Military Space News
CYBER WARS
 Hackers for sale: what we've learned from China's massive cyber leak
Hackers for sale: what we've learned from China's massive cyber leak
 by AFP Staff Writers
 Beijing (AFP) Feb 23, 2024

A massive data leak from Chinese cybersecurity firm I-Soon has offered a rare glimpse into the inner workings of Beijing-linked hackers.

I-Soon is yet to confirm the leak is genuine and has not responded to a request for comment from AFP.

As of Friday, the leaked data was removed from the online software repository GitHub, where it had been posted.

Analysts say the leak is a treasure-trove of intel into the day-to-day operations of China's hacking programme, which the FBI says is the biggest of any country.

From staff complaints about pay and office gossip to claims of hacking foreign governments, here are some of the key insights from the leaks:

- Who got hacked? -

Every day, workers at I-Soon were targeting big fish.

Government agencies from China's neighbours, including Kyrgyzstan, Thailand, Cambodia, Mongolia and Vietnam, had websites or email servers compromised, the leak revealed.

There are long lists of targets, from British government departments to Thai ministries.

I-Soon staff also boasted in leaked chats that they secured access to telecom service providers in Pakistan, Kazakhstan, Mongolia, Thailand and Malaysia, among others.

They named the government of India - a geopolitical rival of Beijing's -- as a key target for "infiltration".

And they claimed to have secured back-end access to higher education institutions in Hong Kong and self-ruled Taiwan, which China claims as part of its territory.

But they also admitted to having lost access to some of their data seized from government agencies in Myanmar and South Korea.

Other targets are domestic, from China's northwestern region of Xinjiang to Tibet and from illegal pornography to gambling rings.

- Who was paying them? -

Judging from the leaks, most of I-Soon's customers were provincial or local police departments -- as well as province-level state security agencies responsible for protecting the Communist Party from perceived threats to its rule.

The firm also offered clients help protecting their devices from hacking and securing their communications -- with many of their contracts are listed as "non-secret".

There were references to official corruption: in one chat, salesmen discussed selling the company's products to police -- and planned to give kickbacks to those involved in the sale.

There were also references to a client in Xinjiang, where Beijing is accused of grave human rights.

But workers complained about the challenges of doing business in the tense region.

"Everyone thinks of Xinjiang like a nice big cake... but we have suffered too much there," one said.

- What techniques were for sale? -

In their chats, I-Soon staffers told colleagues their main focuses were making "trojan horses" -- malware disguised as legitimate software that allows hackers access to private data -- and building databases of personal information.

"At the moment, the trojan horses are mainly customised for Beijing's state security department," one said.

It also laid out how the firm's hackers could access and take over a person's computer remotely, allowing them to execute commands and monitor what they type, known as keylogging.

Other services included ways to breach Apple's iPhone and other smartphone operating systems, as well as custom hardware -- including a powerbank that can extract data from a device and send it to the hackers.

In one screenshot of a conversation, someone describes a client request for exclusive access to the "foreign secretary's office, foreign ministry's ASEAN office, prime minister's office national intelligence agency" and other government departments of an unnamed country.

One service offered is a tool that allows clients to break into accounts on social media platform X, formerly Twitter, claiming to be able to obtain the phone number of a user and break into their private messages.

They also have a technique to bypass two-step authentication -- a common login technique that offers an extra level of security to the account.

- Who are the hackers? -

The leak also paints a less-than-flattering picture of the day-to-day goings-on at a mid-level Chinese cybersecurity firm.

Chats are full of complaints about office politics, lack of basic tech expertise, poor pay and management, and the challenges the company faced in securing clients.

Other screenshots showed arguments between an employee and a supervisor over salaries.

And in another leaked chat, a staffer complained to their colleague that their boss had recently bought a car worth over a million yuan ($139,000) instead of giving their team a pay rise.

"Does the boss dream about being an emperor?"

bur-oho/je/dhw

X

Related Links
 Cyberwar - Internet Security News - Systems and Policy Issues

Subscribe Free To Our Daily Newsletters
Tweet

RELATED CONTENT
The following news reports may link to other Space Media Network websites.
CYBER WARS
Canada inquiry into foreign interference starts hearings
 Ottawa (AFP) Jan 29, 2024
 Is Canada particularly vulnerable to foreign interference? A judge probing outside meddling by China and others began five days of hearings on Monday, vowing to unravel the "very serious" claims. A senior minister, top intelligence officials and national security experts are to shed light on the allegations - first revealed in media reports citing leaked classified documents and unnamed sources - that China and others sought to interfere in Canada's 2019 and 2021 elections, as well as accusations ... read more
CYBER WARS
L3Harris Technologies Launches New Satellites to Enhance US Missile Defense

 SpaceX launches batch of satellites for Space Systems Command

 Aerojet Rocketdyne Powers Key U.S. Missile Defense Test with Advanced MRBM Target

 THAAD Localization Efforts Align with Saudi Vision 2030 Objectives
CYBER WARS
Scholz defends refusal to send long-range missiles to Ukraine

 NKorea's Kim oversaw test of cruise missiles launched from submarine: state media

 North Korea tested new submarine-launched cruise missile

 'Everything is getting worse:' fatigue marks Ukraine war anniversary
CYBER WARS
US downs three Huthi drones, strikes anti-ship missiles

 Xwing's autonomous aircraft aprpoved for cargo missions in California

 United Aircraft Launches Innovative Tiltrotor UAV Concept at Singapore Airshow

 US vows decisive response to deadly drone attack in Jordan
CYBER WARS
Multi-orbit SATCOM solution by Hughes selected for AFRL's DEUCSI initiative

 Pony Express 2 Mission Ready to Enhance Military Connectivity with Innovative Space Technologies

 Viasat Installs Advanced SATCOM System on First U.S. Navy MSC Ship

 Space Force initiates MUOS Service Life Extension with Lockheed Martin design contract
CYBER WARS
As Italy prepares security deal with Ukraine, White House announces PM's visit in March

 Ammunition shortage hurting Ukraine, Zelensky tells Munich meeting

 Ammunition shortage hurting Ukraine, Zelensky tells Munich meeting

 Northrop Grumman to Revolutionize Space Missions with Next-Gen Cryocoolers
CYBER WARS
European allies pledge to plug Ukraine weapons shortages; no consensus on ground troops

 Armenia signs arms contract with France: defence ministers

 Pentagon finds no wrongdoing in handling of secretary's hospitalization

 Half of Western arms to Ukraine delivered late: defence minister
CYBER WARS
Biden or Trump, hawkish economic approach on China to intensify

 Sweden set to join NATO after Hungary approves bid

 What does NATO entry mean for Sweden?

 Hungarian parliament to vote on Swedish NATO bid
CYBER WARS
Researchers unveil novel technique for creating atomically thin nanoscrolls

 MIT.nano equipment to accelerate innovation in "tough tech" sectors
Subscribe Free To Our Daily Newsletters




The content herein, unless otherwise known to be public domain, are Copyright 1995-2024 - Space Media Network. All websites are published in Australia and are solely subject to Australian law and governed by Fair Use principals for news reporting and research purposes. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA news reports are copyright European Space Agency. All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. All articles labeled "by Staff Writers" include reports supplied to Space Media Network by industry news wires, PR agencies, corporate press officers and the like. Such articles are individually curated and edited by Space Media Network staff on the basis of the report's information value to our industry and professional readership. Advertising does not imply endorsement, agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. General Data Protection Regulation (GDPR) Statement Our advertisers use various cookies and the like to deliver the best ad banner available at one time. All network advertising suppliers have GDPR policies (Legitimate Interest) that conform with EU regulations for data collection. By using our websites you consent to cookie based advertising. If you do not agree with this then you must stop using the websites from May 25, 2018. Privacy Statement. Additional information can be found here at About Us.