Recently Yahoo Nes on-line reported the following:
Behind the doors of a Chinese hacking company, a sordid
culture fueled by influence, alcohol and sex (2/3)
By Soo reported from Hong Kong. AP Technology Writer Frank
Bajak
Fri, March 8, 2024 at 1:30 a.m. PST
(continue)
DOCUMENTS REVEAL A SEEDY STATE-LED INDUSTRY
Though I-Soon boasted about its hacking prowess in slick marketing PowerPoint presentations, the real business took place at hotpot parties, late night drinking sessions and poaching wars with competitors, leaked records show. A picture emerges of a company enmeshed in a seedy, sprawling industry that relies heavily on connections to get things done.
I-Soon leadership discussed buying gifts and which officials liked red wine. They swapped tips on who was a lightweight, and who could handle their liquor.
I-Soon executives paid “introduction fees” for lucrative projects, chat records show, including tens of thousands of RMB (thousands of dollars) to a man who landed them a 285,000 RMB ($40,000) contract with police in Hebei province. To sweeten the deal, I-Soon’s chief operating officer, Chen Cheng, suggested arranging the man a drinking and karaoke session with women.
“He likes to touch girls,” Chen wrote.
It wasn't just officials they courted. Competitors, too, were targets of wooing over late night drinking sessions. Some were partners — subcontractors or collaborators on government projects. Others were hated rivals who constantly poached their staff. Often, they were both.
One, Chinese cybersecurity giant Qi Anxin, was especially loathed, despite being one of I-Soon's key investors and business partners.
“Qi Anxin’s HR is a green tea bitch who seduces our young men everywhere and has no morals,” COO Chen wrote to Wu, the CEO, using a Chinese internet slur that refers to innocent-looking but ambitious young women.
I-Soon also has a complicated relationship with Chengdu 404, a competitor charged by the U.S. Department of Justice for hacking over 100 targets worldwide. They worked with 404 and drank with their executives but lagged on payments to the company and were eventually sued over a software development contract, Chinese court records show.
For example, chat records show China’s Ministry of Public Security gave companies access to proofs of concept of so-called “zero days”, the industry term for a previously unknown software security hole. Zero days are prized because they can be exploited until detected. I-Soon company executives debated how to obtain them. They are regularly discovered at an annual Chinese state-sponsored hacking competition.
In other records, executives discussed sponsoring hacking competitions at Chinese universities to scout for new talent.
Many of I-Soon’s clients were police in cities across China, a leaked contract list showed. I-Soon scouted for databases they thought would sell well with officers, such as Vietnamese traffic data to the southeast province of Yunnan, or data on exiled Tibetans to the Tibetan regional government.
At times, I-Soon hacked on demand. One chat shows two parties discussing a potential “long-term client” interested in data from several government offices related to an unspecified “prime minister.”
A Chinese state body, the Chinese Academy of Sciences, also owns a small stake in I-Soon through a Tibetan investment fund, Chinese corporate records show.
I-Soon proclaimed their patriotism to win new business. Top executives discussed participating in China's poverty alleviation scheme — one of Chinese leader Xi Jinping's signature initiatives — to make connections. I-Soon CEO Wu suggested his COO become a member of Chengdu’s People’s Political Consultative Conference, a government advisory body comprised of scientists, entrepreneurs, and other prominent members of society. And in interviews with state media, Wu quoted Mencius, a Chinese philosopher, casting himself as a scholar concerned with China's national interest.
But despite Wu's professed patriotism, leaked chat records tell a more complicated story. They depict a competitive man motivated to get rich.
“You can't be Lei Feng," Wu wrote in private messages, referring to a long-dead Communist worker held up in propaganda for generations as a paragon of selflessness. “If you don't make money, being famous is useless."
(to be continued)
(繼續)
文件揭示了國家主導的骯髒非法活動產業
洩漏的記錄顯示,儘管 I-Soon 在花言巧語的營銷 PowerPoint 演示文稿中吹噓其黑客能力,但真正的業務發生在火鍋聚會、深夜飲酒聚會以及與競爭對手的偷獵戰爭中。 境像顯示出一家公司陷入了一個骯髒、龐大的行業,該行業嚴重依賴關係來完成工作。
I-Soon 領導層討論了購買禮物以及哪些官員喜歡紅酒。 他們交換了想法有關誰只是輕量級選手以及誰可以應付他們的請酒。
聊天記錄顯示,I-Soon 的高管為利潤豐厚的項目支付了“介紹費”,其中包括向一名男子支付了數萬元人民幣(數千美元),該男子為他們與河北省警方簽訂了一份價值285,000 人民幣(40,000 美元)的合約。 為了讓這筆交易更加順利,I-Soon 的營運長 Chen Cheng 建議安排該男子與女性一起喝酒、唱卡拉 OK。
Chen寫道: 「他喜歡觸碰女孩」。
他們不僅討好官員。 競爭對手也成為深夜飲酒聚會的追求目標。 其中一些是合作夥伴 - 政府專案的分包商或合作者。 其他人則是令人討厭的競爭對手,會不斷挖走他們的員工。 通常,他們又會是合作夥伴又會是競爭對手。
其中之一是中國網路安全巨頭 Qi Anxin,儘管它是 I-Soon 的一個主要投資者和商業合作夥伴,但它其受到厭惡。
首席營運官 Chen 在給首席執行官 Wu先 生的信中寫道: 「Qi Anxin 的HR是個綠茶婊,到處勾引我們的年輕人,沒有道德」, 他用的是中國網絡上的誹謗語,指的是看起來天真無邪但野心勃勃的年輕女性。
I-Soon 與成都 404 的關係也很複雜,成都 404 是一家被美國司法部指控入侵全球 100 多個目標的競爭對手。 中國法庭記錄顯示,他們與 404 合作並與其行政主管喝酒,但因未能及時向公司付款,最終根據軟件開發合約而被起訴。
I-Soon 文件的來源尚不清楚,高層和中國警方正在調查。 儘管北京一再否認參與攻擊性駭客活動,但這次洩密事件表明,I-Soon 和其他黑客公司與中國政府有著深厚的聯繫。
例如,聊天記錄顯示,中國公安部向企業提供了所謂「零日」概念的證明,「零日」是一個行業術語,指的是以前未知的軟件安全漏洞。 零日漏洞之所以受到重視,是因為它們可以在被發現之前被利用。 I-Soon 公司的高層就如何獲得它們展開了辯論。 安全漏洞經常在中國國家主辦的年度黑客競賽中被發現。
在其他記錄中,高層討論了贊助中國大學的黑客競賽以尋找新人才。
洩漏的合約清單顯示,I-Soon 的許多客戶都是中國各地城市的警察。 I-Soon 尋找他們認為很受官員歡迎的資料庫,例如越南接通雲南省東南部的交通數據,或西藏自治區政府的流亡藏人仕數據。
有時,I-Soon 會根據需求而進行駭黑客攻擊。 一次聊天顯示,兩方正在討論一位潛在的“長期客戶”,該客戶對多個政府辦公室與一位未指明的 “總理” 相關的資料感興趣。
中國企業記錄顯示,中國國家機構的中國科學院 也透過一家西藏投資基金擁有 I-Soon 的少量股份。
I-Soon 宣揚愛國心以贏得新業務。 高階主管討論了參與中國的扶貧計劃 - 中國領導人習近平的標誌性舉措之一 - 以建立聯繫。 I-Soon 執行長Wu建議他的營運長成為成都市人民政治協商會議的成員,這是一個由科學家、企業家和其他社會知名人士組成的政府諮詢機構。 在接受官方媒體採訪時,Wu 引用了中國哲學家孟子的話,將自己塑造成一位關心中國國家利益的學者。
儘管Wu聲稱愛國,但洩漏的聊天記錄卻講述了一個更複雜的故事。 呈現出一個有競爭力、渴望致富的人。
Wu 在私人資訊中寫道: 「你不可能成為雷鋒」,他指的是一位去世已久的共產黨工人,他在宣傳中被世世代代視為無私的典範;「如果你不賺錢,出名也沒用」。
(待續)
沒有留言:
張貼留言