Wednesday, January 13, 2010

Minipost: #CNIRcyberwar ? ? ?

Several Chinese hacker groups have decided to retaliate for the "Iranian Cyber Army" attack against the Chinese search engine,, which we reported yesterday in our story Iranian Cyber Army Returns - Target: Baidu.

A few sources (thanks especially @packetninjas), have sent me links to Chinese webpages where their hacker community is expressing outrage by hacking back. One twitter hashtag seen with regards to this effort has been #CNIRcyberwar .

Despite the hashtag, there is no evidence whatsoever that there are GOVERNMENTS involved in this so-called CyberWar. On the Chinese side, this is the action of some patriotic but mis-guided youth who believe they can change world opinion by trashing a few insignificant websites. On the Iranian side, there is no evidence that any malice was intended towards the nation of China - it seemed their objective was to just place their message before a large audience - a goal they seem to have accomplished. I consider it highly unlikely that additional Iranian attacks on Chinese servers will result from this "CyberWar".

A hacker who claims membership in the "Honker Union for China" has posted many defacements of Iranian sites, along with lists of "official Iranian government sites" that he believes should be targeted, on the site:

There is certainly debate going on, even within his own hacker community. One post this morning on "" argued that the Iranians may not be behind the attack, but that it might really be the "dark Yankees" trying to stir up trouble. The rationale of that poster was that the attack came the day before a Chinese government missile interception test. ??? really ???

(from 自强不息 on

There is also an attempt to improve the image of Chinese hackers in the world with a little grammatical help from their friends. Another "honker" in the room suggests some help with one defacer's wording, suggesting that they replace:

The big national power spurs strong corps!


Our nation has internet experts who aren't afraid to fight back.


we are Oppose the special prganization of IR


We oppose this special organization of IR.

The Iranian attacks are being discussed in a thread on Baidu as well:

This "soldier" is listing stored images of defaced Iranian websites, which he's actually pulling from the posts of "soping" on the site "": - Defaced image, including the text:

chinese honker team[H.U.C.]

I'm very sorry for this Testing!
Because of this morning your Iranian Cyber Army
Maybe you haven't konw this thing!
This morning your Iranian Cyber Army intrusion our
So i'm very unfortunate for you
Please tell your so-called Iranian Cyber Army
Don't intrusion chinese website about The United States authoritires to intervene
This is a warning!
Khack by toutian from Honker Union For China

Other sites on his list include: - Defacement image

CHINA Honker
China do not hear any foreign hacker!
The big national power spurs strong corps!
we are Oppose the special prganization of

Another version of the text read:

We are Red_hacker
Let the world hear the voice of China
The state is higher than the dignity of all!

f*** ir !
china up !
(archived image)

That same text, with a different background image, also appeared on - (archived image)

An earlier version of the text (another hacker probably using the same vulnerability) read:

High-profile work being
Viruses, anti-virus, invasion, the invasion
The darkness of night, slowly permeates the wing?
The third area information security group By: h4ck3ber

The People's Republic of China Long Live
The great Chinese people long live
Domestic safety inspection
Oppose splkitting Safeguarding unity - Defacement image - Defacement image

Each of these sites is being tagged repeatedly by various hackers, as you can see documented in this thread:

No comments:

Post a Comment

Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.