Slashdot Mirror
How a Chinese Hacker Tried To Blackmail Me
An anonymous reader writes "Slate provides the first-person account of a CEO who received an e-mail with several business documents attached threatening to distribute them to competitors and business partners unless the CEO paid $150,000. 'Experts I consulted told me that the hacking probably came from government monitors who wanted extra cash,' writes the CEO, who successfully ended the extortion with an e-mail from the law firm from the bank of his financial partner, refusing payment and adding that the authorities had been notified. According to the article, IT providers routinely receive phone calls from their service providers if they detect any downtime on the monitors of network traffic installed by the Chinese government, similar to the alerts provided to telecom providers about VoIP fraud on their IP-PBX switches. 'Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move...' writes the CEO. 'With China's world and ours intersecting online, I expect we'll eventually wonder how we could have been so naive to have assumed that privacy was normal- or that breaches of it were news.'"
That's a criminal, not a hacker.
I think the person that started this should be called what they were, a government censor and the Chinese government should realize corruption is an inevitable result of censorship.
Non bene pro toto libertas venditur auro
CC.
TaijiQuan (Huang, 5 loosenings)
Surely if you let the chinese government attach a box to your server you encrypt the bajesus out of every single byte of data going in, out or stored on the server. To do otherwise just invites this kind of problem.
Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move..
... just like Google! And Facebook! And half the Android apps!
Go to a financial power center, find the center of crime. Well dressed, groomed, prepared, by an army specialists in PR, marketing, design, security, privacy, and secrecy. But it is laying around there, somewhere. Most surely, the evidence and main coverup is in the security, legal, and accounting divisions. Enron was never alone.
Build your own energy sources from scratch. http://otherpower.com/
I don't understand the summary, but riddle me this: Is there any good reason not to use end-to-end encryption?
We've had PGP since 1991 and SSL and SSH since 1995. Some of these were developed in response to plaintext sniffing attacks. That means that the fact that communication in the clear is a security risk and the fact that there are people listening to your communications in order to obtain sensitive information haven't been news, and easy ways to protect your communications against this have been available, for over 15 years.
Please correct me if I got my facts wrong.
Honestly, people should really just block all of the chinese IP ranges. I've moved the sshd ports on my servers back to port 22 simply to see how many attempts and from who I get. 80% of the attempts at password cracking are on IP space owned by china. I've reported the IP space to their providers, as well as any email addresses in the SWIP info. Honestly? Screw them. I will block their entire f'ing country, and suggest that everyone else do the same.
But there were lots of American companies manufacturing high tech devices used for phones, computing, communications, military and satellites in 1982. General Dynamics, IBM, RCA, AT&T just to name a few, and none of which could be reasonably characterized as communist.
Reagan wasn't the sharpest tool in the shed, but I'm sure he would have heard of at least two of those.
Meh, it wouldn't have been that big of a deal. Thirty years ago they were making similar jokes about Japan.
"From the depths of my skeptical and rationalist soul, I ask the Lord to protect me from California touchie-feeliedom."
ARGH! Edit... bloody ipad missed my typing...
"American companies are deliberately having Chinese companies manufacturing high tech devices"
Just bought a new quantum computer, but I'm uncertain how it works.
A 'CEO' "payed' "$150,000" to ... shut up the complaint ?
No he didn't. He refused to pay the extortion.
Go to a financial power center, find the center of crime. Well dressed, groomed, prepared, by an army specialists in PR, marketing, design, security, privacy, and secrecy. But it is laying around there, somewhere. Most surely, the evidence and main coverup is in the security, legal, and accounting divisions. Enron was never alone.
Bad thing that the criminals are those who are seen as successful. Somehow, values clarification did not work in the past century (so the starting point, strangely, coincides with the establishment of the Federal Reserve System - no, i will not mention the air of the "Elders of Zion" - forgery or not - except in a side note).
CC.
TaijiQuan (Huang, 5 loosenings)
In China it is very heavy handed and abusive. In others, very subtle and well disguised. But. Every country has numerous entities monitoring what everyone does online. And there's usually nobody monitoring the monitors.
Build your own energy sources from scratch. http://otherpower.com/
how it is done in the world of un privacy and wannabe anti piracy
oh crap they're monitoring us. everybody play it cool or they'll shut off our supply of iphones and ipads.
what time period are we living in, is this the early 90's?
ever heard of Fusion Centers, the TSA, the NSA , etc etc etc?
granted we dont have widespread extortion and bribery - often because those programs are supposed to be secret.
SSH works out of the box.
OpenSSH on linux distros and PuTTY for windows, dropbear on embedded crap.
My 80+ year old alzheimers Dad can use SSH and he has never taken a computer course in his life. Totally not exaggerating or kidding. If you can't learn how to use SSH in half an hour, you are not competent to drive a car or use a telephone.
China is full of people who want to reach out to the other countries and talk with us... how can it be good to break them off?
This alleged extortion plot happened in 2007
Come on. It is really naive of anyone associated with business with and in foreign countries to not think they would be monitored and possibly have information used against them while on the internet. Personally, I think it says a lot about the individual who seems like this is some big surprise. Possibly he really wasn't qualified for that line of work if he couldn't expect the end results.
Saw one of those investigative crime shows on TV about some cop-turned-rapist in California using police computers to "research" his victims before committing his crimes.
You better assume any form of electronic communication is monitored.
Try getting a job at the NSA. You'll be security-screened up the wozoo, and then face 10 years in the slammer if you leak. Ask Manning.
There's also a lot of security - no USB drives, no internet (they'll have 2 computers, one of which can only access a LAN where the confidential information is kept), audits, lots of rules, etc. Manning used a CD burner. I'm betting that's going to be a bit harder to do now.
It's probably safe to say that a great number of people reading this post have had to field telephoned questions from relatives who didn't know how to download and install a Windows application.
We're not talking about your grandma or dad or uncle Joe...
We're talking about a fairly substantial company doing business in China.
Common sense and perhaps (if they had it) internal security *should* have suggested encryption for critical business communications with the Mother Ship.
If you want news from today, you have to come back tomorrow.
I suspect the buzzing on your phone isn't coming from your phone. It's coming from the implant in your head. Have you checked for signs of alien abduction? I suspect that you may fit nicely in another demographic.
Serious? Seriousness is well above my pay grade.
Beware of getting involved with Chinese companies.
I have seen several business friends in the technology industry dealing with Chinese businessmen - turns out their companies were all owned by the People's Liberation Army.
At the end, they all suffered losses and getting their technologies stolen and copied. They also found bugging devices and spyware installed by the Chinese businessmen.
Please take this article with a pinch of salt. I was working in Shanghai in 2008 and spent a few years out there. We had a server room, leased lines, an ICP license. Yes, the internet there was filtered and monitored, but that was all done at the ISP level or beyond. I've never heard of any situation where the government installed a monitoring device attached to a server. I really doubt that's what happened, and it sounds like the person quoted in the article doesn't work in IT. Most likely they had a managed leased line and the telecoms provider was being proactive about the service. That's not uncommon.
I heard a lot of speculation and fears from colleagues who came over. I had our HR manager tell me how she knew her blackberry was getting monitored because she could hear it getting tapped. Seriously, your mobile doesn't get routed through an analogue exchange with a tape recorder attached. There's a lot of misunderstanding and mistruths that get spread around. That's not to say censorship doesn't happen. A number of people I know had blog posts removed because of sensitive keywords - that actually seemed to be regarded as pretty normal, and they weren't worried about being dragged away for a 'cup of tea' with the authorities. The reality is generally a lot more normal that you'd imagine though.
In terms of what happened to the CEO's mail account, I think it's much more likely that their machine was compromised with malware. Malware is rife in China, mostly as there's still a huge amount of software piracy. I've seen plenty of download sites in China with files riddled with trojans. Given that their personal email was also broken into, it does sound like their machine was compromised rather than line monitoring. The device attached to the server? I don't buy it...
Evil(?) Chinese(?): "Hi, give me money, here's stuff from you I'll distribute to your competitors if you don't."
CEO's Lawyer: "No. The authorities are notified."
Evil(?) Chinese(?): "Ok, forget about it."
Where's that a story for this site?
Is that you, Marlon? Moving on from MMOs, I see...
This is a little confusing though. the internet is dying cuz of thinks like this on here, i mean i think there might be a pinch of racism to this, especially when you start to hear countries like china or Nigeria... oh well. My website is here BTW incase anyone might wanna help with a review. :)
and you should feel bad
It sounds like you don't have ADHD, but just had a bit too much of that cocaine.
Paranoia and irrational thinking are two good signs you're just having a bad trip man.
Just try to chill, it'll all be better when you get your next hit.
Crimes that occur on the World Wide Web are by definition international crimes. They cannot, then, be properly investigated or prosecuted by any national entity. A new global authority is needed for that.
Seeing how our previous attempts (NATO) of international collaboration have worked out I'm not exactly sanguine that this will occur in my lifetime, but it will have to be addressed eventually. Alternatively, we could just drop some bombs on China. I don't really care.
Hacker == criminal computer break-in artist.
We lost the war. Give it up.
We lost the term. It no longer means someone who cleverly just can make a computer system do something it wasn't designed to do.
The term "hacker" has been successfully stolen by the media. It's gone forever. Finished.
Accept it and move on.
oh crap they're monitoring us. everybody play it cool or they'll shut off our supply of iphones and ipads.
Please do!, Shut off the supply. I'm tired of the hipster garbage icrap. In the past year I have been in two car accidents, One cause by a hipster texting on his iphone and the second they were using a ipad as a map.
Way back in the good old days, before politicians and the news became aware of technical stuff (not technology). Some folks called them criminal hackers "crackers" and used hacker to mean technology "right-stuff." Politicians and most talking-heads could not understand how culture and race of white-crackers learned technical stuff. Anyway; hackers are not criminals, all crackers are criminals, and politicians or talking heads and most C*Os are RFClueless (intentional).
How was the access restricted corporate information obtained? Was the corp office physically breached? Was the copy/info hardcopy or digital? IMO maybe a cracker was involved and did break US laws.
IMO - Possession of stolen property knowingly is a crime, and the stolen property was obtained by cracking. Being in possession of the property IMO would be a cracker act.
What else did he know? What else was there to know? Who was doing this? Why? What did other people already know? Was there anything about me they didn’t know, or couldn’t misconstrue to their advantage?
Have you ever heard of encryption?
It should be standard on every e-mail app, just like it's standard on every router. I would love to encrypt all of my e-mail, but my friends are either too lazy, or too technically illiterate, to install and use it. If it was part of setting up your e-mail, well, the world would be a better place. Tell ya what, though: If I were doing business in a place China, (or Russia, or Cuba, etc.), I would insist upon it. But, who knows what servers your e-mail gets bounced around on as it is?
-- sudon't
Air-ride Equipped
Wait,,,hold on now!!! NSA has lots of rules? Screw that! I want to work at a government agency that has no rules and lets me do whatever I want!
IBM's global tentacles stretch throughout the cocaine industry, even in Iraq.
I don't think I've seen conspiracy theories about Big Blue since the early 90's...its refreshing to see it again.
Oh my god, this guy is a criminal!! China is full of smart and opportunistic guys that want to do business without ethics or moral rules. Take take with it.
whoever thinks that our (americas) internet is not fully monitored is plain stupid. -go back to reading your iPad.
anybody remember the days when we sent out emails & communications w/ trigger words to try and cause the echelon system to hick-up.. maybe expose a vulnerability?
that was like 15-20 years ago!!
that system that monitored all electronic communications was sold to police and re-branded carnivore i do believe.
I still have the risk-assessment document of possibility of economic abuse of the joint UK/USA system...
so just imagine what the joint UK/USA or CIA or NSA system(s) are like today. They are tied into every wireless carrier, every major back-end company like google.. key routers & switches..
get over it, its not new.
As if the U.S. isn't spying on us all already. This kind of thing makes me laugh. It's absurd to think that Bush didn't start the spying and that the DHS/FBI/DEA etc. are not knee-deep in your email already. In fact, the FBI has been doing it for decades. Don't believe it? Watch 'The Spy Factory' on Nova. At least the Chinese know they are being spied on. Americans go la de dah about it and think they're immune.