A Look Into the Chinese Hacker Underworld

← Back to Stories (view on slashdot.org)

A Look Into the Chinese Hacker Underworld

Posted by kdawson on Tuesday February 2, 2010 @06:55AM from the fun-and-profit dept.

beachels416 writes "The NY Times gained access to a Chinese hacker-for-profit, referred to as 'Majia,' and observed him during one of his nightly 'sessions.' From the article: 'Oddly, Majia said his parents did not know that he was hacking at night [hacking is illegal in China]. But at one point, he explained the intricacies of computer hacking and stealing data while his mother stood nearby, listening silently, while offering a guest oranges and candy.' At another point Majia spoke about the recent Google attacks, and claimed to have particular knowledge of the exact vector used. Nothing too new, but an interesting read nevertheless."

45 of 198 comments (clear)

Min score:

Reason:

Sort:

Well now... by ShaunC · 2010-02-02 06:58 · Score: 2, Funny

That article certainly puts a new slant on things.

--
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
1. Re:Well now... by Anonymous Coward · 2010-02-02 07:00 · Score: 2, Funny
  
  Indeed. Who knew they had oranges in China?
2. Re:Well now... by CorporateSuit · 2010-02-02 07:54 · Score: 4, Funny
  
  Indeed. Who knew they had oranges in China?
  Panda Express.
  
  --
  I am the richest astronaut ever to win the superbowl.
A real hacker... by MindPrison · 2010-02-02 07:00 · Score: 3, Informative

...newer brags ...you'll never know - ever.

--
What this world is coming to - is for you and me to decide.
1. Re:A real hacker... by MindPrison · 2010-02-02 07:01 · Score: 3, Funny
  
  That should be "Never"...damn dworak fingers
  
  --
  What this world is coming to - is for you and me to decide.
2. Re:A real hacker... by MindPrison · 2010-02-02 07:02 · Score: 4, Funny
  
  and that should be "Dvorak"... damn autism...
  
  --
  What this world is coming to - is for you and me to decide.
3. Re:A real hacker... by Anonymous Coward · 2010-02-02 07:06 · Score: 2, Funny
  
  I'm an autistic that speaks fluent typoese, you insensitive clod!
4. Re:A real hacker... by Nathrael · 2010-02-02 09:29 · Score: 3, Funny
  
  The reality is that tons of hacking is done explicitly FOR bragging rights. That doesn't make it any less "real" than hacking done for monetary gain, or any other purpose.
  No, but it makes you stupid.
  
  --
  A good education is a bit like a STD - it makes you unsuitable for a lot of jobs and gives you a desire to spread it.
5. Re:A real hacker... by MaskedSlacker · 2010-02-02 13:20 · Score: 2, Funny
  
  Sexlexia actually.
Lots of content by interkin3tic · 2010-02-02 07:03 · Score: 4, Insightful

To sum up the article for those too lazy to read it
A chinese guy works a day job, works as a hacker at night. Likes to stay anonymous and take money from people's bank accounts.
I guess the fact that this is a chinese guy is shocking to some new york times readers?
1. Re:Lots of content by PFactor · 2010-02-02 07:06 · Score: 3, Funny
  
  Ooh, you forgot the part where he says he...WRITES CODE! Riveting stuff, really.
  
  --
  Don't believe anything I say. I crash test crack pipes for a living.
2. Re:Lots of content by timeOday · 2010-02-02 07:32 · Score: 3, Interesting
  
  Actually, even your negative synopsis of the piece flies in the face of conventional wisdom, which is that attacks of Chinese origin are all a carefully orchestrated by the ruthless and scheming Chinese government to displace America from its "rightful" place of world dominance. So, yeah, the idea that a lot of it might just be petty white-collar criminals who live with their moms is quite a different phenomenon.
3. Re:Lots of content by blitzkrieg3 · 2010-02-02 07:57 · Score: 4, Insightful
  
  Actually, even your negative synopsis of the piece flies in the face of conventional wisdom, which is that attacks of Chinese origin are all a carefully orchestrated by the ruthless and scheming Chinese government.
  Security researchers have identified the attacks against Google to be largely from the Chinese government, as were the politically motivated attacks against the Dala Lama and other Tibetan exiles. There is almost no doubt that the majority of the hacking that goes on in China (and elsewhere) is of the sort that TFA reports on, but linking it to the recent attacks on Google and other US government contractors is disingenuous.
4. Re:Lots of content by HolyCrapSCOsux · 2010-02-02 08:21 · Score: 2, Insightful
  
  Or this piece is a Chinese govenmet sanctioned bit of propaganda. They WANT you to think that it's some individual...
  
  --
  0xB315AA8D852DCD3F3DCA578FD2E0BF88
How to deal with Chinese hackers by arcite · 2010-02-02 07:09 · Score: 2, Funny

If you read the following I'll have to kill you (kindly leave your gps coordinates in my inbox).
Look, its a simple process of elimination. First we coordinate the offender using black-ops satellites circling above the Himalaya. Once the hacker is pin-pointed in his bunker we upload a 'spike' directly to his IP address, which is gained by triangulating his cell phone signature via wi-fi antennas of surrounding Starbucks coffee shops. The 'spike' will immediately disrupt use of his cerebral cortex, thus rendering said malicious and poorly misguided comrade into a defenseless and innocuous teddy bear.
1. Re:How to deal with Chinese hackers by Anonymous Coward · 2010-02-02 08:54 · Score: 2, Funny
  
  Did I fall asleep?
  For a little while.
Perspective check by abbynormal+brain · 2010-02-02 07:12 · Score: 5, Insightful

The article highlights two important facts
1. Fun
2. Profitable
It's been a long time since I broke into my grade school's soda/chips/candy closet from a skylight on the roof. Sitting there drinking soda and enjoying chips, I can clearly remember how exciting (breaking in) and rewarding (chips/soda) it was. Later, I learned to respect other people's property.
So what now?
If you park a trailer in an accessible area ... expect the back doors to be open and the cargo gone. It's very exciting - it's very rewarding. Is it wrong - sure. Are the thieves the ones to blame - no. Not exactly. The thieves are not the ones to blame - the thieves are to be expected. It's an ongoing game where we square off with human nature - make it furn for the security side - keep building better mouse traps. Don't like this perspective? Ok - change human nature then. Good luck.

--
L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
1. Re:Perspective check by ArbitraryDescriptor · 2010-02-02 07:50 · Score: 4, Insightful
  
  You desire something X much. Your perception of the consequences finds them to be of Y severity.
  if(X>Y){
  stealing = rational
  } else {
  stealing = irrational
  }
  
  You may be wrong about Y, but given the set of information you behaved rationally. In other words: If you feel you would benefit a net life-improvement by taking the object, it seems rational to do so. Doesn't mean it's ethical, but the debate of moral absolutes and human nature is another subject entirely.
2. Re:Perspective check by brian0918 · 2010-02-02 08:08 · Score: 2, Insightful
  
  You may be wrong about Y, but given the set of information you behaved rationally.
  Reason doesn't occur in a vacuum, just as your actions don't occur in a vacuum. The rational choice is that which is objectively determined to be in the interest of your life. Thus, theft is always irrational, as it is never in the interest of your life to steal - you violate the rights of others, you make yourself dependent on the failures of others, you cannot pretend to know enough to properly assess the situation (Y), and you encourage others to violate your rights in the process.
3. Re:Perspective check by drinkypoo · 2010-02-02 08:33 · Score: 2, Insightful
  
  It's no more settled than whether some guy 2000 years ago really died for our sins.
  Nah, that's quite well settled. If he existed, he died for pissing off the Roman authorities. Bitch-slapping the money changers and uniting the poor interferes with tax revenues.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
4. Re:Perspective check by DigiShaman · 2010-02-02 13:51 · Score: 2
  
  Are the thieves the ones to blame - no. Not exactly. The thieves are not the ones to blame - the thieves are to be expected.
  Just because thieves are to be expected and their actions inevitable, by no means does that let them off the hook of responsibility. That would be like some hot chick wearing suggestive clothing while walking down a dark alley and not blame the rapist. No, at the very least she's just dumb.
  No matter the circumstances or inevitability of a situation, we are all *each* held responsible for our own actions. Period.
  
  --
  Life is not for the lazy.
cracking is illegal in any civilized country by tokul · 2010-02-02 07:14 · Score: 3, Insightful

cracking is illegal in any civilized country. I am pretty sure that if he spends nights hacking, Chinese authorities won't put him in jail unless he tries to hack something in order to circumvent their controls.
Wait, the NYT didn't get hold of this guy on... by A+beautiful+mind · 2010-02-02 07:22 · Score: 2, Insightful

...IRC? Isn't that how hackers talk when they don't want to be overheard?

I guess the NYT needs to attach a disclaimer to the story, because whenever a journalist tries to interview a "hacker" I can't decide to laugh or cry. Something like this would do nicely:

The stories and information posted here are artistic works of fiction and falsehood. Only a fool would take anything posted here as fact.

--
It takes a man to suffer ignorance and smile
Be yourself no matter what they say
Contact the Sales dept... by fahrbot-bot · 2010-02-02 07:23 · Score: 5, Funny

For less than $6, one can even purchase the "Hacker's Penetration Manual."

Sure, please enter your Credit or Debit card info along with Name, Address ... Allow six weeks for delivery.

--
It must have been something you assimilated. . . .
1. Re:Contact the Sales dept... by Anonymous Coward · 2010-02-02 07:33 · Score: 3, Funny
  
  Pffft, like hackers know anything about "penetration". Fake!
2. Re:Contact the Sales dept... by The+Archon+V2.0 · 2010-02-02 07:36 · Score: 5, Funny
  
  For less than $6, one can even purchase the "Hacker's Penetration Manual."
  Sure, please enter your Credit or Debit card info along with Name, Address ... Allow six weeks for delivery.
  I did that. Not a very good book. "Chapter One: Social Engineering." is just six pages of "LOL!" repeated over and over.
Re:I can't help but ask by sopssa · 2010-02-02 07:24 · Score: 2, Funny

Or is China obsessed with kdawson? We can never know.
Shocking! by TSIGabe · 2010-02-02 07:40 · Score: 2, Funny

His C# book on his desk that is.
Wrong word? by humphrm · 2010-02-02 07:45 · Score: 2, Insightful

I didn't see anything in the article about hacking. It all looked like cracking to me.

--
-- "In order to have power, I must be taken seriously." -Mojo Jojo
1. Re:Wrong word? by Lord+Ender · 2010-02-02 09:21 · Score: 4, Informative
  
  Welcome to the English language. When 99% of the population understands a certain word to mean a certain thing, then that word does, in fact, mean that thing.
  What you will find even more confusing is that words sometimes have multiple meanings! For example, the word "hacker" could mean both "a clever programmer", "a golfer", and "a person who circumvents computer system security." All three at the same time! It's amazing.
  
  --
  A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
Re:this just in! by solafide · 2010-02-02 07:47 · Score: 2, Informative

MIT hackers don't tend to do things that are destructive of property, and in fact tend to spend a good bit of money for temporary appendages to various campus buildings for their hacks. I don't actually know a single cracker here at MIT.
Anyone here thinks it's actually a good thing? by francium+de+neobie · 2010-02-02 08:06 · Score: 4, Insightful

I guess plenty of Slashdotters learned a bit about computing from minor cracks - almost everyone has changed a save game file with a text or hex editor. Insecure network shares at your school network. Getting your neighbors' insecure Wifi passwords, someone probably thinks MAC filtering alone is safe. Modifying Flash games to give yourself 2^31 - 1 points on the high score board. Getting root on random poorly secured UNIX terminals in tech expos. Getting into someone else's IIS and read his local files via the canonical path bug many years ago. etc.

Sure it's not healthy if all you do are these minor thing and you keep doing these stuff for years. But it's a good inlet for kids to learn computing nevertheless.
I don't get it by Xaedalus · 2010-02-02 08:09 · Score: 2, Insightful

Why is this guy living with his mom if he's such a great and skilled hacker? Where's his money? Where's his grandiose lifestyle? What is he doing with all those computers he's woven into a bot-net? If he's making all that money, why isn't he spending it?
I wonder if we're making the Chinese Dragon out to be far more fearsome than it actually is. Why exactly should I be afraid of him, and all his Chinese brethren? Yes, they can hack, yes they can start and fight a cyber-war. But I am underwhelmed by their power if all they do is sit there day after day, coding, hacking, "making money", and not doing anything with it. And if they do eventually start and fight a cyber war, then they will end up losing the only medium that gives their life meaning. What happens to these guys when we counter-strike (because I refuse to believe that my fellow Western neckbeards would take a cyber-ass-whuppin' from the Chinese lying down)? When their networks go down and their computers are infected or taken out, what then? I can get up and leave my computer. Can they?
I'm a naive bumpkin most likely, I just fail to see how these guys are so formidable. Pathetic is more like it, like a boxer with a glass jaw. Their greatest strength is actually their weakness.

--
Here's to hot beer, cold women, and Glaswegian kisses for all.
1. Re:I don't get it by francium+de+neobie · 2010-02-02 08:12 · Score: 2, Informative
  
  Stealing bank passwords is one thing, how to transfer the money to your account without being traceable is a much bigger problem.
2. Re:I don't get it by Xaedalus · 2010-02-02 09:38 · Score: 2, Interesting
  
  But that's just it. That's all they're doing: infecting computer, stealing passwords, etc. If you're telling me that there's hundreds of thousands of guys like this just in China alone doing this, then where are the small armies? Where's the hacker mafias? Why aren't they branching out and taking on organized crime? If they are such deviant evil bastards, then where are the results? I don't think there are any. I think we're making these guys to be more badass than they actually are, and buying their lines that they "make mad money". I don't think they are. I think they're getting by on chump change.
  
  --
  Here's to hot beer, cold women, and Glaswegian kisses for all.
3. Re:I don't get it by Anonymous Coward · 2010-02-02 10:17 · Score: 3, Insightful
  
  It's not uncommon in Chinese culture (and in many other non-western cultures) to live with your parents until you get married.
4. Re:I don't get it by Jackie_Chan_Fan · 2010-02-02 10:35 · Score: 3, Insightful
  
  Someone already said it, but in many places around the world, especially china, families tend to live together.
5. Re:I don't get it by Anonymous Coward · 2010-02-02 10:52 · Score: 2, Insightful
  
  In some foreign cultures you're expected to stay with your parents, then take care of them when they get old. If you marry, the bride joins you in the family house. It's a mutually beneficial arrangement: you're taken care of during the first part of your life, they're taken care of during the last part of theirs.
  Not everyone subscribes to the "you're 18? Get the fuck out, good luck with everything" mentality so prevalent in the west.
6. Re:I don't get it by fishexe · 2010-02-02 11:17 · Score: 3, Insightful
  
  Why is this guy living with his mom if he's such a great and skilled hacker? Where's his money? Where's his grandiose lifestyle? What is he doing with all those computers he's woven into a bot-net? If he's making all that money, why isn't he spending it?
  Because it's traditional in Chinese society to live with your parents until you're married. It's becoming less common as time goes on, but I have several friends in China in their mid-to-late 20s who have good-paying careers but still live with their parents. It doesn't have the stigma that it has in the west. And he's probably saving his money up because that's prudent. Another thing about Chinese culture, prudence doesn't make you "uncool".
  
  --
  "I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
sockpuppet by xandroid · 2010-02-02 08:43 · Score: 2, Informative

"Majia" can mean "sockpuppet" in Mandarin.

--
$ echo "ceci n'est pas une pipe" | sed -Ee 's/(eci n|pas )//g'
Re:I can't help but ask by daveime · 2010-02-02 08:50 · Score: 2, Funny

Come on, everyone knows the Great Firewall of China is only in place to filter out kdawson posts.
But, They watched him work! by VortexCortex · 2010-02-02 09:30 · Score: 2, Interesting

...he showed how he hacked into the Web site of a Chinese company. Once the Web site popped up on his screen, he created additional pages and typed the word “hacked” onto one of them.
Perhaps the journalist had no idea how web browsers work...
Perhaps the "hacker" just pressed Ctrl+T then typed:
javascript:document.write('<h1>HACKED</H1>');
into the address bar...(try it)
Point being: The journalist didn't describe "Majia" doing anything that I would consider cracking... From the description given, Majia could have just been updating his own blog.
You can add the word "Hacked" to the top of almost any web page (incuding this one) by pasting this into your address bar:
javascript:b=document.getElementsByTagName('body')[0];b.insertBefore(document.createTextNode('Hacked!'),b.firstChild);void(0);
Does that make you a hacker?
To a NYT Journalist, yes.
1. Re:But, They watched him work! by mrpiddly · 2010-02-02 09:45 · Score: 2, Insightful
  
  The journalist is only writing to their audience. Just because you do not fit into this audience does not make the article any less valid. The target audience does not want to hear about the technical details of the process, they just want an overview, concentrating on the human side of the issue. (The sense of superiority among some people with technical knowledge is really astounding.)
She's not stupid by uvajed_ekil · 2010-02-02 13:30 · Score: 4, Insightful

Oddly, Majia said his parents did not know that he was hacking at night [hacking is illegal in China].

His parents know. If he hacks for money, is up late at night fiddling with computers all the time, and talks about hacking with unusual guests right in front of his mom, she knows what is going on. This is a mother with traditional, conservative beliefs who does not want to be rude and is reluctant to admit that her son is a criminal, so she ignores the entire situation. Not that unusual, and not indicative of some strange counter cultural underworld that is unique to China. Though I'm sure my folks and my friends' parents all thought our blue boxes, black boxes, and mobile (as in, in a car) collections of computers and cordless phones were all for educational purposes back in the day, and the 2600 meetings were just to hang out and drink coffee, since that's what we told them.

--
This is a hacked account, for which the owner can not be held responsible.
Being a gamer makes you a hacker? by Crazy+Taco · 2010-02-02 16:53 · Score: 2, Interesting

According to the article:

And with 380 million Web users in China and a sizzling online gaming market, analysts say it is no wonder Chinese youths are so skilled at hacking.

Umm, I attended a major US university and got degrees in computer engineering and computer science. During my senior year, I lived on a dorm floor that was the home of the "computer science learning community", basically where many of the new freshman CS majors elected to live. All of them, every single one, was a gamer, and many were of the stereotypical Dungeons and Dragons, renaissance festival attending, medieval replica weapon carrying, nonbathing comp sci niche. They got into comp sci because they were nerds with very strong interests in gaming, and quickly found out that comp sci was about math and programming, not slacking off playing games. Not one of them it to their sophomore year in computer science (not that no freshman made it, but none of the ones in the learning community did).
I'm sorry NYT, but you are wrong yet again. Having a bunch of gamers does not mean you have a bunch of hackers. In fact, it probably has an inverse correlation, because those who take the time to really master games like WoW, collecting every item and reaching every level, typically don't have the time to become an expert in how computers actually work. No wonder the NYT is going bankrupt... this is about the same level of accuracy we see in their political and economic stories as well.

--
Beware of bugs in the above code; I have only proved it correct, not tried it.