Re: black hat .cn networks

["Franklin Lian" <Franklin.Lian () globalone net>]

I found a myth on this list that hacking a computer system is a
death sentence.  I really don't know where and when this mythin is
spreading on the Internet.

I guess the myth came from a case that a hacker was executed, maybe
two years ago, and he was the first hacker sent on trial.  I read
that news couple of years ago both in English and Chinese.  The
hacker actually was executed for stealing millions of dollars from
a bank he used work for, NOT for HACKING.  According to Chinese law,
any criminal commited to crime that evolves more than $100,000 
(the exact number might be wrong) can be sentenced to death.

However, nobody noticed the crime behind of hacking but only hacking
itself.

As far as I know, again my information might be out-of-date, China
does not have a law specifically for hacking a computer system if
the hacking itself does not cause any "damage" (I cannot define the
damage here however).

Recently I read a news on the 'Net saying that the People's Daily,
which is the official newspaper of China government, posted a message
said, it was illegel to lauch attack to any computer system.  I don't
have more detailed information on this since I am not in Beijing at
this moment.



Justin Hinderliter wrote:
> For those looking for evidence of attacks, I personally know of 3 boxes that
> were hit and rooted this morning.  The three attacks happened between 6:20am
> and 7:04am.  One NT box, one Linux box, and one as of yet unknown OS
> (haven't gotten ahold of the person yet, but his bandwidth's maxed out and
> way over what it ever is by about 15x).  They're hitting port 80 this
> morning.  One hit from a Mapquest IP, one from bucket.rutgers.edu
> 165.230.8.106,  and one from an APNIC netblock 210.33.68.1 .   The webpages
> they left indicated "fuq you, Americans" and indicated that they were part
> of the Chinese offensive.  PAM session authentication on the linux box noted
> that a session was opened by user htdig (uid 0) and closed 4ms later.
> Syslogs were wiped, so were last and lastlog output.  The logs are available
> still despite their efforts since the precaution was taken to have them sent
> elsewhere and mailed immediately to boot.  Other boxes may have been gotten
> to as well, still looking at them all and unplugging them as I go/advising
> suspected customers to unplug as well as I find them.
>
> Fuq U2, Chinese. Got plenty of evidence here, and there's a death sentence
> in China for doing this... provided it was really Chinese responsible.  I'm
> happily contributing all info I have towards investigation and prosecution,
> and am going to get Mapquest and rutgers.edu to dig up all info they can to
> track this shit back to where they got hit from.
>
> Hey, just found another one.  Note that all Linux boxes were locked pretty
> damned tight, and even blocked numerous connection attempts on port 80 with
> portsentry killing the connection and then dropping them to a null route.
> But all it took was 4ms to run that script.  Apparently there's probably a
> hole in apache 1.3.14-2, as there were no world-writable files in the htp
> root structure...  bugtraq should be interested in this.  Have to see what I
> can dig up post mortem as far as what they used.
>
> "Time for a  malenki lemtock of the ole ultraviolence, me droogs."
>
> Cheers.

-- 
---------------------------------------------------------------
Franklin Lian (Lian Zidan)           Global One
Principal Engineer                   Mailstop: VAOAKM0201
Email: Franklin.Lian () Globalone net   13775 McLearen Road
Tel: (703)375-7893                   Oak Hill, VA 20171
Fax: (703)471-3380                   U.S.A.
---------------------------------------------------------------