Hacked Chinese Bank Server Phishes for US Banks

← Back to Stories (view on slashdot.org)

Hacked Chinese Bank Server Phishes for US Banks

Posted by ryuzaki0 on Monday March 13, 2006 @03:49AM from the why-do-people-fall-for-these-things? dept.

1sockchuck writes "A Chinese bank's servers are being used in phishing attacks against U.S. institutions, apparently the first time one bank's infrastructure has been used in attacks on other banks. A hacked server from China Construction Bank Shanghai Branch is hosting pages spoofing Chase and eBay. The scam is one of numerous sites using a social engineering hook promising a $20 reward for recipients who complete a survey about the bank's online services. It then asks for your account login and password - so it can deposit the $20 in the correct account, of course. Plus your Social Security number, mother's maiden name etc."

47 comments

Min score:

Reason:

Sort:

Chinese hackers by PFI_Optix · 2006-03-13 03:53 · Score: 3, Funny

So this is how they make all that money.

We need to bomb their Internet Center ASAP before they build another tank rush.

--
120 characters for a sig? That's bloody useless.
1. Re:Chinese hackers by SYSS+Mouse · 2006-03-13 04:50 · Score: 1
  
  I prefer the Particle Cannon.
  Can't believe people is still playing Command & Conquer: Generals.
2. Re:Chinese hackers by Anonymous Coward · 2006-03-13 04:54 · Score: 0
  
  I only play it to pass the time until Supreme Commander comes out. The RTS scene has been slow the past few years.
3. Re:Chinese hackers by moro_666 · 2006-03-13 05:27 · Score: 1
  
  if someone is dumb enough to give his bank details out for 20$ which he wont get, he's worth to lose whatever they take.
  
  stupidity is the most common element in universe, even more common than hydrogen.
  
  --
  
  I'd tell you the chances of this story being a dupe, but you wouldn't like it.
4. Re:Chinese hackers by Anonymous Coward · 2006-03-13 13:30 · Score: 0
  
  Laptop in hand. No one will know their money is missing!
So that's why by n9uxu8 · 2006-03-13 03:55 · Score: 2, Interesting

I have been hit with that Chase $20 email about 40 times this weekend. I have to wonder how stupid they think we really are....quite a bit apparently....

Dave
1. Re:So that's why by vertinox · 2006-03-13 05:55 · Score: 1
  
  I have been hit with that Chase $20 email about 40 times this weekend. I have to wonder how stupid they think we really are....quite a bit apparently....
  
  And I don't even have a Chase account!
  
  --
  "I am the king of the Romans, and am superior to rules of grammar!"
  -Sigismund, Holy Roman Emperor (1368-1437)
2. Re:So that's why by Anonymous Coward · 2006-03-13 08:21 · Score: 0
  
  And I, too, can ejaculate like a porn star... no matter what gender I am!
Seems odd by MrNougat · 2006-03-13 03:56 · Score: 4, Interesting

I find it odd, though not surprising really, that the Chinese gov't would have The Great Firewall of China in place, and have bank servers vulnerable to attack.

And, the way TFA reads, the bank server (owned by the Chinese government) is currently hosting phishing pages. Can anyone confirm whether the affected server has been taken offline, or are they just letting it go on phishing?

--
Web 2.0 == Giant Blogspam Circle Jerk
1. Re:Seems odd by Anonymous Coward · 2006-03-13 04:15 · Score: 0
  
  I find it odd that the Chinese government have this uber-firewall yet can't stem the avalanche of spam leaving their networks. It's difficult to filter Chinese IP address space because of the moronic way APNIC hands out netblocks, most of our firewall rules target Chinese addresses.
2. Re:Seems odd by Anonymous Coward · 2006-03-13 06:08 · Score: 0
  
  It's difficult to filter Chinese IP address space because of the moronic way APNIC hands out netblocks, most of our firewall rules target Chinese addresses.
  If only there was some magical mechanism whereby we could simplify our IP address allocation and reduce the fragmentation caused by lots of small IP subnets. That or give APNIC a greater share of the available IP addresses.
3. Re:Seems odd by Anonymous Coward · 2006-03-13 06:25 · Score: 0
  
  I find it odd, though not surprising really, that the Chinese gov't would have The Great Firewall of China in place, and have bank servers vulnerable to attack.
  Reports indicate that the "Great Firewall of China" seems to be a blacklist of sites labelled undesirable by the Chinese government. It doesn't seem to parse every packet (unlike Echelon), but only the HTTP query or similar. As such, it is no surprise that it doesn't block everything, especially things like buffer overruns or similar. While Netcraft provided no details of the server, my educated guess is that it is a web-server which was explioted via a faulty script (eg buffer overrun). By definition, it has to be allowed by the firewall. A more interesting question is that once the Chinese authorities are aware of the compromised server, is it technically possible for the "Great Firewall of China" to block incoming requests (as opposed to outgoing requests).
  And, the way TFA reads, the bank server (owned by the Chinese government) is currently hosting phishing pages. Can anyone confirm whether the affected server has been taken offline, or are they just letting it go on phishing?
  Interesting choice of wording. There's also the third choice that the bank is the victim of a security compromise and is unaware of the phishing and are unintentionally hosting the website. But hey, let's go with the libelous suggestion that the server admins are intentionally letting it continue.
  Alternatively, there're the more constructive approaches of:
  - Targetting spammers and phishers rather than those people who are the victims of their scams (in this case, Chase, CCB and the customers of Chase).
  - Educating Internet users of similar scams.
  - Gradually improving the state of computer security. Face it, in a large corporate environment, it is difficult to have perfect security.
  - Pushing for the establishment of something like CERT for all countries so that the appropriate server administrators can be contacted in a rapid manner in their own language.
4. Re:Seems odd by slavemowgli · 2006-03-13 14:08 · Score: 1
  
  The Great Firewall is meant to keep the Chinese people from freely accessing Internet resources outside of China, not to keep everyone else from accessing Internet resources in China.
  
  --
  quidquid latine dictum sit altum videtur.
Inevitable comment... by DarthChris · 2006-03-13 04:08 · Score: 1

If Dubya needed a reason to nukify China, he has one now.

(Sorry. Couldn't resist it.)

--
Don't you just hate it when people reply to your signature?
1. Re:Inevitable comment... by Tweekster · 2006-03-13 04:33 · Score: 1
  
  why couldnt you resist? it was pretty stupid
  
  --
  The phrase "more better" is acceptable English. suck it grammar Nazis
China Construction by Stargoat · 2006-03-13 04:14 · Score: 3, Informative

China Construction is a huge bank. It's the Chinese eqivilent of Chase or something similar in size. Not the People's Bank of China (Chinese Central Bank) but still huge. I'm amazed that their security is so lax. That level of incompetence is just amazing.

--
Hoist Number One and Number Six.
1. Re:China Construction by bani · 2006-03-14 12:53 · Score: 1
  
  I'm amazed that their security is so lax. That level of incompetence is just amazing.
  
  communist countries tend to be like that. though the problem is of course not exclusive to them, for instance south korea is a giant cesspool of pwned boxen and incompetent admins.
  
  still, for a state bank to be used for phishing has got to be a little embarassing. of course it's just a plot by evil capitalist americans to make china look bad.
Indeed. by Saeed+al-Sahaf · 2006-03-13 04:14 · Score: 2, Insightful

The number of "computer literate" people on the Internet vs. "mom and pop" Interweb users who don't know any better, is actually very small. There is a good chance that a fair number in the small single digit percentages (or even smaller) respond to this type of stuff. Remember, it's like with penis pills, when you spam millions and millions, you only need a small percentage.

--
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
1. Re:Indeed. by X0563511 · 2006-03-13 06:23 · Score: 1
  
  THIS is why installing/running AOL should be a federal offense.
  
  --
  For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
It's what you get when you limit information by Opportunist · 2006-03-13 04:32 · Score: 2, Insightful

When you allow only legal information, most people will not even know what is possible aside of what is permitted.

And if those people are responsible for security... think Demolition Man, just on an IT-scale.

--
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Another reason by $ASANY · 2006-03-13 04:33 · Score: 2, Interesting

...to netblock APNIC space at your firewall. I'm not happy I need to do it, and I wish it wasn't necessary. This continuing saga is only going to accelerate the growing trend to have the great wall not being an internal firewall, but an external one built over time by individual admins tired of these problems.

I have to wonder whether there is a deliberate strategy by the chinese government to encourage the world to cut off access to western sites. Allow every kind of malware, be entirely unresponsive to abuse requests, and wait for the west to defensively wall China off so the chinese government won't have to do it themselves. Pretty stupid strategy long-term, though, so I can't believe it's deliberate.
1. Re:Another reason by Anonymous Coward · 2006-03-13 05:03 · Score: 0
  
  That's OK I don't accept any emails coming from outside RIPE.
  
  Damn you to hell you yankee capitalist pigs
2. Re:Another reason by DogDude · 2006-03-13 05:40 · Score: 1
  
  I do my best to cut off all Chinese traffic because of this reason. Every block I blackhole drops my incoming spam by a significant amount. Do you happen to have a list of all chinese IP blocks? Right now, I just do it on an ad hoc basis: I get some crap, check to source, and if it's from China, I block the whole block of IP's. It would be much faster if I had some kind of definitive list, then I could just do it all at once. (They do have a shitload of IP addresses)
  
  --
  I don't respond to AC's.
3. Re:Another reason by $ASANY · 2006-03-13 06:14 · Score: 3, Informative
  
  This is from the IP allocation documentation provided on IANA's website. It is an extremely blunt instrument to employ:
  058/8 Apr 04 APNIC
  059/8 Apr 04 APNIC
  060/8 Apr 03 APNIC
  061/8 Apr 97 APNIC
  121/8 Jan 06 APNIC
  122/8 Jan 06 APNIC
  123/8 Jan 06 APNIC
  124/8 Jan 05 APNIC
  125/8 Jan 05 APNIC
  126/8 Jan 05 APNIC
  202/8 May 93 APNIC
  203/8 May 93 APNIC
  210/8 Jun 96 APNIC
  211/8 Jun 96 APNIC
  218/8 Dec 00 APNIC
  219/8 Sep 01 APNIC
  220/8 Dec 01 APNIC
  221/8 Jul 02 APNIC
  222/8 Feb 03 APNIC
  
  There are other ranges where APNIC is interspersed with other stuff, but this list gets you all the /8 space which can be blocked conveniently.
  Bill's Blacklist is more extensive and gets into the APNIC space that's wedged within other /8 netblocks, and he also identifies other problem children. His list is probably too agressive for your tastes if you're running a public website, though.
4. Re:Another reason by Anonymous Coward · 2006-03-13 06:38 · Score: 0
  
  ...to netblock APNIC space at your firewall. I'm not happy I need to do it, and I wish it wasn't necessary. This continuing saga is only going to accelerate the growing trend to have the great wall not being an internal firewall, but an external one built over time by individual admins tired of these problems.
  And it isn't necessary, especially since APNIC encompasses much, much more than China (about half the world's population). But hey, screw collateral damage.
  I have to wonder whether there is a deliberate strategy by the chinese government to encourage the world to cut off access to western sites. Allow every kind of malware, be entirely unresponsive to abuse requests, and wait for the west to defensively wall China off so the chinese government won't have to do it themselves. Pretty stupid strategy long-term, though, so I can't believe it's deliberate.
  Or alternatively, that maybe these machines were simply broken into by spammers/phishers and rather than putting most of the blame where it belongs, you're engaging in an absurd conspiracy theory about the deliberate strategy by the Chinese government. Do you have any evidence whatsoever that this is a deliberate plan by the Chinese government? Or maybe these are poorly trained sysadmins (or well trained sysadmin who let one slip); who are merely victims (along with Chase and Chase's customers).
  Sure, there're lessons to be learnt on all sides, these CCB sysadmin should be more careful about security; Chase shouldn't allow hot-linking and should consider two-factor authentication; and Internet users need to be aware of phishing scams. But why the Chinese-bashing?
5. Re:Another reason by Dachannien · 2006-03-13 06:45 · Score: 1
  
  Do you have any evidence whatsoever that this is a deliberate plan by the Chinese government?
  
  I think that's why the GP used the phrase, "I have to wonder".
6. Re:Another reason by DogDude · 2006-03-13 08:13 · Score: 1
  
  That's perfect, thanks. That's exactly what I need. Even if I don't get all of them, it'll still make a huge difference. And you're right... I'd rather get 90% of Chinese traffic stopped than get 100% of Chinese, and some IP's from other countries.
  
  --
  I don't respond to AC's.
7. Re:Another reason by $ASANY · 2006-03-13 08:35 · Score: 1
  
  This address space is APNIC, not just China. It includes Taiwan, Korea and plenty of other countries, but not Australia. If you're looking for just the China netspace, I don't know where to find that info. Even if you found it, it would probably consist of a lot of non-contiguous netblocks which whould be difficult to manage.
  Think hard before you use such an imprecise hammer like this.
8. Re:Another reason by kinko · 2006-03-13 09:31 · Score: 1
  
  Australia (and New Zealand) both get IP allocations from APNIC. They don't split up the /8s by country, ISPs and organisations just get handed out ranges from within those /8s. Australia and NZ have lots of customers in those ranges :(
9. Re:Another reason by DogDude · 2006-03-13 09:55 · Score: 1
  
  Damn, thanks for the head's up. But to the parent poster, yes, I DO want to use a hammer this big. We're a small company, so I can decide that we're simply not doing business or communicating with China for now. We won't ship to China, and we don't buy anything directly from China, so the *only* traffic that we see from China is lots and lots of spam, and worm attempts.
  
  --
  I don't respond to AC's.
10. Re:Another reason by Anonymous Coward · 2006-03-13 11:31 · Score: 0
  
  I think that's why the GP used the phrase, "I have to wonder".
  Oh yeah, the get-out-of-jail card that makes it okay to say all sorts of stupid things by hiding one's prejudice behind a facade of simple, child-like questioning. Kinda like; "I have to wonder whether that girl deliberately wanted to get raped cause she stayed out late at night. Nah, that's so stupid that I can't believe it was a deliberate action".
  See the bias on the comment? English is a lovely language that allows all sorts of subtly leading questions to be asked while maintaining a superficial facade of innocence. But the bias in the original comment should be obvious to anyone who has passed high school English.
11. Re:Another reason by TeraCo · 2006-03-13 13:10 · Score: 1
  
  Nope, it includes Australia too.
  
  --
  Not Meta-modding due to apathy.
Where by poeidon1 · 2006-03-13 04:36 · Score: 1

is the great (fire)wall of China?

--
They called me mad, and I called them mad, and damn them, they outvoted me. -Nathaniel Lee
1. Re:Where by SomeoneGotMyNick · 2006-03-13 05:01 · Score: 1
  
  Well, you probably can't see it from space.....
2. Re:Where by Anonymous Coward · 2006-03-13 09:41 · Score: 0
  
  Isn't it obvious? Those dam Mongolians tore down their shitty wall.
So wrong! by Groo+Wanderer · 2006-03-13 04:51 · Score: 1

What do you mean "how stupid they think we really are"? It should be how stupid they _KNOW_ we are. You forget the average American, the target audience here, is a bunch of mouth breathing, knuckle-dragging morons. Really. Where do you think they get the people who work the crap shifts at McD's from? Think there are more of them then there are of you?

Now, if you have net access, you are in the top 1/3 or so of the US intelligencia. Went to college? More like the top 10%. Active and aware of the political and technical aspects of issues like this? Lop off a few more points.

What gets me is how they phishing/spam/whatnot fails so often, not why they think we will fall for it.

The overarching point is that you surround yourself with people of like intelligence, and everyone posting here is WAY above average. You forget how rock stupid average is. Go get a refresher course, go into a bar in a rural area and discuss anything you would with your social circle.

Better yet, go watch a NASCAR race, and don't skip the commercials. :)

-Charlie
1. Re:So wrong! by Dionysus · 2006-03-13 05:04 · Score: 1
  
  everyone posting here is WAY above average.
  
  I was with you up to this part. As the saying goes, "You must be new here" All crowds and most people think they are above average. /. is no different.
  
  --
  Je ne parle pas francais.
2. Re:So wrong! by n9uxu8 · 2006-03-13 05:11 · Score: 1
  
  Wow...cynical. Hmmm...now I'm a mouth-breathin'(terrible sinus issues), non-knuckle-draggin' former employee of McD's with two college degrees. I'll have to apply your formula and see into which percentile I fit.
  
  In any case, my family is generally steel millers and Nascar watchers (I don't get it, but they are). I have to regularly delouse their machines of spyware and what not, but not one has been hit with a phishing scheme...few people...even knuckle-draggers believe the UK lottery has not only automatically entered them, but is also waiting to send them 1.6 million Euros. By that same token, their credit card company (as well as those banks and CC companies that regularly email even though they are not members) generally do not want to give out money for free. So...people are amazingly stupid, but not generally that stupid...mostly.
  
  Gotta go...I just got an email about an incredible mortgate rate....
  
  Dave
3. Re:So wrong! by Evardsson · 2006-03-13 05:36 · Score: 1
  
  So, I'm in the top third because I have net access? Never went to college, although I work at one and even teach a course. Have long been aware of the political and technical aspects of more than just issues like this one. So where does that put me? Oh yeah, I'm a /.er so that makes me instantly intelligent! w00t!
  
  Try this on for size: by your "formula" the faculty I work with should all be in the top 5-10%, yet with every new phishing scheme (and even some repeats of old ones) I have to answer the question "Is this real or a scam?" from the "elite intelligencia" (PhD holders and Masters Level educators). At least we have moved to the place where they are willing to ask, but only because someone within the social circle of one the faculty fell prey to one of these scams.
  
  The sad fact is, unless you are technically competent enough to view the source of your html email, and understand what you are looking at, you may very well be taken in. It all comes down to education, and it us to those of us in the IT field to educate users on how to understand and avoid these kinds of things. If we don't do our jobs well, the phishers win. When we start to really make a difference in user's behaviour, then these kinds of scams won't work, and we will have to educate users to protect themselves against whatever new scheme is dreamt up by the guys who dream up these cons.
  
  --
  Death looks every man in the face. All any man can do is look back and smile. - Marcus Aurelius
4. Re:So wrong! by Anonymous Coward · 2006-03-13 05:48 · Score: 0
  
  Be careful when you bite into your next cheeseburger. We'll see who's the moron when I serve you your next meal.
  
  Asshole.
  
  And tell me, do you think it's particularly intelligent to insult the "average American", whom "there are more of than there are of you"?
  
  Just think of how stupid the angry mob is as they rush you. They're so stupid you probably can't reason with them. I hope that consoles you as you get the beating of your life.
  
  Yeah. That's realy smart of you.
5. Re:So wrong! by LurkerXXX · 2006-03-13 05:55 · Score: 4, Interesting
  
  if you have net access, you are in the top 1/3 or so of the US intelligencia.
  Really? That's suprising seeing that nearly 75% of U.S. households have internet access. (And that was back in 2004)
  Went to college? More like the top 10%
  So, going to college puts you in the top 10% eh? From 1990 to 2002, the number of high-school graduates entering college went from 60% to 64%. The percentage of Americans ages 25 to 29 with a bachelor's degree rose from 23% to 29%. Top 10% just by going to college? I don't think so.
  I expect you must be one who has fallen for the scams the way you pull numbers out of your ass to describe the American public.
6. Re:So wrong! by Al+Dimond · 2006-03-13 06:38 · Score: 1
  
  Having 'Net access doesn't mean you're smart, it just means you have money and the desire to have it.
  
  I am in college now, and I can tell ya for sure that colleges are full of idiots, again, people with some money that want to be in college. Oh yeah, and they think they're smarter than everyone, and have networked with people that can help get them cushy well-paying jobs.
  
  People don't work the crap shifts at McDonald's because they're stupid; the stupidity is that enough people want to eat junk food at midnight that they stay open (similarly, Hummer isn't hurting the environment by building SUVs that get 10mpg, consumers are hurting it by driving them around mall parking lots). As long as there's a wage paid for working the night shift at McDonald's people will do the work because they need the money.
  
  There are lots of stupid people in America, and all over the world. Many of them are members of your so-called "Intelligentsia" (by the way, you misspelled and misused the word; my use of it was more appropriate but maybe a bit melodramatic, check a dictionary or wikipedia or something). Your stereotypes of intelligence simply don't hold water.
Bank network security by RingDev · 2006-03-13 05:19 · Score: 3, Interesting

I worked for a non-consumer bank as a consultant a few years back, and I was rather concerned with what I saw there.

The IS Coordination was rabidly anti-Microsoft. The network was mostly windows 98/NT machines on Banyon Vines 3.0 (this was in 2001, right about the time Novel released Banyon 6 I believe) with a handful of Unix based servers.

To prevent possible security breaches, none of the machines had access to the internet except for a few special machines. Those machiens where not suppose to have access to the internet and the intranet at the same time. What actually happened was that those employees with "one or the other" access figured out they could just leave both cables plugged in and no one would know.

Towards the end of my contract, relations where breaking down. The IS Coordination was accusing me of purposely introducing bugs to inflate my hours, and I was accusing her of blatant incompetence. The bug that she had been accusing me of creating happened only on the normal staff's PC. My laptop, and her brand new PC worked fine. Turns out that not only were they using an out dated version of Vines (v3 -> v6) they had also not patched it on any of the worker machines (They were on v3.0, and at that time v3 was patched to v3.3). Her machine and my laptop had been fully patched. The problem wound up being one of the dated libraries included in Vines 3.0.

Unregulated internet access + outdated and compromised network system + a high volume of multi-million dollar transactions = receipt for disaster.

-Rick

--
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
Limits by Renraku · 2006-03-13 05:41 · Score: 1

With the potential for the Chinese (or whoever's puppeting that server) to gain a lot of money from dumb people this way..

What is the limit before the government does something about it? I mean we could do it any number of ways. Covertly..overtly..fast..slow..with a side of fries..whatever you want.

Whats it going to take to make us drop a server like an armed drunk charging an officer?

--
Job? I don't have time to get a job! Who will sit around and bitch about being broke and unemployed then?
"Hacked Server"? by Anonymous Coward · 2006-03-13 09:09 · Score: 0

And we know this is hacked..how? Maybe they did it on purpose? When did the chinese government and upper management decide to be nice to other people? Everything else they do is to profit themselves, like sucking in free R&D and cash investments into their economy. Where have they ever respected any sort of foreigners property rights, intellectual or otherwise? Where have they ever told the truth on anything important upfront? When did they stop being a one party dictatorship? When did the PLA stop being the true owner for most of their so called "civilian corporations"?