[nonrelevant] 2019 military hacking quip article online

Karl gmkarl at gmail.com
Mon Dec 28 09:41:15 PST 2020 

On Mon, Dec 28, 2020 at 12:13 PM coderman <coderman at protonmail.com> wrote:
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Monday, December 28, 2020 4:10 AM, Karl <gmkarl at gmail.com> wrote:
>
> ...
> > always sketchy when somebody says it's known who did an international
> > hack. implies either international hackers don't know how to actually
> > hide who they are, government security workers place blame too
> > readily, the public is being lied to, or the international security
> > communities are staring at each oter all day, letting each other do
> > everything, only stopping it afterwards. or all of those, i suppose.
> > am i wrong?
>
>
> you're right. i should have said *most likely* china.
>
> the way they (industry) attribute hacks is multifaceted. some information comes from the exploits used, which give clues to nationality, past activity, and technical capability.
>
> the best hints are given by underlying infrastructure. if China builds an infrastructure to attack target X, Y, Z, then that same infrastructure attacks Q, you know that Q was attacked by China. (most likely :P

if a normal cracker thought of this, they would of course compromise
somebody else's infrastructure and use that, as a norm.  i think
crackers think of things like that, if they are able to do them, which
they usually are.
back when i paid attention to things, random crackers were way more
knowledgeable than government or corporate employees.

> the wikipedia page does a good job summarizing the evidence:
> """
> The overwhelming consensus is that the cyberattack was carried out by state-sponsored attackers for the Chinese government.[4] The attack originated in China,[6] and the backdoor tool used to carry out the intrusion, PlugX, has been previously used by Chinese-language hacking groups that target Tibetan and Hong Kong political activists.[4] The use of superhero names is also a hallmark of Chinese-linked hacking groups.[4]

when i found the trojans on the activist computers in west virginia
around 2013, they were modified forms of a chinese trojan used for
credit card theft, that didn't appear to be publically documented.
i'd never investigated a trojan much before.

my perception was that crackers lived all over the world, and got paid
very well.  i don't know much about it.

More information about the cypherpunks mailing list