How a Chinese Hacker Tried To Blackmail Me

An anonymous reader writes "Slate provides the first-person account of a CEO who received an e-mail with several business documents attached threatening to distribute them to competitors and business partners unless the CEO paid $150,000. 'Experts I consulted told me that the hacking probably came from government monitors who wanted extra cash,' writes the CEO, who successfully ended the extortion with an e-mail from the law firm from the bank of his financial partner, refusing payment and adding that the authorities had been notified. According to the article, IT providers routinely receive phone calls from their service providers if they detect any downtime on the monitors of network traffic installed by the Chinese government, similar to the alerts provided to telecom providers about VoIP fraud on their IP-PBX switches. 'Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move...' writes the CEO. 'With China's world and ours intersecting online, I expect we'll eventually wonder how we could have been so naive to have assumed that privacy was normal- or that breaches of it were news.'"

Words mean things

[chicago_scott]

That's a criminal, not a hacker.

Re:Words mean things

[ireallyhateslashdot]

You're half right. Criminals can be hackers, and hackers can be criminals. They aren't mutually exclusive.

Re:Words mean things

[SJHillman]

I don't think he was referring to hacker vs cracker in the sense that "hackers are good, crackers are bad". He was saying "No hacking, good or bad, occurred here. Just good, old-fashioned criminal activity that just happens to involve a computer." This is mostly obvious by the fact he never mentioned the term "cracker".

Re:Words mean things

[eksith]

And if you mention The Gay Science, how many people do you know that think of Nietzsche? Terms change with the times. Not always for the better, but they do.

Re:Words mean things

[Pf0tzenpfritz]

He's completely right. As a gov monitor the guy did not have to hack into anything. Everything was already there. Technically, he did not even have to use equipment in a different way as he was expected to - and blackmail hardly qualifies as "social engineering".

No hack found here. Just a cheap and nasty case of corruption - but what else would you expect from a professional denouncer?

Re:Titles

a government censor and the Chinese government should realize corruption is an inevitable result of censorship.

The inevitable result of government itself is corruption.

Arguing over minor facets is pretty pointless in the long run.

just like home!

Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move..

... just like Google! And Facebook! And half the Android apps!

Indeed, you follow the money, you find the crime.

[h00manist]

Go to a financial power center, find the center of crime. Well dressed, groomed, prepared, by an army specialists in PR, marketing, design, security, privacy, and secrecy. But it is laying around there, somewhere. Most surely, the evidence and main coverup is in the security, legal, and accounting divisions. Enron was never alone.

Why not use encryption?

[inglorion_on_the_net]

I don't understand the summary, but riddle me this: Is there any good reason not to use end-to-end encryption?

We've had PGP since 1991 and SSL and SSH since 1995. Some of these were developed in response to plaintext sniffing attacks. That means that the fact that communication in the clear is a security risk and the fact that there are people listening to your communications in order to obtain sensitive information haven't been news, and easy ways to protect your communications against this have been available, for over 15 years.

Re:Why not use encryption?

[jamesh]

I don't understand the summary, but riddle me this: Is there any good reason not to use end-to-end encryption?

Encryption? Do you have something to hide there, comrade?

That's the reason why.

Re:Why not use encryption?

The reason it's not ubiquitous is US federal laws on the encryption of export. That's what's blocked its proper use with PGP, and with proper 3DES 25 years ago for UNIX passwords, and what prevents the use of reasonably robust encryption built into network cards themselves. The restrictions on export have also been used as a bludgeon to threaten companies that provide *domestic* end-to-end encryption in their products.

There have been attempts to get federal approval for such technologies, but *all* such approvied technologies involve someone in the government retaining access to either the private keys, or the signatures to sign new keys for a man-in-the-middle device to do a man-in-the-middle attack without telling the victims. Think I'm kidding? Take a good look at the Clipper Chip, which was only discarded when it was discovered that their "verified secure" technology violated at least 3 patents and could be used to make genuinely private keys despite their best efforts to have a "Law Enforcement Agency Field" to verify that Uncle Sam, or Bubba the KKK sherriff who thinks warrants are for wusses, would always have the private keys available.

They dropped it like hotcakes as soon as someone found out you could use real keys and fake out the LEAF.

what about the innocents?

[decora]

China is full of people who want to reach out to the other countries and talk with us... how can it be good to break them off?