registration. Users now can easily buy cellphone cards at any convenience store, instantly obtaining a new phone number without identifying themselves. Whether through speech or short messaging, cellphones have played a major role in a wave of social unrest that has swept China in the last two years, allowing people to organize quickly and to spread news of police actions and other developments. Anonymous use of cellphones is a major loophole at a time when the state is investing heavily on monitoring communications of all kinds, and the authorities appear determined to close it"

Whereas there's been quite some media coverage on China's Internet censorship efforts, the country's under-developed income distribution model results in more people having access to plain simple cellphone communications compared to owning a PC. And even if they own a PC, or use public ones to access the Internet, information from China's provinces where the real China is, often breaks out through SMS messages -- or comes in. Venus Info Tech's Cybervision SMS Filtering System is what they've been using, and it seems it's the government's long-term partner. The article also points out on the illegality of reporting or broadcasting information on "sudden events", consider the SARS virus as one of these. Yet another in-depth article, indicates the only usefulness out of this censorship, or let's use a more friendly term, such as content monitoring/filtering, which is the detection of banking frauds and other scams -- can you censor "Bware, SMS unda ctrl" or learn to encode in such a way?

From a business perspective, the Chinese Internet population represents a hot opportunity for companies offering censorship-circumvention services -- IP cloaking and competitive intelligence among the other needs. It's interesting to note U.S government's interest in Chinese citizens having access to more information :

"Ultrareach and Dynamic Internet Technology (DIT) in North Carolina, both connected to Falun Gong, receive U.S. government funding through the International Broadcasting Bureau to help it get Voice of America and Radio Free Asia to Chinese Web surfers. Each day, DIT sends out millions of emails and text messages containing proxy links to Chinese citizens. About one million users have downloaded DIT's circumvention software, which automatically links to the firm's proxy servers, while ``hundreds of thousands'' directly access the proxy Web sites daily, said founder Bill Xia. UltraReach, claims 100,000 users use its proxies.All told, the IBB spends about $5 million a year on contracts with hacktivists and firms on censorship-busting efforts in countries such as China and Iran."

I also came across to an informative research on the topic, "The Wireless Leash : Mobile Messaging Service as a Means of Control". Recommended reading in case you want to know more on the topic from a social and political perspective, as well as go through many relevant cases.

UPDATE : China restricts Internet cafe access - "Rules on children in Internet cafes were imposed after Chinese officials warned that students were spending too much time playing online games and were getting access to violent and obscene material."

Related resources:
Censorship
China
2006 = 1984?
Anonymity or Privacy on the Internet?
World's Internet Censorship Map
China - the biggest black spot on the Internet’s map
Chinese Internet Censorship efforts and the outbreak
Securing political investments through censorship Continue reading →

Who's Who in Cyber Warfare?

Wondering what's the current state of cyber warfare capabilities of certain countries, I recently finished reading a report "Cyber Warfare: An Analysis of the Means and Motivations of Selected Nation States", a very in-depth summary of Nation2Nation Cyber conflicts and developments I recommend you to read in case you're interested. It covers China, India, Iran, North Korea, Pakistan, and, of course, Russia. Some selected brief excerpts on China, Iran, and Russia :



China
"Beijing’s intelligence services continue to collect science and technology information to support the government’s goals, while Chinese industry gives priority to domestically manufactured products to meet its technology needs. The PLA maintains close ties with its Russian counterpart, but there is significant evidence that Beijing seeks to develop its own unique model for waging cyber warfare."



Iran
"The armed forces and technical universities have joined in an effort to create independent cyber R & D centers and train personnel in IT skills; and second, Tehran actively seeks to buy IT and military related technical assistance and training from both Russia and India."



Russia
"Russia’s armed forces, collaborating with experts in the IT sector and academic community, have developed a robust cyber warfare doctrine. The authors of Russia’s cyber warfare doctrine have disclosed discussions and debates concerning Moscow’s official policy. “Information weaponry,” i.e., weapons based on programming code, receives paramount attention in official cyber warfare doctrine."



Technology as the next Revolution in Military Affairs (RMA) was inevitable development, what's important to keep in mind is knowing who's up to what, what are the foundations of their military thinking, as well as who's copying attitude from who. Having the capacity to wage offensive and defense cyber warfare is getting more important, still, military thinkers of certain countries find network centric warfare or total renovation of C4I communications as the panacea when dealing with their about to get scraped conventional weaponry systems. Convergence represents countless opportunities for waging Cyber Warfare, offensive one as well, as I doubt there isn't a country working on defensive projects.



In a previous post Techno-Imperialism and the Effect of Cyberterrorism I also provided detailed overview of the concept and lots of real-life scenarios related to Cyberterrorism, an extension of Cyber warfare capabilities. It shouldn't come as a surprise to you, that a nation's military and intelligence personnel have, or seek to gain access to 0day security vulnerabilities, the currency of trade in today's E-society as well as recruiting local "renegades".



Undermining a nation's confidence in its own abilities, the public's perception of inevitable failure, sophisticated PSYOPS, "excluded middle" propaganda, it all comes down to who's a step ahead of the event by either predicting or intercepting its future occurrence. Information is not power, it's noise turning into Knowledge, one that becomes power -- if and when exercised. Continue reading →

Fighting Internet's email junk through licensing

Just came across this story at Slashdot, interesting approach :



"China has introduced regulations that make it illegal to run an email server without a licence. The new rules, which came into force two weeks ago, mean that most companies running their own email servers in China are now breaking the law. The new email licensing clause is just a small part of a new anti-spam law formulated by China's Ministry of Information Industry (MII)."



While the commitment is a remarkable event given China's booming Internet population -- among the main reasons Google had to somehow enter China's search market and take market share from Baidu.com -- you don't need a mail server to disseminate spam and phishing attacks like it used to be in the old days. You need botnets, namely, going through CME's List, you would see how the majority of today's malware is loaded with build-in SMTP engine, even offline/in-transit/web email harvesting modules.



You can often find China on the top of every recently released spam/phishing/botnet trends summary, which doesn't mean Chinese Internet users are insecure -- just unaware. What you can do is educate the masses to secure the entire population, and stimulate the growth of the local security market that everyone is so desperately trying to tap into.


Moreover, I doubt you can regulate the type of Internet users still trying to freely access information, again with the wrong attitude in respect to security :



"..prohibiting use of email to discuss certain vaguely defined subjects related to 'network security' and ' information security', and also reiterate that emails which contain content contrary to existing laws must not be copied or forwarded. Wide-ranging laws of this nature have been used against political and religous dissenters in the past."



It's like legally justifying the country's censorship practices through introducing the law, whereas I feel "network security" and "information security" attacks outside the homeland get favored, compared to internal ones, don't you?



Forbidden fruits turn into dangerous desires on the majority of occasions, and you just can't control that, what's left to censor it.



Technorati tags:
Security, Malware, Spam, Phishing, China Continue reading →

Chinese Internet Censorship efforts and the outbreak

In some of my January's Security Streams, I did some extensive blogging expressing my point of view on the current Internet censorship activities, and tried to emphasize on the country whose Internet population is about to outpace the U.S one - China. In my posts "China - the biggest black spot on the Internet’s map", "2006 = 1984?", "Twisted Reality", you can quickly update yourself on some of the recent developments related to the topic, but what has changed ever since?


Government bodies such as the DoJ seem to favour the amount of data the most popular and advanced search engine Google holds and tried to obtain information for the purpose of "social responsibility". What's more to consider are some of the weak statements made, namely :



"House Government Reform Committee Chairman Tom Davis (R-VA) has criticized Google for refusing to hand search records over to the US Justice Department while cooperating with China in censoring certain topics. Justice sought the records to bolster its case against a challenge to online anti-pornography laws, but Google refuses to submit the records on privacy grounds. Davis does not expect a standoff between Google and the government, but hopes an agreement can be reached, allowing Google to supply the records without frightening users that their searches may be examined."



and in case you're interested, some of my comments, :



"Is it just me or that must be sort of a black humour political blackmail given the situation?! First, and most of all, the idea of using search engines to bolster the online anti-pornography laws created enough debate for years of commentaries and news stories, and was wrong from the very beginning. Even if Google provide the data requested it doesn’t necessarily solve the problem, so instead of blowing the whistle without any point, sample the top 100 portals and see how they enforce these policies, if they do. As far as China is concerned, or actually used as a point of discussion, remember the different between modern communism, and democracy as a concept, the first is an excuse for the second, still, I feel it’s one thing to censor, another to report actual activity to law enforcement. I feel alternative methods should be used, and porn “to go” is a more realistic threat to minors than the Net is to a certain extend, yet the Net remains the king of content as always."



Google indeed issued a statement, sort of excusing the censorship under the statement of "the time has come to open ourselves to the Chinese market", and while their intentions make business sense, the outbreak had very positive consequences from my point of view - build more awareness and have the world's eyes on the Chinese enforcement of censorship practices, but is it just China to blame given "Western" countries do censor as well, or is it China's huge ambitions of maintaining a modern communism in the 21st century that seem to be the root of the problem?



In an article "A day in the life of a Chinese Internet Police Officer" I read some time ago, you can clearly see the motivation, but also come across the facts themselves : you cannot easily censor such a huge Internet population, instead, guidance instead of blocking, and self-regulation(that is limiting yourself with fear of prosecution) seem to be the current practice, besides jailing journalists! And while sometimes, you really need to come up with a creative topic worth writing about, free speech is among the most important human rights at the bottom line.



Chris Smith, Chairman of the House subcommittee that oversees Global Human Rights, proposed a discussion draft "The Global Online Freedom Act of 2006" "to promote freedom of expression on the internet [and] to protect United States businesses from coercion to participate in repression by authoritarian foreign governments". It is so "surprising" to find out that they are so interested in locating cyber-dissidents : "U.S. search engine providers must transparently share with the U.S. Office of Global Internet freedom details of terms or parameters submitted by Internet-restricting countries." exactly the same way I mentioned in my previous "Anonymity or Privacy on the Internet?" post.



Meanwhile, the OpenNetInitiative also released a bulletin analyzing Chinese non-commercial website registration regulation, giving even further details on the recent "you're being watched" culture that tries to cost-effectively deal with the issue of self-regulation :



"In a report published last year, “Internet Filtering in China: 2004-2005,” ONI shared its research findings that China’s filtering regime is the most extensive, technologically sophisticated, and broad-reaching Internet filtering system in the world. This new regulation does not rely on sophisticated filtering technology, but uses the threat of surveillance and legal sanction to pressure bloggers and website owners into self-censorship. While savvy website owners might thwart the registration requirement with relative ease, the regulation puts the vast majority of Chinese Internet users on notice that their online behaviour is being monitored and adds another layer of control to China’s already expansive and successful Internet filtering regime."



Yet another recent research I came across is a university study that finds out that "60% Oppose Search Engines Storing Search Behaviours", you can also consider the "alternatives" if you're interested :) A lots to happen for sure, but it is my opinion that personalized search is the worst privacy time bomb a leading search engine should not be responsible for, besides open-topic data retention policies and not communicating an event such as the DoJ's one, but complying with it right away, bad Yahoo!, bad MSN!



At the bottom line, Google's notifications of censored content(as of March, 2005 only, excluding the period before!), the general public's common sense on easily evaluating what's blocked and what isn't, and the powerful digital rights fighting organizations that simultaneously increased their efforts to gain the maximum out of the momentum seemed to have done a great job of building awareness on the problem. Still, having to live with the booming wanna be "free market" Chinese economy, and the country's steadily climbing position as a major economic partner, economic sanctions, quotas, or real-life scenarios would remain science fiction.



Technorati tags :
Privacy, Anonymity, Censorship, China, Search Engine Continue reading →

Twisted Reality

I looked up the definition of Evil today, and I found it, I tried to play a Google War and came across 256 million occurrences of it, still there's a hope for all of us I guess. On the 17th of January I blogged on how China turned into the biggest black spot on the Internet's map, to find out that I even have activists commenting in my blog :)

Google has agreed to "remove certain sensitive information from our search results" you all know it by now, what you perhaps don't know is how what used to be the old Google still has its marks on the web. Google's Information for Webmasters still states that :

"Google views the comprehensiveness of our search results as an extremely important priority. We're committed to providing thorough and unbiased search results for our users."

I guess Chinese users should print this and stick it on their walls to remind them of the past as it says exactly the same. They have also removed their "censored notice" from "older removals", how come, and for what reason? Lack of accountability for when "local laws, regulations, or policies" were removing "sensitive information" before the date?! Google is my benchmark for disruption, but I guess its actions and "do no evil" motto were simply too pure for the business world, which on the majority of occasions is capable of destroying morale, even individuals..

Welcome in a "Twisted Reality" where one event looks like an entirely different one - on request, and the list is getting bigger!

But what is actually filtered in china these days, what are the topics of interest? Four years ago, a great initiative brough more insights into what's deemed "sensitive information", and while of course the list is changed on-the-fly, it is important to know how it blocks the top results, as this is where all the traffic goes.

Recently, CNET did a nice research on which sites are blocked by which search engine, I ever saw Neworder in there :)

The best thing about China's backbone is how centralized it really is and the way researchers are finding common censorship patters that could prove useful for future research. Is TOR with its potential applicable in China, and would initiatives such as the the Anonymous OS, or even TorPark, an USB extension of the idea, the future?

Meanwhile, in case they are interested parties reading this post, consider taking a look at the "Handbook for Bloggers and Cyber-Dissidents" courtesy of Reporters Without Borders.

Technorati tags :
privacy, censorship, search engine, google, china, TOR, Anonymity

Continue reading →

China - the biggest black spot on the Internet’s map

Chinese Internet users have the potential to outpace the number of the U.S Internet population, yet, the majority of them still remain behind the most sophisticated online censorship systems in the world, the Great Chinese Firewall. 

I am definitely not buying into the idea of trying to take control of all the information coming in and going out of a country for the sake of my well being, as any individual has the right to decide what's good and bad for them. 

If I, for instance knew there's a virus on the streets of my city, I would take immediate precautions, or at least, see how "my" government reacts on the crisis. Yet, how responsible, moral, or legal according to international human rights standards is to prosecute users who have been spreading the news about the SARS virus from within the Great Firewall is perhaps another point.

Isn’t central planning the panacea of Communism, be it, old-school or modern(an excuse for the old-school) one, and isn’t the obvious fact that the government cannot, but wants to play God, an utopia by itself? It is disturbing how business ethics surpass moral ones for the sake of business continuity, so to say. Though, efforts are made to break the ice, until a collective campaign is not started I doubt anything will change. For the time being, what they don't like, they either hijack(forward to another site), or completely restrict.

With over 100,000 cybercafes, and 30,000 state police enforcing policies on the Internet, the Chinese government is trying to estaliblish a very effective self-censorship atmosphere, namely, prosecuting those somehow violating it. The idea is to, of course, cut the costs of their censorship efforts.

U.S companies don’t have a business choice, but to comply in case they are interested in taking advantages of the business opportunities in the country.

Activists have been expressing their attitude towards assistance like that, while I feel the majority of business leaders still don't have the incentive to take action, besides the human moral obligations, ones that are often neglected when doing business. Sad, but true :)

For me, it's not businesses complying with local laws that bothers me, but the playground for the these vendors that’s fuelling innovation in the wrong direction. That very same innovation is later on to used on Western countries or pretty much anywhere around the world. For the time being, China is still winning against the Web, and the term cyberdissident is getting rather common. For instance, the recently started Cryptome.cn, pointed out a great link to the actual known number of Chinese actions against journalists. That's disturbing.

One of the most resourceful and timely research currently available is ONI's Internet Filtering in China in 2004-2005 : A Country Study. Interested in finding out whether a certain sites is currently blocked in China? Check the Real-Time Testing of Internet Filtering in China, courtesy of Harvard Law School, whose Empirical Analysis of Internet Filtering in China still gives an overview of the situation and what's to consider.

Further research and opinions on the topic can be found at :

Internet Development and Information Control in the People’s Republic of China
Internet censorship in mainland China
The Internet in China: Civilian and Military Uses
Internet in China: Big Mama is Watching You
Internet Filtering in China
The limits of Internet filtering : A moral case for the maximization of information access over the Internet
Controlling Online Information: Censorship & Cultural Protection
Tools for Censorship Resistance
The Filtering Matrix
Tor: An anonymous Internet communication system

Technorati tags :
privacy,free speech,china censorship,china,censorship

Continue reading →