Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
China Crime Privacy Security IT

How a Chinese Hacker Tried To Blackmail Me 146

Posted by timothy
from the shame-if-anything-was-t'-happen dept.
An anonymous reader writes "Slate provides the first-person account of a CEO who received an e-mail with several business documents attached threatening to distribute them to competitors and business partners unless the CEO paid $150,000. 'Experts I consulted told me that the hacking probably came from government monitors who wanted extra cash,' writes the CEO, who successfully ended the extortion with an e-mail from the law firm from the bank of his financial partner, refusing payment and adding that the authorities had been notified. According to the article, IT providers routinely receive phone calls from their service providers if they detect any downtime on the monitors of network traffic installed by the Chinese government, similar to the alerts provided to telecom providers about VoIP fraud on their IP-PBX switches. 'Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move...' writes the CEO. 'With China's world and ours intersecting online, I expect we'll eventually wonder how we could have been so naive to have assumed that privacy was normal- or that breaches of it were news.'"
This discussion has been archived. No new comments can be posted.

How a Chinese Hacker Tried To Blackmail Me

Comments Filter:
  • Words mean things (Score:5, Insightful)

    by chicago_scott (458445) on Saturday February 09, 2013 @08:36PM (#42847309) Journal

    That's a criminal, not a hacker.

    • by ireallyhateslashdot (2297290) on Saturday February 09, 2013 @08:38PM (#42847313)
      You're half right. Criminals can be hackers, and hackers can be criminals. They aren't mutually exclusive.
      • by h00manist (800926)

        Perhaps words don't always mean things. Given how much of social life is dominated by lies and falsehood.

      • by Pf0tzenpfritz (1402005) on Saturday February 09, 2013 @11:07PM (#42847939) Journal

        He's completely right. As a gov monitor the guy did not have to hack into anything. Everything was already there. Technically, he did not even have to use equipment in a different way as he was expected to - and blackmail hardly qualifies as "social engineering".

        No hack found here. Just a cheap and nasty case of corruption - but what else would you expect from a professional denouncer?

        • How was the access restricted corporate information obtained? Was the corp office physically breached? Was the copy/info hardcopy or digital? IMO maybe a cracker was involved and did break US laws.
          • by oh21 (2837481)
            IMO - Possession of stolen property knowingly is a crime, and the stolen property was obtained by cracking. Being in possession of the property IMO would be a cracker act.
      • Sorta like the Venn diagram of the seedy underworld, then?
      • by Anonymous Coward

        The popular use of the word hacker implies he broke into a system to retrieve his information, preferably with some sort of coding or technical gymnastics involved. This Guy just used software that was available to him as part of his job.

        Therefore :he's not a hacker even in the popular sense of the word.

      • Way back in the good old days, before politicians and the news became aware of technical stuff (not technology). Some folks called them criminal hackers "crackers" and used hacker to mean technology "right-stuff." Politicians and most talking-heads could not understand how culture and race of white-crackers learned technical stuff. Anyway; hackers are not criminals, all crackers are criminals, and politicians or talking heads and most C*Os are RFClueless (intentional).
    • Re: (Score:1, Informative)

      by Anonymous Coward

      The hacker vs. cracker war was lost a decade ago. Let it go. It is too ingrained now. The best you can do now is talk about the color of their hats.

      • by SJHillman (1966756) on Saturday February 09, 2013 @08:54PM (#42847373)

        I don't think he was referring to hacker vs cracker in the sense that "hackers are good, crackers are bad". He was saying "No hacking, good or bad, occurred here. Just good, old-fashioned criminal activity that just happens to involve a computer." This is mostly obvious by the fact he never mentioned the term "cracker".

        • Exactly. Blackmail is a crime not a hack.

          • In China it is very heavy handed and abusive. In others, very subtle and well disguised. But. Every country has numerous entities monitoring what everyone does online. And there's usually nobody monitoring the monitors.

            • by wisty (1335733) on Sunday February 10, 2013 @12:33AM (#42848281)

              Try getting a job at the NSA. You'll be security-screened up the wozoo, and then face 10 years in the slammer if you leak. Ask Manning.

              There's also a lot of security - no USB drives, no internet (they'll have 2 computers, one of which can only access a LAN where the confidential information is kept), audits, lots of rules, etc. Manning used a CD burner. I'm betting that's going to be a bit harder to do now.

        • If he said some Chinese car salesman was trying to blackmail him....would that change the fact that he is a car salesman or would I have to say "criminal". Some would argue that some car salesman are criminals too, but the use of the word just sounds ridiculous. I want to protect the word 'hacker' from exclusive association with the world of crime as the next guy but it sounds to me like some 'hacker' tried to blackmail him.
        • by Guignol (159087)
          cracker was implied by the term blackmail instead of whitemail
        • by rizole (666389)
          On a computer? He should patent that.
        • Hacker == criminal computer break-in artist.

          We lost the war. Give it up.

          We lost the term. It no longer means someone who cleverly just can make a computer system do something it wasn't designed to do.

          The term "hacker" has been successfully stolen by the media. It's gone forever. Finished.

          Accept it and move on.

    • by eksith (2776419) on Saturday February 09, 2013 @09:37PM (#42847561) Homepage

      And if you mention The Gay Science, how many people do you know that think of Nietzsche? Terms change with the times. Not always for the better, but they do.

    • by Anonymous Coward

      Is slashdot a National Enquirer wannabe?

      "a CEO" story from some obscure website twice over is the source of slashdot scoops?

      I'm "a nobody" who banged Jodi Foster and Ellen Degeneres in a menage a trois. Scoop this slashdot?

      Hundreds of millions of Chinese(American too?) operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move

      Kettle calling the pot black much?

      • by JWSmythe (446288)

        I'm "a nobody" who banged Jodi Foster and Ellen Degeneres in a menage a trois. Scoop this slashdot?

        Who hasn't? I even submitted pictures. All I got was just got an email asking me for more.

    • by m00sh (2538182)

      At the time, I was the chairman of a company that was building shopping centers in China. The company was a partnership of three entities: a major U.S. bank, a Chinese state-owned enterprise, and my firm. We were building centers in third- and fourth-tier cities. The anchor tenant was a multinational hypermarket. Nearly all the employees were Chinese. It was an exhilarating adventure for me, but it was of little consequence politically. The enterprise was building Chinese shopping centers in Chinese cities

  • I think the person that started this should be called what they were, a government censor and the Chinese government should realize corruption is an inevitable result of censorship.
     

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      a government censor and the Chinese government should realize corruption is an inevitable result of censorship.

      The inevitable result of government itself is corruption.

      Arguing over minor facets is pretty pointless in the long run.

      • by jhoegl (638955)
        Actually... you should refine that to The inevitable result of financial incentive and/or monetary status is itself corruption.
        What are we; but slaves to finances?
        • The issue is the stupid shareholders and investors. The CEO will loose his or her job if they want to hire Americans who wont steal instead.

          Have you ever watched Shark Tank? Mark Cuban is on that show and basically unless you are willing to move to China they wont even talk to you! One lady went on and said she did just that and her supply copied her design and went around her and sold it at the major retailers for less cost and practically put her under. The investors with the exception of Cuban still didn

        • by h00manist (800926) on Saturday February 09, 2013 @09:34PM (#42847543) Journal

          Go to a financial power center, find the center of crime. Well dressed, groomed, prepared, by an army specialists in PR, marketing, design, security, privacy, and secrecy. But it is laying around there, somewhere. Most surely, the evidence and main coverup is in the security, legal, and accounting divisions. Enron was never alone.

          • by foobsr (693224)

            Go to a financial power center, find the center of crime. Well dressed, groomed, prepared, by an army specialists in PR, marketing, design, security, privacy, and secrecy. But it is laying around there, somewhere. Most surely, the evidence and main coverup is in the security, legal, and accounting divisions. Enron was never alone.

            Bad thing that the criminals are those who are seen as successful. Somehow, values clarification did not work in the past century (so the starting point, strangely, coincides with the establishment of the Federal Reserve System - no, i will not mention the air of the "Elders of Zion" - forgery or not - except in a side note).

            CC.

        • by Lisias (447563)

          What are we; but slaves to finances?

          I think you're holding, I mean, taking it wrong.

          We aren't slaves to finances. We're slaves to another people, that happened to control this weird thing called finances.

          Do not confuse the tool with the hand that wields it!

      • The inevitable result of government itself is corruption.

        The inevitable result of humans living socially is corruption. Therefore, people should cease to be social animals because somewhere along the line someone will screw someone else over.

        The inevitable result of money is corruption. Therefore, we should abolish all monetary systems and the systems of distribution that depend on them.

        The inevitable result of monogamy is corruption. Therefore, we should embrace Brave New World sexual practices and everyone should sleep with everyone so no one will be jealous.

        Do

        • The inevitable result of monogamy is corruption. Therefore, we should embrace Brave New World sexual practices and everyone should sleep with everyone so no one will be jealous.

          This is what I keep telling my fiancée, but she still seems sceptical.

          BTW, you should mark that up as <cite>Brave New World</cite>. Most UAs display it as italic, but semantically speaking, using <i> (yecch) or <em> is not the same at all.

      • by Shavano (2541114)

        a government censor and the Chinese government should realize corruption is an inevitable result of censorship.

        The inevitable result of government itself is corruption.

        Arguing over minor facets is pretty pointless in the long run.

        Only because without government, there are no rules against which corruption can be judged.

  • by foobsr (693224)
    I recall that there were rumours that TLAs scanned e-mails for certain keywords which gave birth to sigsalikes containing lists of them. I am too lazy to determine the time this was (can't remember exactly, perhaps a decade ago), but I think the Chinese were not (really) on the net yet, thus did not invent the path to destroy privacy.

    CC.

  • just like home! (Score:2, Insightful)

    by Anonymous Coward

    Hundreds of millions of Chinese operate on the Internet without any real sense of privacy, fully aware that a massive eavesdropping apparatus tracks their every communication and move..

    ... just like Google! And Facebook! And half the Android apps!

  • by inglorion_on_the_net (1965514) on Saturday February 09, 2013 @09:35PM (#42847551) Homepage

    I don't understand the summary, but riddle me this: Is there any good reason not to use end-to-end encryption?

    We've had PGP since 1991 and SSL and SSH since 1995. Some of these were developed in response to plaintext sniffing attacks. That means that the fact that communication in the clear is a security risk and the fact that there are people listening to your communications in order to obtain sensitive information haven't been news, and easy ways to protect your communications against this have been available, for over 15 years.

    • by Kozz (7764) on Saturday February 09, 2013 @10:04PM (#42847669)

      ...We've had PGP since 1991 and SSL and SSH since 1995 ... easy ways to protect your communications against this have been available, for over 15 years.

      I don't think that your definition of "easy" is the same as mine. I've worked with all kinds of operating systems, hardware, software, and so on. I've read TLDP while deciding how I wanted to configure the multitudes of flags for a new kernel on my Slackware box (Pentium MMX FTW!). I'm not afraid of trying new stuff or reading documentation to get it done. I've used PGP(GPG) and I'd say it's far from easy. I understand PKI principles on a superficial level, but to use PGP hasn't ever been intuitive to me.

      It's probably safe to say that a great number of people reading this post have had to field telephoned questions from relatives who didn't know how to download and install a Windows application. And you're telling me that PGP is easy? In the few cases I've used it, I've also had to give my colleagues or business partners tutorials on how to read or compose emails with it, because I'm the techie-guy, not them. And because of the high bar, there were very few people in personal or professional circles who could receive such a message.

      HTTPS is relatively easy to implement for administrators and it's transparent to most users, requiring little additional knowledge. I really do welcome the day when a PGP-like product is that easy to use.

      • by ntropia (939502)
        I'm not convinced, and re-compiling the kernel seems like an extreme example to me.
        The point would be that users who don't know how the FFT works shouldn't be able to use Instagram (oh, boy, if I wish so...).
        The reality is that people use tons of complex algorithms every day without knowing it not because they are easy, but because they've been made easy for them and/or implemented in a transparent manner. Pretty much none of Gmail users even know what HTTPS stands for, but everybody started using it when
      • It's probably safe to say that a great number of people reading this post have had to field telephoned questions from relatives who didn't know how to download and install a Windows application.

        We're not talking about your grandma or dad or uncle Joe...

        We're talking about a fairly substantial company doing business in China.

        Common sense and perhaps (if they had it) internal security *should* have suggested encryption for critical business communications with the Mother Ship.

        • by AK Marc (707885)
          I set up a connection from the US to Singapore, and we set up something fancy and new, a VPN. Though this was 15+ years ago, not current-day, so I'm sure this unreliable and newfangled tech will never catch on. Every email would get sent over the VPN and out the US connection.
      • Re: (Score:2, Insightful)

        by Anonymous Coward

        The reason it's not ubiquitous is US federal laws on the encryption of export. That's what's blocked its proper use with PGP, and with proper 3DES 25 years ago for UNIX passwords, and what prevents the use of reasonably robust encryption built into network cards themselves. The restrictions on export have also been used as a bludgeon to threaten companies that provide *domestic* end-to-end encryption in their products.

        There have been attempts to get federal approval for such technologies, but *all* such ap

      • by Kjella (173770)

        Encryption/decryption is easy, it's the key management and "web of trust" that isn't. The thing is, they made this way, way too complicated, theoretically correct and person-oriented. Who knows best if I'm the owner of account foo@domain.com? The domain, because I authenticate against them to collect my mail. I should be able to generate a PGP key and tell domain.com this is my public key. *Optionally* they should also be able to store my private key and let me rely on the safety of my password. On the send

    • Re: (Score:3, Informative)

      Yes,

      If part of your business is in china, and the government demands the ability to intercept its communications.

      Like the summary said, this was likely an official monitor looking to make some quick cash on the side. These are the people who legally have access to your most sensitive corporate secrets because the government says so.

    • by jamesh (87723) on Saturday February 09, 2013 @11:11PM (#42847957)

      I don't understand the summary, but riddle me this: Is there any good reason not to use end-to-end encryption?

      Encryption? Do you have something to hide there, comrade?

      That's the reason why.

  • block china (Score:5, Interesting)

    by fazey (2806709) on Saturday February 09, 2013 @09:39PM (#42847569)
    Honestly, people should really just block all of the chinese IP ranges. I've moved the sshd ports on my servers back to port 22 simply to see how many attempts and from who I get. 80% of the attempts at password cracking are on IP space owned by china. I've reported the IP space to their providers, as well as any email addresses in the SWIP info. Honestly? Screw them. I will block their entire f'ing country, and suggest that everyone else do the same.
    • by decora (1710862) on Saturday February 09, 2013 @10:55PM (#42847893) Journal

      China is full of people who want to reach out to the other countries and talk with us... how can it be good to break them off?

      • by fazey (2806709)
        This wouldn't stop them from talking to us. When you talk to someone over instant messenger, their IP never speaks directly to yours. Companies like google(gtalk), act as a middle man(DMZ? lol) for the information. But expect prying eyes on that conversation. What a lot of people in China used to do, was buy a Server, or VPS in another country. Then VPN to it from China. So information from them to the server was encrypted. Then sent out in whatever protocol was needed. This became popular enough that the
    • This is how the internet dies. If it's not a global network, what's the point?

      It's also racist, but we all get a free pass when talking about Chinese hackers for some reason.

    • Maybe that's what they want.  Maybe they don't want people in their country to see sites that are hosted on your servers.

      Just sayin'...I'm sympathetic because I have the exact same problems.
  • how it is done in the world of un privacy and wannabe anti piracy
  • by decora (1710862) on Saturday February 09, 2013 @10:53PM (#42847885) Journal

    ever heard of Fusion Centers, the TSA, the NSA , etc etc etc?

    granted we dont have widespread extortion and bribery - often because those programs are supposed to be secret.

    • by Nidi62 (1525137)
      You do realize that all a fusion center is is a place to facilitate contact and cooperation between local, state, and federal law enforcement agencies, right? They don't sit there and snoop on every little bit of internet traffic, or watching every car on the street with redlight cameras. At best they may do some analysis of intelligence they receive, but they don't gather the evidence themselves.
  • WTF?? (Score:5, Funny)

    by rudy_wayne (414635) on Saturday February 09, 2013 @11:22PM (#42848011)

    This alleged extortion plot happened in 2007

  • Come on. It is really naive of anyone associated with business with and in foreign countries to not think they would be monitored and possibly have information used against them while on the internet. Personally, I think it says a lot about the individual who seems like this is some big surprise. Possibly he really wasn't qualified for that line of work if he couldn't expect the end results.
  • Monitoring devices (Score:3, Informative)

    by weegiekev (925942) on Sunday February 10, 2013 @03:47AM (#42848895)
    Please take this article with a pinch of salt. I was working in Shanghai in 2008 and spent a few years out there. We had a server room, leased lines, an ICP license. Yes, the internet there was filtered and monitored, but that was all done at the ISP level or beyond. I've never heard of any situation where the government installed a monitoring device attached to a server. I really doubt that's what happened, and it sounds like the person quoted in the article doesn't work in IT. Most likely they had a managed leased line and the telecoms provider was being proactive about the service. That's not uncommon.

    I heard a lot of speculation and fears from colleagues who came over. I had our HR manager tell me how she knew her blackberry was getting monitored because she could hear it getting tapped. Seriously, your mobile doesn't get routed through an analogue exchange with a tape recorder attached. There's a lot of misunderstanding and mistruths that get spread around. That's not to say censorship doesn't happen. A number of people I know had blog posts removed because of sensitive keywords - that actually seemed to be regarded as pretty normal, and they weren't worried about being dragged away for a 'cup of tea' with the authorities. The reality is generally a lot more normal that you'd imagine though.

    In terms of what happened to the CEO's mail account, I think it's much more likely that their machine was compromised with malware. Malware is rife in China, mostly as there's still a huge amount of software piracy. I've seen plenty of download sites in China with files riddled with trojans. Given that their personal email was also broken into, it does sound like their machine was compromised rather than line monitoring. The device attached to the server? I don't buy it...
    • by Anonymous Coward

      Actually, they do have monitoring devices for internet traffic.

      Typically a huaiwei router doing sniffing for keyword traffic that then gets passed to local PSB level monitors.
      I can take a photo for you of one in a day or so if you want. I get to maintain stuff that connects to them, basically you ensure that everything is encrypted and goes through a vpn so they don't get to do much sniffing..

      • by weegiekev (925942)
        If they're providing client routers whic is doing that it's news to me. Would be very interested to know details though. To be honest I wouldn't see the point, it wouldn't be able to do anything you can't do upstream. Re the original article, the suggestion was there was a device inside their network. Again, I really doubt that.
  • Crimes that occur on the World Wide Web are by definition international crimes. They cannot, then, be properly investigated or prosecuted by any national entity. A new global authority is needed for that.

    Seeing how our previous attempts (NATO) of international collaboration have worked out I'm not exactly sanguine that this will occur in my lifetime, but it will have to be addressed eventually. Alternatively, we could just drop some bombs on China. I don't really care.

  • Oh my god, this guy is a criminal!! China is full of smart and opportunistic guys that want to do business without ethics or moral rules. Take take with it.

We will have solar energy as soon as the utility companies solve one technical problem -- how to run a sunbeam through a meter.

Working...