|
|
| _____________________________________________________________________ Latest Solved Missions July 2001 Hackers Detected One of Cyberpol's top officers e-mailed the CSO a suspected log of intrusion attempt for inspection. Here are some excerpts: CSO: "dear spirit, just for your info. someone is portscanning your port 5000 for icqtrojan based on the list you last gave me." Spirit: "Thanks for the tip off. I kind of had a feeling someone was knocking on my door. For what ever reason who knows. Maybe they see me as a threat to them or something. I have to laugh at that because I just love it when someone is scared of me especially if they are up to no good." Shanghai Super Computer Centre VS Cyberpol Very sensitive situation and materials. Some excerpts: "Spirit, I did a double check with networksolutions. The IP no longer exists - which means it is part of the block of addresses allocated to Shanghai Super Computer Centre. (Correction: It exists.) The hacker is using a dynamic IP within his organisation. But we managed to trace down his point of origin. (Correction: this is not a dynamic IP, but a static IP) more info from networksolutions Tang, Yun (YTH24) livertalk@AOL.COM (301) 431-5500 Tang, Yun Foong (YFT7) fochi@HONGKONG.COM 852 90388062 (FAX) 852 21668412 tang, yun (YTS43) inreg@CHINADNS.COM 86-0760-8333642 (FAX) 86-0760-8333642 If we narrow it down, the last name is from China: and here's what we've got: tang, yun (YTS43) inreg@CHINADNS.COM tang, yun zhongshan zhongshan, guangdong 500108 CN 86-0760-8333642 (FAX) 86-0760-8333642 Record last updated on 24-Jul-2000. Database last updated on 20-Jul-2001 05:34:00 EDT. But this Tang Yun may not be the Tang Yun we are looking for. For she's not even in Shanghai. No match for Xu De Fa was found, however. A search on google.com search engine produced the results: Super Computer Center Set up in Shanghai(12/2/2000) A major computer center was put in operation Friday in Shanghai, China's leading industrial and commercial city. The Shanghai Super Computing Center is equipped with homemade super computer systems with the highest floating-point speed rated at 384 billion times per second. The establishment of the center is designed to facilitate the development of such areas as weather forecast, information technology, aircraft design, and bio-engineering. The center will provide free service for one or two years to users in the industrial and scientific research industries. Priority will be given to state and local key projects, and training sessions will be held with universities and research institutes. which means they have the potential to launch a major denial of service attacks and all sorts of crap against us and others. A visit to one of the websites resulted in this: ERROR: The requested URL could not be retrieved -------------------------------------------------------------------------------- While trying to retrieve the URL: http://www.sii.com.cn/sii/html/en/infoport/super_computer_center.htm The following error was encountered: a.. ERROR 312 -- Cannot connect to the server This means that: The server might be down, or it could be inaccessible because of a temporary problem. Please try again later. If you receive this message frequently, contact your system administrator. -------------------------------------------------------------------------------- Another search on yahoo sheds more light: 141) 300 - (21-SEP-2000) [SSCC] Shanghai Super Computer Center,Shanghai,China 1) Shenwei 1 300 GFLOPS The Shanghai Super Computer Center was rated No. 141 in the world in terms of raw computing power. It's supercomputer name is called Shenwei 1, with a performance of 300 GFLOPS. More info: News Release May 28, 2000 -------------------------------------------------------------------------------- Super Computer Center Project "Shanghai Super Computer Center" is one of the key components of the Shanghai Information Port Project. It is Shanghai Municipal Government's number one project in the year 2000. On April 28, 2000, Shanghai Information Investment Co., Ltd, the investor of the "Super Computer Center", has signed the Contract for Transfer of Land Use Rights with Shanghai Citic-Power Zhangjiang Co., Ltd. 10,000 square meters of developed land was purchased for building "Shanghai Super Computer center". The computer center itself is a three storey building with a floor space of 6,000 square meters. When completed, it will be regarded as a symbol of Shanghai high-technology development for the 21st century. The ground breaking ceremony was held on May 28, 2000. Vice Mayor Han Zheng has made a speech during the ceremony. According to the construction plan, the concrete structure of the "Shanghai Super Computer Center" will be completed by the end of September, and the entire "Shanghai Super Computer Center" will be completed by the end of this year. "Shen Wei I" will be installed in the "Shanghai Super Computer Center" as its mainframe computer. "Shen Wei I" is the most advanced mainframe computer made in China. The top floating computing speed is as high as 300 billion times per second. "Shanghai Super Computer Center" will provide an open and shareable computing environment to the users of different industries all over the China. Moreover, the "Shanghai Super Computer Center" will offer various information services to Shanghai Information Port, and promote the application of the high performance computer in the fields of information analysis, the management of super dada base, as well as the scientific calculation further search on : Guo ShouJing Road, Shanghai, 201203 revealed that this area is part of a high tech development area in Shanghai. A NSLookup on the IP using special software: NO REVERSE DNS A ping on 61.152.194.81 at 3:35 am Saturday 21st July 2001 Singapore Time produced positive results of REPLY From. On further investigation, the website is actually at http://61.152.194.81 A Black hole check shows that it is not on the blacklist. 07/21/01 04:05:32 Blackhole check 61.152.194.81 nslookup 61.152.194.81 61.152.194.81 is not in the MAPS realtime blackhole list (rbl.maps.vix.com) 61.152.194.81 is not in the MAPS dialup user list (dul.maps.vix.com) 61.152.194.81 is not in the radparker relayed spam system (relays.mail-abuse.org) Another search SHANGHAI SUPER COMPUTER CENTER ADD:No.585.Guoshoujing Rd.Pudong.Shanghai Zip:201203 P.R.C TEL:86-21-50801266 FAX:86-21-50801265 Web Site:http://www.ssc.net.cn E-mail: webmaster@ssc.net.cn Coupled with Spirit's info as below: Reverse DNS Lookup of 61.152.194.81 The computer name ("domain name") identified for this IP address is: ns.apnic.net (Note: if you see "DNSName" enclosed in square brackets, instead of a computer name, that means no reverse DNS entry was found for this IP address, and so the domain name could not be identified.) Whois Lookup of 61.152.194.81 The following information was obtained from the "whois" database for the registry with which ns.apnic.net is registered. This gives administrative and contact information about ns.apnic.net. If no domain name was identified, or if it was not possible to determine which registry the IP address is registered under, and for certain foreign domains that are not currently supported, the information below was obtained from the ARIN whois database. In that case, the information is not about the specific computer at 61.152.194.81. The information in that case is administrative and contact information for the "upstream provider" that administers a block of IP addresses, of which 61.152.194.81 is only one. Particularly in the case of ARIN database results, the whois information below includes administrative information about a group of IP addresses that are all administered together. They may be administered together because the computers are all owned by the same person or organization, but they may not be. For example, an ISP may administer a large block of IP addresses together, but the ISP doesn't own all, or even most, of the computers on its network. Please do not assume the people named in this report are the ones who are responsible for the alert you saw. However, if you are getting repeated alerts from IP addresses in the same IP block, this is a good place to find out who administers the network. If you have identified malicious or highly suspicious activity and have ruled out configuration errors, bugs, and other benign causes, you may wish to contact a network administrator to notify him or her. Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html (whois4.apnic.net) inetnum: 61.152.194.80 - 61.152.194.95 netname: SHANGHAI-SUPER-COMPUTER-CENTER descr: Shanghai Super Computer Center country: CN admin-c: TY77-AP tech-c: XDF1-AP mnt-by: MAINT-CHINANET-SH changed: sptwxl@online.sh.cn 20001219 source: APNIC person: Tang Yun address: 585 GuoShouJing Road,Shanghai,201203 country: CN phone: +86-21-50801771 fax-no: +86-21-50801266 e-mail: yun_tang81@hotmail.com nic-hdl: TY77-AP mnt-by: MAINT-CHINANET-SH changed: sptwxl@online.sh.cn 20001219 source: APNIC person: Xu De Fa address: 585 GuoShouJing Road,Shanghai,201203 country: CN phone: +86-21-50801771 fax-no: +86-21-50801266 e-mail: yun_tang81@hotmail.com nic-hdl: XDF1-AP mnt-by: MAINT-CHINANET-SH changed: sptwxl@online.sh.cn 20001219 source: APNIC It has been known that some websites responded to PCs occasionally. So it could be false alarm, like what you have suspected. Spirit, I need the FULL LOG of ZoneAlarm to analyse it. Especially which PORT the website is trying to access. and click on MORE INFO in Zonealarm alert and pls give me all the details. Also, DID your browser visit the Shanghai Super Computer Website at the IP address? These are important clues. We have stepped up from Def Con 5 to Def Con 4." Final words from Spirit confirmed that he has never ever visited Shanghai Super Computer Centre's website..................... August 2001 Czech Republic Spammer/Troll Case Mr Troll sent a letter of threat to the CSO stating
that “CyberPol is going down and He further posted comments on CyberPol’s forum,
stating that he will be monitoring He impersonated as the starhub spammer, hoping to distract attention. CyberPol tracked him down to Eastern Europe, an ISP in
the Czech Republic. Singapore Starhub Spammer “Mr Tan Kok Siong” A guy calling himself “Tan Kok Siong”
emailed the CSO a virus and a CyberPol tracked “Tan Kok Siong” back to Cyberway, now under Starhub. Starhub anti abuse team advised CyberPol that the
virus may have been CyberPol countered back “If a person knocks you
down, does he apologize CyberPol produced evidence that “Mr Tan Kok
Siong” used a fake and CyberPol countered that the e-mail could not have been
sent unintentionally Starhub acknowledged and action was taken. October 2001 African Scam Busting Efforts Contacted the US Secret Service and the Singapore Police Force and provided them with the necessary intelligence in several major African Scam busting efforts. The Plague of Nimda and Funlove An unintentional sharing of files by one of our elite officers resulted in the rapid contamination of 2,000 files on one of our main PCs by the Nimda and Funlove worms/viruses. Valiant rescue efforts by our anti-virus team finally rid the PC of all Nimda and Funlove worms/viruses using sophisticated tools and techniques. Cyberpol Defense Breached but Repaired in Time A routine inspection of one of our websites resulted in the discovery of a serious breach of security. We discovered a link to a malicious website bent on destroying our reputation. Immediate and decisive steps were taken to take out the link. November 2001 CyberPol Vs Spammers from Korea Net and China Ket Cyberpol received massive spamming from korea Net and China Net in 2 days. Decisive, Strong and stern actions and measures were taken against the perpetuators. The spams stopped on the 3rd day. December 2001 Animal Abuser Website Tracked Down Officer Knat, Commander-in-Chief of the American Ghosts Special Forces, finally tracked down the origin of an extremely brutal website that abuses the freedom and life of animals. Full credits were given to him and those that had helped him. |
