Wednesday, June 4, 2008

Chinese Hackers Going Crazy Everywhere

Metasploit was hacked! Metasploit got hax0r3d! OMG, FYI, beware!

But wait, it’s not as bad as all that. The apotheosis of cool hacker tools was indeed attacked, but as it turns out, the Chinese hackers responsible never actually got into Metasploit’s servers.

According to HDM (H.D. Moore, project lead on your arch nemesis: Metasploit, the application exploitation payload framework), reports of Metasploit’s Web site being hacked were greatly exaggerated. In fact, they were just a testament to the old adage: “There is no such thing as 100 percent security.”

“They can’t pwn the real server, so they pwn one next to it,” wrote HD on IRC. “Then use that to 'man-in-the-middle’ the http responses and inject their own code.”

Essentially, the Chinese hackers—who have been quite active everywhere recently—no that’s not just your logs that see this—who wanted to own Metasploit had to compromise the entire ISP at which Metasploit’s Web site is hosted. When requests came in, the server nearest it on the switch played stand-in. Not that it mattered. The actual code of Metasploit is hosted elsewhere, and the MD5’s wouldn’t match up.

After all the kerfuffle over Chinese hackers I’ve heard over the last week and a half, I have to wonder if some of the resident rebels in China aren’t being forced into such nefarious hack attacks by government policies. I’m not saying that the Chinese government is encouraging hacking of foreign systems, but the country’s internal filtering and censoring policies could be forcing rebellious teens into hacking by default.

Since blogging about the mistakes of China’s policies is essentially illegal, it’s likely that the computer-literate—who in the U.S. write oodles of blogs and protest in the streets—have given up on effecting political change, and have instead spent their lives learning how to mess with other people’s data.

Everyone knows about the great firewall of China: that filter that keeps dissident content out of Chinese computers. Unfortunately, nothing seems to be filtering what’s coming out of China: an ever increasing flow of nasty packets aimed at bringing foreign servers to their knees.

And something about the month of May was particularly exciting for the Chinese hacker world. I’ve heard from a number of sources that their systems were under particularly high volumes of attacks as the month went on. Maybe this is just how China gets ready for the Olympics.
-- Alex Handy

No comments: