I found a myth on this list that hacking a computer system is a death sentence. I really don't know where and when this mythin is spreading on the Internet. I guess the myth came from a case that a hacker was executed, maybe two years ago, and he was the first hacker sent on trial. I read that news couple of years ago both in English and Chinese. The hacker actually was executed for stealing millions of dollars from a bank he used work for, NOT for HACKING. According to Chinese law, any criminal commited to crime that evolves more than $100,000 (the exact number might be wrong) can be sentenced to death. However, nobody noticed the crime behind of hacking but only hacking itself. As far as I know, again my information might be out-of-date, China does not have a law specifically for hacking a computer system if the hacking itself does not cause any "damage" (I cannot define the damage here however). Recently I read a news on the 'Net saying that the People's Daily, which is the official newspaper of China government, posted a message said, it was illegel to lauch attack to any computer system. I don't have more detailed information on this since I am not in Beijing at this moment. Justin Hinderliter wrote:
For those looking for evidence of attacks, I personally know of 3 boxes that were hit and rooted this morning. The three attacks happened between 6:20am and 7:04am. One NT box, one Linux box, and one as of yet unknown OS (haven't gotten ahold of the person yet, but his bandwidth's maxed out and way over what it ever is by about 15x). They're hitting port 80 this morning. One hit from a Mapquest IP, one from bucket.rutgers.edu 165.230.8.106, and one from an APNIC netblock 210.33.68.1 . The webpages they left indicated "fuq you, Americans" and indicated that they were part of the Chinese offensive. PAM session authentication on the linux box noted that a session was opened by user htdig (uid 0) and closed 4ms later. Syslogs were wiped, so were last and lastlog output. The logs are available still despite their efforts since the precaution was taken to have them sent elsewhere and mailed immediately to boot. Other boxes may have been gotten to as well, still looking at them all and unplugging them as I go/advising suspected customers to unplug as well as I find them.
Fuq U2, Chinese. Got plenty of evidence here, and there's a death sentence in China for doing this... provided it was really Chinese responsible. I'm happily contributing all info I have towards investigation and prosecution, and am going to get Mapquest and rutgers.edu to dig up all info they can to track this shit back to where they got hit from.
Hey, just found another one. Note that all Linux boxes were locked pretty damned tight, and even blocked numerous connection attempts on port 80 with portsentry killing the connection and then dropping them to a null route. But all it took was 4ms to run that script. Apparently there's probably a hole in apache 1.3.14-2, as there were no world-writable files in the htp root structure... bugtraq should be interested in this. Have to see what I can dig up post mortem as far as what they used.
"Time for a malenki lemtock of the ole ultraviolence, me droogs."
Cheers.
-- --------------------------------------------------------------- Franklin Lian (Lian Zidan) Global One Principal Engineer Mailstop: VAOAKM0201 Email: Franklin.Lian@Globalone.net 13775 McLearen Road Tel: (703)375-7893 Oak Hill, VA 20171 Fax: (703)471-3380 U.S.A. ---------------------------------------------------------------