[Collaborative] Chinese hackers: harmless scriptkiddies or a growing adversary?
CNN got an inside view of the so-called “Chinese cyber militia” when a group of three Chinese hackers agreed to be interviewed. This group of hackers claim that “no site is one hundred percent safe,” and that they’ve even broken into the Pentagon in the past. Should we write off these claims as hallow boasts from a group of fame chasers or is this something more?
First, let us consider who they are. Operating out of an apartment room in China, the group consists of a former computer operator in the People’s Liberation Army, a marketing graduate, and a self-taught programmer. In their cement-floored apartment with almost no furniture, the group leader quote sayings from Sun Tzu, “Know about both yourself and the enemy, and you will be invincible.”
They have been operating a hacking website with over 10,000 registered users, according to article, but CNN “decided to withhold” the address of the site. A quick search on Google leads to a site dedicated to being “Inside the World of Chinese Hackers,” which identifies their site as hack4.com. The front page of the hack4.com features a very comprehensive listing of articles, from discussing US-China relations, to reporting Fortify’s warnings of MySpace and Facebook vulnerabilities, to “Hacker’s Love Letters.” The website also compiles a large collection of downloads, from password crackers, to trojan generators, to overflow attack tools.
The group’s leader makes two bold claims:
1. That the group had successfully broken into the Pentagon network and downloaded information in the past.
2. That the Chinese government secretly pays them.
Of the Pentagon hack, he says, “They would not publicize this… It is very sensitive,” but does not discuss what information they obtained. Given that the Pentagon does report experiencing “multiple intrusions,” many originating from China, the Pentagon-hacking claim may be considered plausible. The second claim is less plausible, as it would require that they did obtain sensitive information and that the government would be willing to allow a group of rogue hackers to perform operations that could have international implications. In any case, no evidence whatsoever is provided to back the claims, so these can only be considered to be speculative.
What primarily distinguishes this group from merely a group of media hogs is (a) that they seem dedicated to hacking full-time and (b) that they have established what appears to be an authoritative site within the Chinese hacking community (if, in fact, they are not the people behind hack4.com, let’s suppose they are). Especially with the lofty goals of “ensuring the free sharing of the spirit of freedom” and “safeguarding China on the basis of our voices,” they do seem to take their work seriously. With about 10,000 users registered to hack4.com and given the existence other similar sites, Chinese hackers are indeed a growing fixture of the security landscape.
David W., Max A., Travis M.