Wicked Rose

Wicked Rose is the pseudonym of a Chinese hacker responsible for developing the GinWui rootkit used in internet attacks during the summer of 2006. It has been suggested that he works for the Chinese Army.

Beginnings[edit]

Tan Dailin was a graduate student at a Sichuan University^[1] when he was noticed (for attacking a Japanese site) by the People’s Liberation Army (PLA) in the summer of 2005. He was invited to participate in a PLA-sponsored hacking contest and won. He subsequently participated in a one-month, 16-hour-per-day training program where he and the other students simulated various cyber invasion methods, built dozens of hacking exploits, and developed various hacking tactics and strategies.^[2] He was chosen for the Sichuan regional team to compete against teams from Yunnan, Guizhou, Tibet, and Chongqing Military District. His team again ranked number one and he won a cash prize of 20,000 RMB.^[3]

Network Crack Program Hacker Group[edit]

Then, under the pseudonym Wicked Rose, he formed the Network Crack Program Hacker Group (NCPH Group) and recruited other talented hackers from his school. He found a funding source (an unknown benefactor) and started attacking US sites. After an initial round of successful attacks, his funding was tripled. All through 2006, NCPH built sophisticated rootkits and launched a barrage of attacks against multiple US government agencies. By the end of July, 2006, NCPH had created some 35 different attack variants for one MS Office vulnerability. During the testing phase, NCPH used Word document vulnerabilities. They switched to Excel and later to PowerPoint vulnerabilities. The result of all of this activity is that the NCPH group siphoned thousands, if not millions, of unclassified US government documents back to China.^[2]

References[edit]

^ ^a ^b NICOLE PERLROTH. "School contest makes a game of finding future U.S. computer defenders". International Herald Tribune. Archived from the original on 21 September 2014. Retrieved 12 August 2014 – via HighBeam.
^ ^a ^b ^c "Wicked Rose and China's information war". Personal Computer World. Archived from the original on 2011-09-30. {{cite magazine}}: Cite magazine requires |magazine= (help)
^ ^a ^b U.S. Senate Committee on Homeland Security and Governmental Affairs Hearing: Cyber Security: Developing a National Strategy, Testimony of Alan Paller (PDF), retrieved 2014-08-12

"Times Online article". The times (subscription required).

[PERLROTH-1] NICOLE PERLROTH. "School contest makes a game of finding future U.S. computer defenders". International Herald Tribune. Archived from the original on 21 September 2014. Retrieved 12 August 2014 – via HighBeam.

[PCW-2] "Wicked Rose and China's information war". Personal Computer World. Archived from the original on 2011-09-30. {{cite magazine}}: Cite magazine requires |magazine= (help)

[Paller-3] U.S. Senate Committee on Homeland Security and Governmental Affairs Hearing: Cyber Security: Developing a National Strategy, Testimony of Alan Paller (PDF), retrieved 2014-08-12

[1]

[2]

[3]