To Catch a Chinese Hacker, or Two

choi

Barbara Demick, China Hacker's Angst Opens a Window Onto Cyber-Espionage; Young man's blog provides a rare glimpse of the secretive hacking establishment of the Chinese military, whose efforts have become a growing concern to the US. los Angeles Times, Mar 13, 2013.
http://www.latimes.com/news/nati ... na-hacking-20130313,0,4812955.story
("He [hacker surnamed Wang] drew particular inspiration from the Fox series "Prison Break," and borrowed its name for his blog")

three consecutive paragraphs:

"Richard Bejtlich, Mandiant's security chief, said posts written by the blogger, who called himself 'Rocy Bird,' provided the most detailed first-person account known to date of life inside the hacking establishment. Although the blog was discontinued four years ago [real family name is Wang; posted some 625 entries online 2006-2009], the techniques described in it remain the same.

"The hacker, whose real family name is Wang, posted some 625 entries between 2006 and 2009. 'Fate has made me feel that I am imprisoned,' he wrote in his first entry on Sina.com. 'I want to escape.'

"Los Angeles Times reporters tracked down Wang and his blog through an email address that was listed on a published 2006 paper about hacking. A coauthor of the paper was Mei Qiang, identified by Mandiant as a key hacker who operated under the alias 'Super Hard' in Unit 61398.


My comment:
(a) My posting title is modeled after

To Catch a Thief
http://en.wikipedia.org/wiki/To_Catch_a_Thief
(a 1955 romantic thriller directed by Alfred Hitchcock)
(b) MEI Jiang 梅 强，网名：SuperHard

(c) The report also says, "Wang earned his master's degree in Internet security at age 25 at the Information Engineering University, run by the PLA in Zhengzhou, Henan province."
(i) This is the paper at issue:

王鹏 季明 梅强 祝跃飞, 交换式网络下HTTP会话的劫持研究及其对策. 计算机工程, 33: 135-137 (2007).
http://www.cdblp.cn/paper/%E4%BA ... E7%AD%96/29499.html
(affiliation: 信息工程大学网络工程系 郑州450002)

, where the link "全文链接：    查看全文>>" leads to a total blank.
(ii) The same paper also appears (actually APPEARED) in
www.ecice06.com
in "PDF/Adobe Acrobat" file format and whose URL was
(A) from Google search:
"www.ecice06.com/.../downloadArticleFile.d"
(B) Clicking the preceding link leads to
  
http://www.google.com/url?sa=t&a ... p;url=http%3A%2F%2F
www.ecice06.com%2FCN%2Farticle%2FdownloadArticleFile.do%3FattachType%3DPDF%26id%3D14856&ei=8utBUYz0LdW14AOXwICQAQ&usg=AFQjCNFuvdo4yxueeuhYLj8TznkX_czIZQ&sig2=WqsvruB0lZWi0W-vuNQCOw

, a blank which can not progress further to
www.ecice06.com.
(C) Still Google took a snapshot, in its entirety, of the paper, in html format:

https://docs.google.com/viewer?a=v&q=cache:iT1G4o8S9v4J:[url]www.ecice06.com/CN/article/downloadArticleFile.do%3FattachType%3DPDF%26id%3D14856+&hl=en&gl=us&pid=bl&srcid=ADGEEShO5y1YWaSqVaXvYpKThOnWK5R7NVql2ZKGlO8KmBQrTvzPqMBBAzJGDC2d-JLvImZdm9y6kBT7-8MkuVCmnly0ntjUkGL2d9zr1FeWC0yk2wEZk4E6AgtXCTEWNGAGM02bDCEr&sig=AHIEtbQ7aBKrAe1p6AkSFvhGR4zGVnNgJg[/url]

(d) The report further states, "Wang is believed to be living in Chengdu. One of his last online traces was a comment posted on Dianping, a popular restaurant review site, about an ice cream parlor in that city."

Dianping  大众点评网
www.dianping.com

(e) The report also remarks:

"Investigators have unearthed birthdays, photographs, profiles on Kaixin (a Chinese version of Facebook), shopping and dining preferences. One hacker's user name appeared in a forum for flower-arranging enthusiasts.

"They logged on to personal email or social networking sites from work, or used their real phone numbers to register Gmail or Hotmail accounts later used for phishing attacks. Mei Qiang, Wang's research partner, posted a note on a software developer's message board looking for extra work.

"'I'm good at writing hacking tools, such as Trojan viruses,' read the advertisement posted in 2005. It was taken down last month after it was discovered by an investigator based in India who runs a blog called Cyb3rSleuth.

* Kaixin  开心网
www.kaixin001.com

(f) Please recall my Yilubbs.com posting dated Feb 19, 2013, which is about ANOTHER Chinese hacker.

A Portrait of a Chinese Hacker. Cloaked by malware, aliases, and misspellings computer spies are usually invisible. This one made a mistake. A special investigation by Dune Lawrence and Michael Riley. Bloomberg BusinessWeek, Feb 18, 2013
http://www.businessweek.com/arti ... s-identity-unmasked
(ZHANG Changhe)