Author Topic: Some advice and helpful info regarding using your PC in China  (Read 1622 times)

0 Members and 1 Guest are viewing this topic.

Offline Mikael_Shim

  • | IT Security Analyst & Consultant | CHiNA |
  • Registered User
  • ***
  • Posts: 184
  • Reputation: 7
  • QQ (1494158153)
    • Access any website or service from Within China. 100% anonymously
Some advice and helpful info regarding using your PC in China
« on: September 07, 2010, 08:07:05 pm »
Heres a little contribution to all of those who live and/or use their personal computers when in China. Seeing how tremedously much most of you
guys have contributed with for all the newcomers. me included. I figured it was the least i could do in return.
 
I will be updating accordingly.  If anyone has any questions or need help, just PM me or add me on MSN or QQ

I received an inquiry before today from one of the members here, and i have seen many occurances related to security and safety regarding the
use of your own personal computer in China. As well as VPN and/or Proxy related programs.

I just read in a thread Lain experienced a DNS Spoof attack when at a hotel. So to start off somewhere to give a picture about how much more your computers
are under constant threat compared to home i will give some input to hes experience.


Lain: There is a reason why your security soft detected a DNS poisoning in China. Or more commonly known as an ARP Poisoning attack. If you understand how it works then you will see its a quite simple but effective way to do 2 things.

1. Redirect you elsewhere when you type www.youtube.com you might end up instead at www.china.gov
2. By intercepting all traffic to and from your computer that is sent in CLEAR TEXT, and most traffic is. Even login forms etc. Only SSL or HTTPS sites sends your information encrypted.

At the hotel there are 2 scenarios. Either the hotel runs an constant ARP Poisoning for a simple fact. It will make your VPN or Proxy server useless. Because your traffic is redirected before the Proxy or VPN gateway. I know for a fact that simple but very effective technique is used widely in China to make make simple Proxy or tunneling useless. If you ever experienced your proxy or vpn works great at site a but wont at site b. It means they run ARP Poisoning as a protective measure.

How does it work? Geniously. And anyone can do it, even my mum. This is a stoneold technique still used for alot of hacking purposes. You take your computer and goes to say starbuck. You hook up. You get a dynamic IP, DNS and Gateway.  Now the gateway is the same for every computer in that same network, and it is just what it says. A gateway to internet, it routes the packets to and from the internet and delivers them accordingly to the client computers. Now when ur hooked up, you can perform an ARP Poisoning attack in the local network you just need a specific software and minimal understanding, its nothing hightech. You can then target specific clients in the network or all. The more clients you are gonna poison the heavier load on your machine. When you start poisoning what happens is your computer will intercept all traffic and act as a hub between the clients and the gateway.

For what reason? For a Cybercriminal there are tons of possibilities. For example, you can alter the route for any ip or DNS entry. So when everyone tries to surf to www.hotmail.com your computer reroutes that to the gateway and changes the destination to say www.cia.gov but thats no point really, other then causing confusion. A cybercriminal would have a webserver running with an anonymous host, probably in Russia. This homepage looks exactly like hotmail.com but its actually just a fake login form that will catch your username and password. You wont notice anything because after its been snatched it will redirect you to the real hotmail.com and sending the login form so everything will appear normal. But you were just raped in the b, and there were no lube used in the process. The cybercriminal most likely has zero interest in your hotmail account. But many other accounts where you most likely use the same email as username and same password as login. Say Facebook.  This summer an infamous lil hacker in Russia had 1.5 million facebook logins. That he sold openly, yes the Russian underground hacking scene isnt that hard to find nor the Chinese. But even though both foreign governments and security companies knows perfectly well who and what theres not much they can do. They are protected by laws in their countries that doesnt classify their actions as any crime until they actually use it for a criminal purpose. But they never do, they announce they sell the information. The buyers we will never know. But its they who will use it for criminal purposes. This little dude sold 1.5 Facebook accounts in less then a day at 30cent a piece if i recall. Thats quite some money for a kid in Russia. Most people have no idea how much money there is in this business. Facebook announced he was bluffing yet several security companies assured it was not. Facebook even knowing, that last summer the same kid sold around 500k FB accounts the same way.

Instead of redirecting the users traffic, you can also "sniff" all the data packages and log it. 90% of what the computer sends and receives is unencrypted in plain text form. He can then afterwards do the tedious work of reading all your chats, mails, logins etc from these logged packets.

Anyone can do this, all he/she needs is a computer and easy to come by software.

The ARP Poisoning attack actually cant gain access to your computer directly, and your security program actually cant do much to prevent it. It can detect an ongoing Poisoning attack and deny to respond to it. But your traffic is still intercepted before it hits internet.

A poisoning attack usually will degrade the performance of a network if there are many clients connected and it might feel like ur back to surfing at 14.4bps.  Most people
have no clue at how vulnerable they are.

If you are in China, you are at the very center of the source to 80% of all malicious sourcecode.  There is a reason why the Ukraine, Russia and China has the best hackers in the world. Because their laws allow them to. It ifs not illegal to write malicious source code, it is illegal when you use it for a criminal purpose. The writers never do. They write highly sophisticated trojans (and much else) that are then being sold on underground forums to private buyers who then uses these trojans to in many cases make BIG $. The infamous bankingbot (trojan) Zeus sells for about 4000 us$ with all addons. Sounds ridiculous? yes .. yet there are Thousands of buyers paying that.

Your commercial security softwares will be completely defenseless against these threats more or less due to a simple fact. 90% of all Anti Virus / malware products rely on an ancient technique. they identify the threat by finding a unique signature. Just like every individual has a unique DNA strain, every file/process has a unique signature. That means first the threat has to be identified, then analyzed, first then can they issue a definitions update for your Security software. If you are in China you are the first potential target before it even gets spread outside Asia. What makes it even more difficult is that these hackers are pretty damn good at what they do. many have circumvented the possibility to capture a digital signature of their program. There are numerous techniques like polymorphing that will actually have the program act as a continuously chameleon, Virtualization techniques that makes the code overwrite and scramble itself over and over.  Yes, one could say that the makers of these sophisticated threats are way ahead of the security companies.

My advice if ur in China hehe, remember this. These sophisticated programs do not act like the traditional viruses. In most cases once a computer is infected they will do close to no noise and you wont notice its there. But behind the curtains they can log and monitor everything you do, everything you type and so on. However, that is selldom the purpose. The purpose is to make your computer a tool, that they will use to carry out other tasks in a combined network of all infected computers. That can be 10, 100, several thousand, or yes .. several million. And noone has a clue. Well, not amongst the users of said systems. the analysts know because we can see the patterns in the traffic on internet that somethings going on. There is actually a splendid site hosted in China that tracks all control centers for the Zeus bot at. www.abuse.ch (ignore the security warning, its safe).

It is close to impossible today to have a bulletproof protection on your computer. Not even i can and i've worked with this for long enough to puke on it sometimes hehe.
Some security companies have dared to step out of the stoneage though and developed *smart* detectors that will actually judge the files or processes in your computer by their actual behaviour, in realtime. These are called behavioural blockers for most times. Another new technology is Cloud scanning and Cloud Communities which will be where the future development leans at. The idea is pretty genious, it does however require that you are online or it wont work. how it works in short is that all computers running this security software, hook up with eachother. When an anomality occurs it gets detected almost instantly and all clients connected are aware within seconds. Thats why its called 0-Zec, meaning realtime protection from unknown threats or outbursts. The power behind Cloud Communities relies on the size of connected machines.  Chinese security developer Rising has the largest Cloud Community in Asia, and for a Security product the largest in the world with its 250 million users.

The safest bet when in China is to rely on the Chinese or Korean security products. They will be the first that will even be able to protect you. These products are actually very good ones when compared to the major commercial names. Dont rely on the Russian products (Kaspersky, Dr.Web, Agnitum etc) They are fine softwares but they are lagging behind. Dont believe all the fluff you see in reviews and magazines. Its hilarious BS at best. And what is best now, may very well not be in 6 months.

I would strongly discourage the use of either free (limited) versions or cracked/pirated versions when it comes to your protection. Its not much money in the end, the developers NEED it and it may very well save you from a complete disaster either privately or economically.

If you live in China now, i would recommend u to remove your probably western developed product and replace it by any of the following 3 and they are ranked in preferred order.

Rising
(straightforward, biggest suite recommended)


http://www.rising-global.com

(The chinese mainsite offers newer and more stuff but only in Chinese)

http://www.rising.ch

Jiangmin
Dont get fooled by the silly UI. This is a very powerful and effective program. Again chinese versions are usually abit newer and offer more functionality.
The protection modules are the same though


http://www.jiangmin.com

Kingsoft

Didnt impress much by a year ago but has rapidly grown to one of the better solutions in the region. They also offer a free 100% cloud based
Antivirus that uses almost no computer resources at all. They also have a M$ Office clone which is pretty impressive offering all the functionality
of the Microsoft Office core components (not outlook). And is even smaller then Open Office and at the fraction of the price. Can recommend.


www.kingsoftresearch.com

Ahnlabs inc

South korean protection suite. An alternative, but falls a little behind the other 3


www.ahnlabs.com


All the above solutions are despite the seemingly huge number of integrated modules very light on computer resources. No these are not Norton products that installs
1.5GB worth of slow bloatware on your computer.

Advanced users

For those feeling at home pretty well with a computer. And wants the optimal security. There are some alternative protection programs that will coexist with
your security package but is specialized at protecting you against the more unusual type of threats your normal solution wont pick up on. If anyone need help
regarding their functionality or installation etc. just PM me

Behaviour Blocker: (still #1 B-Blocker by far)

Emsisoft Mamutu


http://www.emsisoft.com

Advanced Rootkit protection:

Unhackme


http://www.regrun.com

IP Blocker (Extremely powerful protection if you fully understand how to use it)

Beethink IP Blocker


http://www.beethink.com



Will update further tomorrow..
"Just call me Mikkie , thats what all Asians do anyway"


对于世界而言,你是一个人;但是对于某个人,你是他的整个世界

Offline Willy The Londoner

  • Beyond The Dream in China
  • Board Moderator
  • Registered User
  • ****
  • Posts: 4,004
  • Reputation: 36
  • Hair today - gone tomorrow!!
Re: Some advice and helpful info regarding using your PC in China
« Reply #1 on: September 07, 2010, 09:14:41 pm »
Very Long and probably informative.  If your Mothers understood all the words used then her English is far better than mine! So maybe I have had 60 wasted years learning the language. Well so Ted says.

The vast majority on here have no knowledge of what goes on inside a PC. 

But I am sure someone on here will understand what you are saying.


Willy
Willy The Lpndoner

Now in my 12th year living here,

Paul Todd

  • Guest
Re: Some advice and helpful info regarding using your PC in China
« Reply #2 on: September 07, 2010, 09:18:47 pm »
Mikeal,

I'm not all that good with computers but I will be upgrading the protection as per your advice. Thanks for the list of recommended sites :)

Offline Mikael_Shim

  • | IT Security Analyst & Consultant | CHiNA |
  • Registered User
  • ***
  • Posts: 184
  • Reputation: 7
  • QQ (1494158153)
    • Access any website or service from Within China. 100% anonymously
Re: Some advice and helpful info regarding using your PC in China
« Reply #3 on: September 07, 2010, 09:29:25 pm »
hehe, i assumed many wouldnt. So if anyone feels insecure or need advice. Can just PM me and i will make it easier understandable and answer any questions. I think or hope .. most who read will just get a feeling its something to take seriously. Especiially if inside China.

 8)
"Just call me Mikkie , thats what all Asians do anyway"


对于世界而言,你是一个人;但是对于某个人,你是他的整个世界

Offline Jimmy

  • Soon the Family will be Complete.
  • Registered User
  • ***
  • Posts: 341
  • Reputation: 4
  • She Was A Wonderful Wife
    • Jim N Libo
Re: Some advice and helpful info regarding using your PC in China
« Reply #4 on: September 08, 2010, 02:49:36 am »
The rising is recommended. I bought it for this machine the day I got it. Not real bothersome, Not a bunch of popups trying to sell you something all the time.
I did not notice any reduction in performance like you will with Norton. Updates frequently. If it has something to tell you its usually important. I forget it even there most of the time.
And they have a free version that I have running on my wife's computer.    Free normally is not free, But this Rising seems to be A OK No problems after 6 months now.
I am running windows 7 She has XP Chinese version.
Jimmy Henson

Offline Jan

  • Registered User
  • ***
  • Posts: 101
  • Reputation: 3
  • QQ 1507672319
Re: Some advice and helpful info regarding using your PC in China
« Reply #5 on: September 09, 2010, 11:35:14 am »
Quite interesting to read, and I had no idea it went this far.

I knew that this happens. And this is used as a prank for illeagal WLAN borrowers. Redirecting everything to some "mylittlepony.com" site.

And me graduating from college to IT. And always worked with computers and experimenting...

Hmm I wonder if my good old "F-secure" will be good enough for this. It is quite decent. And it does not allow any internet traffic that I do not allow to come and go.

Do you know if doing a whois on the ip/website gives the fakes away? Or will they have that covered as well on most of the fake sites?

As in if I check in advance for the IPs I wish to allow traffic from and to via certain ports, and deny rest in advance. Before using the computer there?

I also thought that a normal VPN would cover this. But hehe seems like not. Not being able to youtube or google would have a great effect on my life if I premanently lived at China.

I would have to live close to some border of China and other country, then get the other country secretly dig me a cable from their end... Nah just joking.

I only took the basics of networking. So I don't know all of this hehe.

Offline Mikael_Shim

  • | IT Security Analyst & Consultant | CHiNA |
  • Registered User
  • ***
  • Posts: 184
  • Reputation: 7
  • QQ (1494158153)
    • Access any website or service from Within China. 100% anonymously
Re: Some advice and helpful info regarding using your PC in China
« Reply #6 on: September 09, 2010, 01:20:25 pm »
All commercial security softwares will block , some better some worse give and take the most common and known types of threats or intrusion attempts.
Those threats are more harassing then they are actually harmful to you and your integrity. At best they will screw up your computer forcing a complete reinstall.

Its the threats you by all means necessary do NOT want that they are completely ineffective against. If you are abit IT savvy or tech nerd then you probably dont have firewall set to auto but to manual or advanced. And then you have a little better undertsanding of what traffic you should allow and which seems suspect. ARP poisoning though is even due its simple nature, pretty tricky under many circumstances to work around because it intercept and "steals" your data stream after you think you have sent it to the gateway, halways there the assailants computer dupes itself to identify as the gateway and once the packets have left your computer you cant stop them.

In many cases a whois will reveal, it all depends on the level of the assailant. But this is still kidstuff if you comare to the real hightech and sophisticated trojans that all have their makers and their home in this very region. whos clients oftens connects to organized crime and even extreme political interests.

You are also inside a country that virtually monitors 99.9% of its internet exchange data by the gov and military.

Not long ago, a "small" army of computers totalling some 35.000 pc´s had been infected my a stealth trojan that did not more then wait for their master to send his command. And that he did and the order was carried out instantly.

Thats when the White House, Defense department and NASDAQ simultaneously were attacked together with Financial and Government related structures in Seoul.
If you missed this, you can google or find the CNN and FOX shows on Youtube. Infecting these 35K computers took only a very skilled hackers knowledge, spreading it is simple once a computer is infected it will look for other computers within its reach to spread itself to. All trojans listen for commands on a encrypted connection they are pre programmed to connect to. When the guy in control issues the command all trojans react immediately. These 35k kcomputers knocked out telecommunications and internet connections at both white house and defense department. NASDAQ survived but had a pretty rough time. The damages in Seoul are classified.

Who did it? Much points to that it would had been North korea, but it could also just have been a kid in his home who wanted it to obviously look like that.. or a complete unknown source.

The Conficker Worm, is one of the more famous ones because we have been able to once almost wipe it out but it kept retaliating with unexpted consequences. We now have a rather good understanding of its spread and current infection rate. It has been around for several years.  What is most frightening is, we dont know its purpose. It havent done much else then just infect others and lay dormant.

we know for a fact, that over 9 million computers, in schools, homes, governments, company and military buildings are infected. If a small army of 35K could do all that prior damage. do we wanna know what 9 million can? Noone can build a defense against that, not even a country.

when or if it attacks, we wont even know who it is that controls it.

:D hehe ..  We also know that its possible to knock out a whole countries Electricity and landlines this way, they dont even have defenses, yes right.. not even USA have.  It is known that military in Russia, China , Northkorea amongst others have their own program for cyberwarfare.

It may or may not work , defensewise in China. The funny is you wont know. Hehe.

I am using a technique that is almost 100% bulletproof or as close as u get based on virtualization technology. But to most common users this would be something alien. I will be updating info above to include it. Its not advanced at all to either install or use, but its different.

dont forget backups ;)

some info on Zeus explained at a rather easy to understand level

Zeus: King of crimeware toolkits

"Just call me Mikkie , thats what all Asians do anyway"


对于世界而言,你是一个人;但是对于某个人,你是他的整个世界

Offline Peter

  • Registered User
  • ***
  • Posts: 326
  • Reputation: 3
Re: Some advice and helpful info regarding using your PC in China
« Reply #7 on: September 11, 2010, 03:23:32 am »
Could you see any danger with using a VPN-network in China to get through the cencorship of Facebook and Twitter ?? I was writing about this in another thread...
Better to be married to a wife from Changsha then have 7000 women in Chnlove

Offline Mikael_Shim

  • | IT Security Analyst & Consultant | CHiNA |
  • Registered User
  • ***
  • Posts: 184
  • Reputation: 7
  • QQ (1494158153)
    • Access any website or service from Within China. 100% anonymously
Re: Some advice and helpful info regarding using your PC in China
« Reply #8 on: September 11, 2010, 03:53:53 am »
Peter

Actually, its abit tricky. But no. I dont think so. It all boils down to how big a threat the Chinese gov, and military (who is actually the one controlling the countries surveillance of data traffic) sees the encrypted traffic that they are unable to decipher.  Or actually, we know very little of what they actually can. It is said that Enigma can decipher any encrypted data in realtime which most of people working in this field regards as BS propaganda to spread fear. But i sincerely doubt that they could decipher anything above PPTP vpn without pretty heavy resources.

I know alot of Chinese people use it too. So one can assume its being tolerated until it would escalate or raise to such levels that they think they have lost too much control. But for now no. Atleast thats what i think.

They must also consider that some people might be required to use VPN connections , else they wont be able to perform their work because the company they work for enforce VPN to access any resources, and thats a very common thing.

I will be using VPN ofcourse, its far better then proxy or relays. Also, if you have access to a terminal server abroad that is fast enough then you can just connect and do whatever you want from the Terminal session and they cant monitor that traffic at all.
"Just call me Mikkie , thats what all Asians do anyway"


对于世界而言,你是一个人;但是对于某个人,你是他的整个世界