Saturday, December 10, 2016

27 Chinese Hackers Profiled

Hacker use information sharing and collaboration, and there is a large community of Chinese coders are doing just that --exchanging ideas, and tools, and sharing software development.  This week, Wapack Labs published a study of 27 of the most active Chinese coders,  revealing the some common characteristics of this community:
  • These coders are not lone hackers.   They are mostly employed in major corporations or network security entities. This includes Alibaba, TenCent, and Huawei, and security entities KnownSec, Keen Team, and Evil Octal.
  • They are not anonymous.   Real names were found for 18 of the 27 coders studied.
  • Many are well known in China and abroad.  Several of those studied had more than 400 followers, and one had about 1,800.
  • Many are contributing regularly; Several updating ideas and code more than 200 times over a year period.
In addition, the white-hat posture taken by these coders appears to have been accepted so far by the Chinese government.  This community does not appear to fear suppression by the government, similar to the shutdown of the Wooyun vulnerability-hunter website earlier this year.

Why do we care?  We care because our customers need to know who's coming for them, how they work, and how to protect against them. 

We know who they are. We know their telephone numbers, employers, who they're influenced by and who they influence.  And we know what tools they've developed and are using... and with that information, we know the baddest of the bad, and how to protect against them. 


Why should you care? For years, the press has been reporting on various military technologies that have been stolen. I'm sourcing only one for this blog, but there are literally hundreds of pieces published in the last ten years.

What's been stolen? Tech. And then used to compete against non-Chinese manufacturers... what tech?
  • F35
  • Space, Sat, and Missile systems
  • Unmanned Vehicles
  • That really cool DDG that launched from Bath Iron works not long ago 
  • Need more? Try this.
What about non-military? ThyssenKrupp, one of the world's largest steel makers, said it had been targeted by attackers located in southeast Asia engaged in what it said were "organized, highly professional hacker activities". 

Remember RCA? GE Consumer Electronics? Both bought out by a $16 billion French company ..gone (saved from bankruptcy in 2012 by a French government bailout).

And those rare-earth minerals used to make your smart phone? Much of that comes from China.  In 2010 three Australian mining companies who compete with Chinese companies were hacked with attackers later convicted of spying and bribery.

ERP systems, MRP systems, CRM systems, Legal, air traffic control, food, chemicals, pharma... gonegonegonegonegonegonegone and gone.... shall I continue?

How do they do it? They work together. The share information and profit from it.  And as their information sharing processes get better, our global intellectual property losses will continue to follow suit --in an inversely proportionate way.

They share information.  And so should we. 

The Defense Industrial Base's supply chain is under constant attack. Many of the big companies can handle themselves --or maybe some have nothing left of interest, or maybe it's SO easy to hack the supply chain that the bad guys simply pick easier targets; I'm not sure. What I am sure of is that the smaller companies are being targeted. 

Information sharing isn't free --not from the government, not from public-private partnerships, and not from information sharing and analysis centers.  The best intelligence isn't costly --because it's largely available to everyone; hiring smart people to collect it, analyze it, and publish it cost money, as do the systems. So pitch in.  What you get back will more than pay for what you put in. Information sharing --not buying a feed, but really talking, works

Want to know who these bad guys are? Join Red Sky Alliance. My guys are standing by, ready to answer just these kinds of questions.  Until then, keep following our announcements, sign up for our digital storefront, or join us in Red Sky Alliance

Are you a defense company with less than $3 bil in revenue who needs help?  Join Red Sky Alliance. If you've ever thought about joining an information sharing program, or need incident response assistance, call us. We're offering special pricing for defense industrial base companies who can't join other defense-specific information sharing groups. We offer private collaboration, malware analysis, tools, and a dedicated intelligence team; and when you need it, referrals to qualified incident responders who can help clean up, and keep you moving. 

Have a great weekend,
Jeff