TEAM HIND

Indian hackers hack FNJ website warning #BackOffNepal

Federation of Nepali Journalists (FNJ) official website has been hacked.
 After hacking FNJ’s official website fnjnepal.org, hackers have posted almost full-screen flag of India with blinking words ‘H A C K E D’ underneath.
The hackers have clearly indicated that the site was hacked by India hackers. They have even posted hashtag #BackOffNepal.
They have written ‘FEEL THE POWER OF INDIAN HACKERS’ at the bottom of the page.
- See more at: http://setopati.net/politics/9593/Indian-hackers-hack-FNJ-website-warning-#BackOffNepal/?utm_medium=twitter&utm_source=twitterfeed

Federation of Nepali Journalists (FNJ) official website has been hacked.

After hacking FNJ’s official website fnjnepal.org, hackers have posted almost full-screen flag of India with blinking words ‘H A C K E D’ underneath.

The hackers have clearly indicated that the site was hacked by India hackers. They have even posted hashtag #BackOffNepal.

They have written ‘FEEL THE POWER OF INDIAN HACKERS’ at the bottom of the page.

AnonFighter

Read More

Payback for Kerala.gov.in to pakistan

=====[[[[[Hell Shield Hackers (India's top Black Hat Team)- IN73CT0R D3VIL ]]]]=====.

About Us : We are Hell Shield Hackers, we hold highest number of Deface Sites by Indian Hacking team on zone-db and zone-h. I, myself is in73ct0r d3vil .(https://twitter.com/in73ct0r_d3vil)
Our motive behind Hack:
In reply to Faisal Afzal hacking kerala.gov.in .. #OpPAKPayback #OpPak #OPKeralaRevenge
We are L@z@rus | Psychotic overload | Distroyer 404 | poison operator | Darka NSH | IN73CT0R D3VIL |
Truth : Indian Hackers havent hacked a single pakistani site after 15th August 2015. But Faisal Afzal hacked kerala.gov.in .. Dude? We are not sleeping . If you even touch a Indian site, we will crush you up.. :3 .Now feel the heat pakistan.gov.pk hacked.
We Indian Hacking Teams are Mallu Cyber Soldiers | Team Hind | cyber pirates | IHC |
http://sdopakistan.org.pk
http://kke.com.pk
http://allitham.com/inju.html
http://movies4u.org/hacked/
http://razzaqbrothers.com
http://jewelery.ajalimodel.com/
http://admission.ajalimodel.com/
http://boutique.richfighter.com/
http://customercare.ajalimodel.com/
http://jahoom.ajalimodel.com
http://login.ajalimodel.com
http://pakistan.ajalimodel.com
http://royal-packages.com
http://putsntech.com
http://mediab.tv
http://khadija.org.pk
http://www.aawaz.edu.pk
http://khabartv.tv
http://epaper.basharat.com.pk
http://basharat.com.pk
http://arifhussaini.com/
http://molaai.com/
http://www.aminternational.pk/
http://pakistanviews.org/
http://shianews.com.pk/
http://al-navidcorporation.com/
http://mwmpak.org/
http://­english.mwmpak.org/
http://­persian.mwmpak.org/
http://­arabic.mwmpak.org/
http://www.hmrb.org.pk/
http://mawara.ajalimodel.com
http://bizheros.com/root.html
http://clientsmadesimple.com/root.html
http://customersmadesimple.com/root.html
http://teachfitnessonline.com/
http://www.hungerfeast.pk
http://youfamousnow.com
http://ytcontrol.com
http://freedom.bizheros.com/
http://shaheed.richfighter.com/
http://www.paspk.org/root.html
http://ajalimode.com
http://baqai.edu.pk/bjhs/images/hacked.html
http://www.hitecmanufacturers.com.pk/
http://fuckistan.hitecmanufacturers.com.pk/
http://jobz4pakistan.com/
http://pakimandi.com/
http://www.upr.edu.pk/
http://helpinghand.pk/
http://www.tradevision.com.pk/
http://gckabirwala.com/faisal-afzal-murdabad
http://mediahostsol.com/?p=2315
http://www.ftpl.com.pk/
http://pwtd.org.pk/
http://aniiq.com/hsh.html
http://iac.com.pk/images/staff
http://www.amitjobplanet.com/
http://paragonpakistan.pk
http://mahasib.com.pk
http://culture.gov.pk
http://flepak.com/news.php
http://aclassvoice.com
http://sic.com.pk/basket.asp
http://verteuilholidaycottages.co.uk/new.html
http://ballerinahalloweencostume.net
http://maxfosterglobal.com/index.php
http://nationalclubpk.com/hello-world/
http://alsrvoice.com
http://edl.com.pk
http://rehmanhabib.com
http://kabaddirao.com
http://cityelectronics.pk/web/
http://manhattanestate.com.pk
http://pakpawind.com/about-us
http://mrfit.pk/about.php
http://phoenixbatter.iaspk.org
http://shireenhafza.com
http://brostar.com.pk/about.php
http://zainoor.com/index.html
http://razorworld.org
http://kphschool.com
http://embroidery.com.pk/news.php?nid=10
http://skillscollege.pk/Vijay.html
http://fentexsurgical.com.pk/aboutus.php
http://awalnet.com
http://puresoul.com.pk/
http://ns1.catapult13.com/
http://ns2.catapult13.com/
http://ns3.catapult13.com/
http://ns4.catapult13.com/
http://ns5.catapult13.com/
http://ns6.catapult13.com/
http://catapult13.com/nimr.php
http://registry.catapult13.com/
http://fashioninworld.net/
http://pakilink.net
http://pakimandi.com/  
http://www.upr.edu.pk/
http://helpinghand.pk/
http://www.tradevision.com.pk/
http://www.ftpl.com.pk/
http://pwtd.org.pk/
http://www.solp.pk/
http://www.kke.com.pk/
http://imranassociates.pk/index.php
http://nimconsultants.com/
http://jmhospital.org/
http://charisma.com.pk/
http://gckabirwala.com/faisal-afzal-murdabad
http://www.bechunk.com/
http://softwcode.com/
http://noon-wal-qalam.com/
DDOSED [ By Mallu cyber soldiers | New world Hacktivists | Hell Shield Hackers | InterAnon ]
Update: Sites are still Down and crashed .
http://pakistan.gov.pk
http://president.gov.pk
http://presidentofpakistan.gov.pk
http://railways.gov.pk
http://cabinet.gov.pk
http://culture.gov.pk
http://dra.gov.pk
http://e-government.gov.pk
http://ead.gov.pk
http://establishment.gov.pk
http://estate-office.gov.pk
http://forms.gov.pkhajj.gov.pk
http://interior.gov.pkipc.gov.pk
http://kana.gov.pk
http://mocad.gov.pk
http://mocc.gov.pk
http://mod.gov.pk
http://modp.gov.pk
http://moent.gov.pk
http://mohtasib.gov.pk
http://moip.gov.pk
http://moit.gov.pk
http://moitt.gov.pk
http://molaw.gov.pk
http://monh.gov.pk
http://mopa.gov.pk
http://mops.gov.pk
http://moptt.gov.pk
http://mora.gov.pk
http://most.gov.pk
http://mowp.gov.pk
http://mpnr.gov.pk
http://msw.establishment.gov.pk
http://narcon.gov.pk
http://nationalheritage.gov.pk
http://nheprn.gov.pk
http://nhsrc.gov.pk
http://pc.gov.pk
http://pcb.gov.pk
http://pmi.gov.pk
http://quaid.gov.pk
http://rti.mocad.gov.pk
http://saarcstat.org
http://statistics.gov.pk
http://surveyofpakistan.gov.pk
http://wwf.gov.pk
Feel the Heat Pakistan. :*
Conclusion : Pakistan if they dare to hack a single Indian GOV site, we will crush their 100 gov sites as we did earlier and today. Mess with the best Die like the rest. #JaiHind #HELLSHIELDHACKERS #MalluSoldiers
Article Posted By AnonIndian
Read More

6 Most Common Password Cracking Methods And Their Countermeasures

There are number of methods out their used by hackers to hack your account or get your personal information. Today in this post i will share with you guys 6 Most commonly used method to crack password and their countermeasures. You must check out this article to be safe and to prevent your online accounts from hacking.

1. BruteForce Attack

Any password can be cracked using Brute-force attack. Brute-force attacks try every possible combinations of numbers, letters and special characters until the right password is match. Brute-force attacks can take very long time depending upon the complexity of the password. The cracking time is determined by the speed of computer and complexity of the password.
Countermeasure: Use long and complex passwords. Try to use combination of upper and lowercase letters along with numbers. Brute-force attack will take hundreds or even thousands of years to crack such complex and long passwords.
Example: Passwords like "iloveu" or "password" can be cracked easily whereas computer will take years to crack passwords like "aN34lL00"
 

2. Social Engineering

 
Social engineering is process of manipulating someone to trust you and get information from them. For example, if the hacker was trying to get the password of a co-workers or friends computer, he could call him pretending to be from the IT department and simply ask for his login details. Sometime hackers call the victim pretending to be from bank and ask for their credit cards details. Social Engineering can be used to get someone password, to get bank credentials or any personal information.
Countermeasure: If someone tries to get your personal or bank details ask them few questions. Make sure the person calling you is legit. Never ever give your credit card details on phone.
 

3. Rats And Keyloggers

 

 

In keylogging or RATing the hacker sends keylogger or rat to the victim. This allows hacker to monitor every thing victim do on his computer. Every keystroke is logged including passwords. Moreever hacker can even control the victims computer.
Countermeasure: Never login to your bank account from cyber cafe or someone else computer. If its important use on-screen or virtual keyboard while tying the login. Use latest anti-virus software and keep them updated. Check out below article to know more about Rats and Keyloggers.

4. Phishing


Phishing is the most easiest and popular hacking method used by hackers to get someone account details. In Phishing attack hacker send fake page of real website like facebook, gmail to victim. When someone login through that fake page his details is send to the hacker. This fake pages can be easily created and hosted on free web-hosting sites.
Countermeasure: Phishing attacks are very easy to avoid. The url of this phishing pages are different from the real one. For example URL of phishing page of facebook might look like facbbook.com (As you can see There are two "b"). Always make sure that websites url is correct. Check out below article to know more about phishing.
 
 

5. Rainbow Table

 
A Rainbow table is a huge pre-computed list of hashes for every possible combination of characters. A password hash is a password that has gone through a mathematical algorithm such as md5 and is transformed into something which is not recognizable. A hash is a one way encryption so once a password is hashed there is no way to get the original string from the hashed string. A very commonly used hashing algorithm to store passwords in website databases is MD5. It is almost similar to dictionary attack, the only difference is, in rainbow tables attack hashed characters are used as passwords whereas in dictionary attack normal characters are used as passwords. 
Example: ‘hello’ in md5 is 5d41402abc4b2a76b9719d911017c592 and zero length string ("") is d41d8cd98f00b204e9800998ecf8427e
Countermeasure: Make sure you choose password that is long and complex. Creating tables for long and complex password takes a very long time and a lot of resources
 

6. Guessing

 
This seems silly but this can easily help you to get someones password within seconds. If hacker knows you, he can use information he knows about you to guess your password. Hacker can also use combination of Social Engineering and Guessing to acquire your password.
Countermeasure: Don't use your name, surname, phone number or birthdate as your password. Try to avoid creating password that relates to you. Create complex and long password with combination of letters and numbers.
 
Article Posted By AnonFighter
Read More

What is phishing and how to be safe from phishing ?

What is Phishing ?

Phishing is one of the type of hacking . It is a method of acquiring sensitive information such as username, password, bank information etc. Phishing page could be saif as an duplicate page of real one. Its look exactly similar as the real page.But when user enter sensitive information on such phishing page his information is send to the E-mail address provided in the phishing page or you can say the one who created that phishing page. Phishing page is mostly send via mail. Target of phishing are mostly social networking sites like facebook, orkut etc. Also Banks website to acquire credit card details,website like yahoo, gmail are also target of phishing.

Example of Phishing scams:
  • Email asking you to login to your locked account to unlock it.
  • Email carrying a Link to sites like Facebook,yahoo etc and asking you to Login.
  • Emails containing some Information of your Interest and asking you to Login to Your Account.
How to be safe from phishing ?
  • Never login to any of your account through link provided in the Email.
  • Go to real website dont click on any link posted anywhere. such as link posted on your facebook wall by friend or link provided in comments or link to ceratin website on any blog.
  • Check the URL of website before entering any sensitive information. Because the URL of phishing page is not same as the URL of  real one.
  • Real gmail page looks like gmail.com while phishing looks different somthing like gmail.anything.com.


    Article Posted By AnonFighter
 
  

Read More

Computer Hacking in the New Age, All you Need to Know about Hacking Today

Every human discovery has pros and cons, so is the computer which has pervaded all our lives. The modern humanity is increasingly dependent on computer for various day-to-day activities. Computers do us a whole lot of good things, but it is not without some pitfalls. With the extensive use of internet for hundreds of our needs, computer opens a vicious cycle of hackers. Computer hacking is a term which refers to an individual’s illegal and unauthorized access to the data which are stored in a user’s system. This is done to disturb the confidentiality and security of the user’s computer.

The hackers focus on individuals’ computer system when they are online. As long as you are not connected to internet you are less prone to hacking. The access to internet has actually made computer hacking easy. You must protect your computer with strong antivirus and firewall programs to keep hackers away. Hackers are known for creating problems which are difficult to solve. This gives a good business to computer investigators and technicians. Hacking can be done in lots of ways. Few of them are given below:
 
  • Worms: These are the programs which propagate through networks.
  • Trojans: These are hidden in websites, attached files and emails.
  • Viruses: These attach themselves to various kinds of files. They can damage certain functions of your computer.
Hackers also crash on wireless networks which do not have firewall installed and enabled. They can also send email attachments with malicious software which get embedded on the victim’s computer. Hackers attack accounts which have weak passwords. All these are done to get access to confidential and sensitive information of the users. Whatever is the method of hacking, the effect is harmful for the user. Your system will be flooded with viruses, malwares which steal your information. In order to avoid hacking one has to make sure that the systems at home or office have the latest anti-virus program and firewall installed and enabled. These programs need to be regularly updated. Use the latest browser and scan your computer on a regular basis.
 

New Age...

The New Age of internet has brought with it many risk factors along with umpteen advantages. The New Age is the time where our personal lives are no longer very personal, but people are able to access personal information of internet users from various sources in the virtual world. We need to be careful about usernames and passwords, else it will lead to dangerous consequences. Universities, large companies and government agencies are mostly targeted by hackers simply because of the bulk of information they handle. The great newspapers like The Wall Street Journal and The New York Times were also targeted by hackers.

Computer hackers are people who gain remote access to information stored in a system elsewhere. During the 1950s and 60s hackers were more drawn towards learning the operations of a computer rather than stealing confidential information of a remote user. Unlike the olden days, now computer hacking has become more sophisticated and organized. In the late 1990s hackers tried to get access to files in the network of Pentagon. Some more expert hackers gained access to the patent files at the Indiana University School of Medicine in February 2003. Many hackers were sentenced in the history since hacking represents a potential national security threat.
 

Viruses

One major tool hackers use to steal information from computer systems is the use of viruses. Over the years the number of viruses has increased drastically. The virtual world now has above 100000 viruses and the number grows virtually every day. Apart from the threat the computer hackers pose, they also can be beneficial in one way. They can bring to light the flaws in a computer network. Hackers can help in redesigning the system and in making information inaccessible to illegal users and to unauthorized access.

Getting Administrative Access

Getting a log in password is one of the predominant ways to get access to a computer which is by the side of the hacker. Getting remote access to a computer is another way to hack a system. Managing to crack a Wi-Fi password is the third method of sneaking into someone else’s system. Hacking if done on a public or school computer will have serious consequences. The hacker will be put behind the bars for illegally accessing the computer which does not belong to him or her.

Article Posted By AnonFighter

 

 

 

 
 

Read More

8 Awesome Tips For Freelance Programmers

A freelance programmer can enjoy a nice career. Not only that, he or she can avoid working at a large corporation where they will have to deal with company politics and an eventual ceiling. Of course, it is not all fun and games as a well-trained and hardworking programmer should follow some basic tips if he or she wants to enjoy success in this arena. With that in mind, here are eight tips for freelance programmers.

1. Constant communication:

When taking on a project, one should communicate with the business as often as possible. This means, when speaking to the client, one should mention any road blocks or any accomplishments. With an open door policy, the programmer will have an easier time keeping clients happy and informed.

2. Educating:

While most software developers possess a lot of skills and brains, it is wise to attend more computer classes. By continuing the education, a hardworking programmer can learn more and avoid getting left behind by the competition. In fact, this is extremely important as this field is ever-evolving and new coding ideas and techniques come up all the time.

3. Do not sell yourself short:

All-too-often, an independent contractor or business owner will ask for a low wage. When doing this, one will hurt their long-term chances for success. While it is not wise to ask for top dollar, it is beneficial to demand a livable wage. Believe it or not, when dealing with a confident programmer, a company is likely to give in to the financial demands.

4. Home office:

 

Whether a person works from home or at the office all the time, they should still have a home office. With this, a programmer can complete tasks without interruption from spouses, children or animals. Without a doubt, this is extremely important as a serious programmer will need to concentrate on the task at hand.

5. Have website and online presence: 

Now, more than ever, a company owner or contractor should have a website and online presence. With this, a reliable software developer can reach millions of potential clients. At the same time, while making a website, one should keep it simple, straightforward and easy to understand. With this, a programmer can showcase his or her talent for the world to see.

6. Outsource quality assurance: 

It is not easy for a programmer to check out his or her programs and code. To avoid turning in a bad product, a smart developer should hire a contractor who can check out the code. By taking a few hours to go over everything, a quality assurance analyst can find any issues and report back to the programmer. This is a great idea as one mistake can result in serious problems in the short and long run.

7. Speak up:

Often, a foolish client will want an unrealistic or impractical solution. While the customer is always right, it is still beneficial if a programmer voices his or her concerns. This should not cause a lot of problems as most business owners will willingly give in as they will, usually, trust the programmer. Either way, it is wise to remain assertive when talking about the product.

8. Set schedule:

It is often tempting for a business owner to set a weird schedule or work nights and weekends. While this is okay at first, a serious programmer who wants to succeed should opt to work a typical 9-5 schedule. This allows other business owners to stay in contact and communicate with the programmer. Since most other entrepreneurs love to work 9 to 5, this is a great way to go above and beyond and offer solid customer support.

It is not easy to work as an independent software programmer. With that in mind, with a few basic tips, a developer can take his or her ideas to the next level. Remember, when focused and ready, a programmer will please his or her clients and make a nice living in the process.
 
Article Posted By AnonFighter

 


 






 


 



Read More

3 Basic Tips to Prevent A DDoS Attack

Distributed denial-of-service (DDoS) attacks are always in top headlines worldwide, as they are plaguing websites in banks, and virtually of almost every organization having a prominent online presence. The main cause behind the proliferation of DDoS attacks is that there is a very low-cost that the attacker has to incur to put such attack in motion. Fortunately, today various prevention methods have been developed to tackle such attacks. Before delving further into understanding about the ways to prevent DDoS attack, let’s first understand what exactly a DDoS attack is!

Understanding DDOS Attack
A DDoS (distributed denial-of-service) attack is an attempt made by attackers to make computers’ resources inaccessible to its anticipated user. In order to carry out a DDOS attack the attackers never uses their own system; rather they create a network of zombie computers often called as a “Botnet” – that is a hive of computers, to incapacitate a website or a web server.
Let’s understand the basic idea! Now, the attacker notifies all the computers present on the botnet to keep in touch with a particular site or a web server, time and again. This increases traffic on the network that causes in slowing down the speed of a site for the intended users. Unfortunately, at times the traffic can be really high that could even lead to shutting a site completely.
 
3 Basic Tips to Prevent a DDoS Attack

There are several ways to prevent the DDOS attack; however, here in this guest post I’ll be covering three basic tips that will help you to protect your website from the DDoS attack.
 

1. Buy More Bandwidth.

One of the easiest methods is to ensure that you have sufficient bandwidth on your web. You’ll be able to tackle lots of low-scale DDOS attacks simply by buying more bandwidth so as to service the requests. How does it help? Well, distributed denial of service is a nothing more than a game of capacity. Let’s suppose you have 10,000 computer systems each distributing 1 Mbps directed towards your way. This means you’re getting 10 GB of data that is hitting your web server every second. Now, that’s causes a lot of traffic!
So to avoid such issue, you need to apply the same rule intended for normal redundancy. According to this technique, if you wish to have more web servers just multiply around diverse datacenters and next make use of load balancing. By spreading your traffic to various servers will help you balance the load and will most likely create large space adequate to handle the incessant increase in traffic.
However, there’s a problem with this method that is buying more bandwidth can be a costly affair. And as you’ll know that the current DDoS attacks are getting large, and can be a lot bigger exceeding your budget limit.
 

2. Opt for DDoS Mitigation Services.

A lot of network or Internet-service providers render DDoS mitigation capabilities. Look for an internet service provider having the largest DDoS protection and mitigation network, automated tools, and a pool of talented anti-DDoS technicians with the wherewithal to take action in real-time as per the varying DDoS attack characteristics. A viable alternative is to utilize a DDoS prevention appliance, which is specifically intended to discover and prevent distributed denial-of-service attacks.

3. Restricted Connectivity.

In case you have computer systems that are connected to the web directly, a better idea is to properly install/configure your routers and firewall so as to limit the connectivity. For an instance, while receiving some data from a client machine you can only allow traffic to pass from the machine only on a few chosen ports (like HTTP, POP, SMTP etc.) via the firewall.

Wrapping Up!

Websites are largely getting attacked by hackers every second. Denial-of-service attack is insanely getting huge and is creating a lot of problems for business organizations having strong online vicinity. In this guest post you’ll not only understand what a DDoS attack actually means, but will also come to know about a few type of methods to prevent DDoS attacks. Aforementioned are three tips that I’ll recommend you to run through to at least understand where to get started towards building a resilient web network with chances of surviving a DDoS attack.

 Article Posted By AnonFighter

 

 

 

 
 


Read More

The USB Kill Switch | Erase Your Data Instantly

A hacker, who also anonymously goes by the alias Hephaest0s, has just published an excellent anti-forensic wipe out software referred to as – usbkill. For those of you taking the name too literally, don’t fret, the software does not exactly do what the term “usbkill” may imply. Instead, the software maintains its observation on what is connected in your current USB slots, as well as also powers down your laptop or computer quickly if something shifts.
The software’s main concept is that it maintains its observation upon exactly what is connected directly into your USB plug-ins and, along with several adjustments, powers down your laptop or computer quickly.
Say for instance, you are notified that a police officer is outside your house, you would stop off your hard drive operating applications on all your PC systems, as well as position all your personal disk drives and USBs into a commercial de-magnetise for bulk chafing. Essentially, you may as well just dispose of them in a trash can and burn them. What if usbkill had been available to Sabu and the rest of LulzSec? – but what is history, is now history.
Furthermore, burning up or de-magnetising has been the primary convenient technique for online criminals and software and movie pirates. These individuals may then get away from law enforcement officers with absolutely nothing but a huge heap of clean devices and unused tapes as proof – nothing to see here.

Read More

An Idea That Can Change The World

The ready to drink water ball, which was developed to substitute water containers made of plastic, has recently been shortlisted as one of several world changing creative ideas that have the potential to drastically transform the planet.
This “ready to drink” item, termed as – Ooho! – is composed of a gelatinous membrane developed from a brownish algae and calcium chloride. As opposed to traditional plastic containers, the container can be safely ingested or thrown away due to the fact it is naturally biodegradable. Its overall appearance has been compared to that of a jellyfish, while others express that the water ball looks like a breast implant. The Global Design Forum (GDF)—a United Kingdom government supported function that is part of the London Design Festival (LDF)—has said that the innovative H2O container, can one day help replace the conventional non-biodegradable plastic water container.
Rodrigo García González, a masters student from the Royal College of Art and from the Imperial College of London, developed the company called – Ooho! The structure of the water ball is meant to replicate purely natural walls, much like the membrane coverings found on eggs, grapes and caviar. This membrane covering can be recreated using a method of spherification. Although the foundations of the invention are in place, its architects agree that the item requires a lot more work. Before Ooho! can replace our ordinary water bottles, the company must develop a membrane layer sturdy enough to be carried carefree, and construct a way for the water container to be re-sealed once opened.
Among the thousands on inventions and ideas that are created every year, this is undoubtedly one of the greatest and world-changing concepts enlisted by the discussion board. In addition to the Ooho!, other great inventions—such as a floor tile that stores the energy of people or things strolling on it, a bee hive which immediately picks up abnormal activity in order to assist and avoid a nest break problem, and a cellular phone software that allows people with no expertise to carry out their own vision tests—were also recognized by the board.
An #idea that can change the world – a drinkable bottle. https://t.co/T2fczba5NW



Read More

China Reveals Its Cyberwar Secrets

In an extraordinary official document, Beijing admits it has special units to wage cyberwar—and a lot of them. Is anybody safe?

A high-level Chinese military organization has for the first time formally acknowledged that the country’s military and its intelligence community have specialized units for waging war on computer networks.

China’s hacking exploits, particularly those aimed at stealing trade secrets from U.S. companies, have been well known for years, and a source of constant tension between Washington and Beijing. But Chinese officials have routinely dismissed allegations that they spy on American corporations or have the ability to damage critical infrastructure, such as electrical power grids and gas pipelines, via cyber attacks.

Now it appears that China has dropped the charade. “This is the first time we’ve seen an explicit acknowledgement of the existence of China’s secretive cyber-warfare forces from the Chinese side,” says Joe McReynolds, who researches the country’s network warfare strategy, doctrine, and capabilities at the Center for Intelligence Research and Analysis.

McReynolds told The Daily Beast the acknowledgement of China’s cyber operations is contained in the latest edition of an influential publication, The Science of Military Strategy, which is put out by the top research institute of the People’s Liberation Army and is closely read by Western analysts and the U.S. intelligence community. The document is produced “once in a generation,” McReynolds said, and is widely seen as one of the best windows into Chinese strategy. The Pentagon cited the previous edition (PDF), published in 1999, for its authoritative description of China’s “comprehensive view of warfare,” which includes operations in cyberspace.

“This study is a big deal when it’s released,” McReynolds said, and the current edition marks “the first time they’ve come out and said, ‘Yes, we do in fact have network attack forces, and we have teams on both the military and civilian-government sides,’” including inside China’s equivalents of the CIA and the FBI.

The acknowledgment could have political and diplomatic implications for China’s relationship with the United States and other Western powers.  

“It means that the Chinese have discarded their fig leaf of quasi-plausible deniability,” McReynolds said. “As recently as 2013, official PLA [People’s Liberation Army] publications have issued blanket denials such as, ‘The Chinese military has never supported any hacker attack or hacking activities.’ They can’t make that claim anymore.”

U.S. officials have spent years marshaling evidence of China’s cyber capabilities and have been escalating efforts to stop cyber spying. Last year, the Justice Department took the unprecedented step of indicting five Chinese military officials for hacking into U.S. companies and stealing their proprietary information to give Chinese firms a leg up on the global market.  

That indictment was met with more denials, which have continued even past the publication of the latest Science of Military Strategy, which has taken months to translate, McReynolds said, and has not been publicized outside the ranks of China analysts.

“When asked, the Chinese as recently as a month ago denied they had a cyber command,” James Lewis, a senior fellow at the Center for Strategic Studies and a leading expert on China’s cyber capabilities, told The Daily Beast. Lewis said that the new revelations won’t come as “earth-shattering” to analysts and experts who closely follow statements by Chinese officials, because “we all assumed they were lying.”

“But it’s interesting, and people outside the community won’t know it,” Lewis said. He compared the revelation to China’s testing, in 2007, of an anti-satellite missile, “which came after they had for years stoutly denied that they were building space weapons.”  

China has divided its cyber warfare forces into three types, said McReynolds, whose analysis is included in his forthcoming book, China’s Evolving Military Strategy, which will be published in October.

First, there are what the Chinese call “specialized military network warfare forces” consisting of operational military units “employed for carrying out network attack and defense,” McReynolds said.

Second, China has teams of specialists in civilian organizations that “have been authorized by the military to carry out network warfare operations.” Those civilian organizations include the Ministry of State Security, or MSS, which is essentially China’s version of CIA, and the Ministry of Public Security (its FBI).

Finally, there are “external entities” outside the government “that can be organized and mobilized for network warfare operations,” McReynolds said.

As to which of those groups is responsible for targeting American companies to steal their secrets, the short answer, says McReynolds: “They all do it.” Espionage by the PLA has been extensively documented, McReynolds said. And a Chinese hacking unit dubbed Axiom that has been linked to intrusions against Fortune 500 companies, journalists, and pro-democracy groups is reportedly an MSS actor. He noted that there are also many ways that Chinese civilians have been seen assisting in industrial espionage, including through “hack-for-cash” operations.

Based on other PLA writings, it appears that the military would most likely handle any targeting of critical infrastructure, McReynolds said.

Now that China is coming clean about its cyber warfare forces, other countries may question whether they can safely cooperate with the government on combating cybercrime. The Ministry of Public Security (MPS), for instance, has assisted more than 50 countries with investigations of more than a thousands cases of cybercrime over the past decade, and China has set up bilateral law enforcement cooperation with more than 30 countries, including the United States, the United Kingdom, Germany, and Russia, McReynolds said.

“With the Chinese now explicitly acknowledging that the [ministry] has network warfare forces stationed within it, the United States and other targets of Chinese state-sponsored hacking will have to weigh carefully whether cooperation with the MPS on cybercrime is worth the risks,” he said.

McReynolds also saw signs of a potential power struggle between the People’s Liberation Army and civilian government agencies like the Ministry of Public Security over who really runs cyber operations within the Chinese system. Those civilian cyber forces operated under the PLA’s “authorization,” according to the Chinese document.

“As unprecedented as it is to have the Chinese military acknowledge the existence of its network attack forces, having the PLA announce the existence of such secretive forces inside the civilian government is particularly unusual, and strikes me as an attempt to ‘plant the flag’ for the PLA,” McReynolds says.

The new analysis of China’s cyber operations has taken a long time to produce, in part because the latest edition of the The Science of Military Strategy wasn’t released until December 2013, McReynolds said. “It takes a while for this sort of information to filter out into the Western PLA-watcher community, especially since there’s no English translation available yet. It was only last summer that the first of us in the community started to obtain copies of the new SMS and go through its contents; it’s hundreds of pages long.”

McReynolds, who said he reads Chinese, also ran his translations by analysts fluent in the language to ensure the accuracy of his work, he said.

China isn’t the only major U.S. adversary with advanced military cyber operations. Russia is a “near peer” to the United States, former National Security Agency Director and Cyber Command chief General Keith Alexander said in 2010. The country’s use of cyber offensive operations has been documented both in Georgia in 2008 and more recently with Russia’s invasion of Crimea in 2014. Those operations, conducted in tandem with traditional combat operations, have been aimed at disrupting adversaries’ communications systems, including public websites.

Experts generally agree that Russia, China, and the United States have the most advanced and sophisticated cyber warfare forces. But Iran has been quickly gaining new capabilities and demonstrated a willingness to use them, as with a massive attack on U.S. bank websites in 2012. North Korea has also ramped up its cyber operations, most notably with the hacking of Sony Pictures Entertainment last year, which prompted the Obama administration to impose new economic sanctions on the hermit kingdom.

Eric Rosenbach, an assistant secretary of defense in charge of homeland defense and global security isssues, has said that some five dozen countries are building a military-cyber operation, equivalent to the United States’ Cyber Command.

 

Team_Hind   AnonFighter

 

 

 

 

 

Read More
Subscribe to: Posts ( Atom )