Comments on: Green Dam Youth Escort

Green Dam Youth Escort

vidur — Wed, 28 Nov 2012 18:16:46 -0800

"During his civil lawsuit against the People's Republic of China, Brian Milburn says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed. That doesn't mean Milburn's adversary had no contact with him." [China Mafia-Style Hack Attack Drives California Firm to Brink]

By: Horace Rumpole

Horace Rumpole — Wed, 28 Nov 2012 18:21:31 -0800

Kudos to Solid Oak on finding the one adversary that would make me sympathize with the makers of filtering software.

By: srboisvert

srboisvert — Wed, 28 Nov 2012 18:30:40 -0800

Commercial hacker hunters -- who refer to the team as the Comment group, for the hidden program code they use known as "comments" -- tie it to a multitude of victims that include the the president of the European Union Council, major defense contractors and even Barack Obama's 2008 presidential campaign. The group has been linked to the People's Liberation Army, China's military, according to leaked classified cables.

By: XMLicious

XMLicious — Wed, 28 Nov 2012 18:45:42 -0800

Yeah, it's a shame the article wasn't written for a more technical audience. An interesting story, though.

By: 23

23 — Wed, 28 Nov 2012 18:48:19 -0800

From a slightly older article:

The collective's tactic, hacking computers using hidden HTML code known as comments, earned it another name in private security circles: the Comment Group.

So is this only clueless reporters, or are they doing something sneaky with conditional comments?

By: 23

23 — Wed, 28 Nov 2012 18:57:16 -0800

Apparently the group is also known as "Byzantine Candor". Byzantine Candor is not completely free as a band name because it's already a song, unfortunately.

By: srboisvert

srboisvert — Wed, 28 Nov 2012 20:34:53 -0800

An interesting aspect to this article that is unmentioned is how consistently bad the security advice was. If you can't lock your tiny operation down after 3 years of attack you are consistently hiring the wrong people and doing the wrong things.

By: Mach5

Mach5 — Wed, 28 Nov 2012 20:50:13 -0800

in no way is a SonicWall like an old carburetor engine, i bet he hadn't patched it in months or years. proper network security is hard, running windows behind off-the-shelf firewalls just doesn't cut it.

By: Mezentian

Mezentian — Wed, 28 Nov 2012 21:31:29 -0800

jhalderm.com appears to have collapsed under ~~the weight of the Internet~~ Hack Attack. Or is it just me?

By: xcasex

xcasex — Thu, 29 Nov 2012 01:58:21 -0800

this is me, trying to hold on to a suspension of disbelief. the security sector is staffed by 70% charlatans and at best 30% honest to god knowledgeable security geeks. and as far as my experience from working in the enterprise sector, well. I have a hard time believing in the facts stated in the article. "the comment group" hacking via "comments" ... it's like last nights ep of CSI where they were demonizing 3d-printers. use the correct jargon, if you really have to, or generalise it into components. no-one was hacked by "comments" they might however have found sql-injection vectors or some other flaw in the code that leads to the possibility of payloads. bollocks.

By: Sleddog_Afterburn

Sleddog_Afterburn — Thu, 29 Nov 2012 09:29:53 -0800

Here's a more technically detailed investigation from a few years ago:

By: Sangermaine

Sangermaine — Thu, 29 Nov 2012 13:11:13 -0800

Is William Gibson just in charge of reality now?

By: hat_eater

hat_eater — Thu, 29 Nov 2012 14:22:31 -0800

He didn't even attempt to shut down the servers and sanitize the network, however long it takes? Even after finding out that the attacks cost him 50% of sales? Instead, he pored over the files.