Another Chinese Bullying - This Time Against a Private Individual

asianobserve

Tihar Jail
Banned
Joined
May 5, 2011
Messages
12,846
Likes
8,556
Country flag
China Mafia-Style Hack Attack Drives California Firm to Brink
Bloomberg


During his civil lawsuit against the People's Republic of China, Brian Milburn says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed.

That doesn't mean Milburn's adversary had no contact with him.

For three years, a group of hackers from China waged a relentless campaign of cyber harassment against Solid Oak Software Inc., Milburn's family-owned, eight-person firm in Santa Barbara, California. The attack began less than two weeks after Milburn publicly accused China of appropriating his company's parental filtering software, CYBERsitter, for a national Internet censoring project. And it ended shortly after he settled a $2.2 billion lawsuit against the Chinese government and a string of computer companies last April.

In between, the hackers assailed Solid Oak's computer systems, shutting down web and e-mail servers, spying on an employee with her webcam, and gaining access to sensitive files in a battle that caused company revenues to tumble and brought it within a hair's breadth of collapse.

One-Man Fight

As the public dispute unfolded in decorous courtrooms, Milburn's computer prowess was tested to its limits in what amounted to a digital home invasion by what he later learned was one of the most prolific hacking teams in China. He waged his own desperate one-man fight without weapons or help from authorities, swapping out servers, puzzling over middle-of-the- night malfunctions, and watching his sales all but evaporate -- his every keystroke monitored by spies who had turned his technology against him.

Milburn, 61, rarely took a day off during that time as he struggled around the clock to keep his computer network running and his firm afloat. He doubts he'll ever know exactly what was going on, but he has theories.

"It felt like they had a plan," says Milburn, sitting in his office two blocks from Santa Barbara's main drag, where he's now focused on rebuilding his business. "If they could just put the company out of business, the lawsuit goes away. They didn't need guys with guns or someone to break my kneecaps."

Clandestine Methods

The cyber attack against Solid Oak provides a rare look at the clandestine methods in play as high-tech spies and digital combatants seek to gain a brass-knuckle advantage in the global economy, from trade disputes to big-dollar deals to lawsuits. U.S. officials say that China in particular uses its national security apparatus for such intrusions, targeting thousands of U.S. and European corporations and blurring the traditional lines of espionage.

While his civil case was pending, Milburn didn't discuss the cyber intrusion publicly, saying only that the company and its Los Angeles-based law firm had received e-mails containing spyware. He had no idea who was behind it until last August, when he provided malware samples to a
security firm at the request of a Bloomberg reporter.

A forensic analysis of the malware by Joe Stewart, a threat expert at Atlanta-based Dell SecureWorks, identified the intruders who rifled Solid Oak's networks as a team of Shanghai- based hackers involved in a string of sensitive national security-related breaches going back years.

Many Victims

Commercial hacker hunters -- who refer to the team as the Comment group, for the hidden program code they use known as "comments" -- tie it to a multitude of victims that include the the president of the European Union Council, major defense contractors and even Barack Obama's 2008 presidential campaign. The group has been linked to the People's Liberation Army, China's military, according to leaked classified cables.

The Solid Oak attack is a micro tale of what some of the U.S. and Europe's largest corporations have experienced, says Representative Mike Rogers, a Republican from Michigan who chairs the House Intelligence Committee. The campaign to steal private files and intellectual property, even to the point of collapsing businesses, amounts to a criminal racket for commercial gain, says Rogers.

"I used to work organized crime in Chicago -- I don't know, but it sure seems like there are a lot of similarities," says Rogers, a former FBI agent.
Unlikely Entanglement

Headquartered in a converted Victorian house, Milburn's small company seems an unlikely candidate to become entangled in an international feud with China, except for one thing: it was a market leader in the U.S. for software that lets parents and schools block objectionable web content, like pornography and violence.

China was looking for software to do the same thing on a national scale. In May 2009, Chinese officials ordered web- filtering software called Green Dam Youth Escort installed on every computer sold in the country. They touted the software's ability to protect young Internet users by filtering pornography. Critics in China, who identified more than 6,000 political keyword filters, branded it an extension of China's censorship regime.

When University of Michigan researchers examined the program in June 2009 to see how it worked, they discovered that thousands of lines of code directly matched Milburn's software, which has 1.1 million active users. Included, apparently by mistake, was a CYBERsitter upgrade announcement -- the "smoking gun" that the software had been pirated, according to Milburn.

Copied Code

An independent analysis later found that four of the five active filters were copied almost verbatim from CYBERsitter and that Green Dam could not operate correctly when those filters were disabled. It's possible the code was stolen in an earlier hack, but Milburn believes the thieves simply bought a copy and broke the encryption protecting the code.

In interviews with reporters, he said he was considering a lawsuit and vowed to pursue an injunction.

On June 24 -- 12 days after Milburn went public with his legal intentions -- the hackers made their first appearance. Working from her home office 150 miles south of Santa Barbara in Orange County, Jenna DiPasquale, 39, who is Milburn's daughter and Solid Oak's one-woman marketing department, received a carefully forged e-mail containing hidden spyware.

Poisoned E-Mails

It looked like a routine message from Milburn, so DiPasquale clicked on the attachment, realizing only later that the e-mail address was a couple of letters off. Solid Oak employees received more bogus e-mails over the next few days, setting off alarm bells.

Milburn contacted Matthew Thomlinson, a Microsoft Corp. (MSFT) threat expert for help. Thomlinson found the malware had downloaded software that burrowed into the company's Microsoft operating system, automatically uploading more tools the hackers could use to control the network remotely. The malware had been created on a Chinese-language computer, he concluded. As far as Milburn knew, though, his attackers could have been anyone from seasoned professionals to hacktivists tapping on a keyboard in a Beijing basement, he says.

The more urgent question was whether the attackers were behind the strange things that began happening in his network.

DiPasquale was at her desktop computer, helping the company's attorneys with research sometime in August, when she noticed the light on her webcam come on. A few days later, a message flashed on her laptop indicating that the camera on that machine had been activated as well. She made an alarmed call to Milburn. After learning that Chinese hackers had eavesdropped on the Dalai Lama and his staff using their own computers, he went through the office, covering every webcam and microphone with black electrical tape.

Strange Problems

Then the company's e-mail servers began shutting down, sometimes two or three times a week, slowing e-mail traffic, the main way the company provides customer service. Similar problems began plaguing the web servers -- a bigger problem since web sales of CYBERsitter supply more than half of Solid Oak's revenue. By September and October, website sales were off 55 percent from mid-year and Milburn was struggling to figure out how the hackers might be behind it.

"I panicked," says Milburn, who combines a beach comber's countenance with the nervous energy of a workaholic. "What the hell is happening to my income, where is the money going, why aren't we getting orders?"

'Very Scary'

"This slow realization came that, 'wait a second, they're coming after us now,'" says DiPasquale, who felt she could no longer trust her own
computer. "It was very scary."

Milburn had contacted the Federal Bureau of Investigation after the flurry of e-mail assaults, and an agent from the Seattle field office called and took details, including samples of the malware and, later, server logs, he says. But the agency shed almost no light on the situation, he says, and he was never told if the material was useful.

That doesn't mean the bureau was in the dark about Milburn's attackers. U.S. law enforcement and intelligence officials had amassed a long dossier on the group, which they had been tracking since 2002, according to leaked cables and two people familiar with government investigations into the group.

Laura Eimiller, an FBI spokeswoman in Los Angeles, said the bureau couldn't comment on its interactions with Solid Oak or any investigation.

Civil Action

Milburn forged ahead in court in an attempt to win damages for the alleged theft. He and his small team of lawyers had spent six months analysing the similarities in the two software programs. He filed suit in January 2010 against the Chinese government and two Chinese software companies that had developed Green Dam.

Milburn's suit also named seven big computer manufacturers, including Sony Corp. and Lenovo Group Ltd. (LNVGY), which the suit alleges had begun installing or distributing the software in the program's early phases.

As in the digital fight, not all of Milburn's legal adversaries were what they seemed. Zhengzhou Jinhui Computer System Engineering Co., one of the two Chinese companies that developed Green Dam, had ties to the People's Liberation Army University, a research center for China's military, according to a June 2009 U.S. Embassy diplomatic cable published by Wikileaks the following year.

No Information

No one from Zhengzhou Jinhui was available to address the CYBERsitter allegations, according to a person who answered the phone at the company.

A spokesman for China's foreign ministry said he had no information on the cyber assault against Solid Oak and declined to comment further. When Milburn's suit was filed, Chinese officials said the government "highly values and fully respects the intellectual property rights of software."

Six days after the suit was filed on Jan. 5, 2010, Milburn's Los Angeles-based law firm at the time, Gipson Hoffman & Pancione, was hit with a cyber intrusion using e-mails similar to those aimed at Solid Oak but with different malware, according to the law firm. Forensics analysis shows that attack probably emanated from China as well, says Stewart, the Dell (DELL) SecureWorks threat expert.

It had been clear to everyone that one motive for the attacks might be espionage related to possible legal action, Milburn says. If the hackers were able to steal documents or record conversations, they could preview strategies and negotiating positions, even identify legal weaknesses in the case.

No Chances

Milburn decided not to take chances with the lawsuit. Using techniques gleaned from talking to security experts, his small team developed their own ad hoc counter-espionage measures. Solid Oak and its lawyers exchanged legal documents using rotating webmail accounts or document-sharing sites like San Francisco-based Dropbox Inc., deleting the accounts after a single use.

Occasionally, Milburn drove to an empty house he and his wife owned in the hills around Santa Barbara. Sitting at the kitchen table, he'd make phone calls or exchange e-mails with his attorneys, alternating between four different cell phones from three different carriers.

The lawsuit seemed to trigger a more serious phase of the attack, Milburn says. Computer failures that had occurred a couple times a week now sometimes happened two or three times a day.

Failures Escalate

Milburn constantly had to reboot servers, occasionally in the middle of the night. During work hours, it became hard for DiPasquale to get Milburn on the phone because he always seemed preoccupied fixing something. Tempers at work flared more often.

"Everybody started to wonder what they were doing wrong on a personal level," DiPasquale says, adding that because Milburn couldn't trace the
source of the network problems, it became hard to sort out who was to blame or why. "Things got very tense."

One thing was clear: the technology that ran Milburn's company was no longer solely under his control.

In March 2010, a staccato of text message alarms woke him in the middle of the night, signalling that his servers were all shutting down. He hurriedly drove the four-mile winding road to the office to find that his commercial-grade SonicWALL firewall had failed, taking his entire network off line. He spent a good part of the next day on the phone with the manufacturer, who was stumped.

"Those things are like old carburetor engines, they never quit," Milburn says.

Through Cobwebs

After his e-mail servers crashed during an exchange with his attorneys, he crawled under the large house that serves as the company's headquarters in search of a device that someone might have physically planted. Pawing through cobwebs with a flashlight, he spent an hour opening utility boxes and eyeing the fiber-optic cable. He found nothing.

Milburn says he was riding "that fine line between ultra- caution and paranoia."

Born in Santa Monica, Milburn didn't graduate from high school, but he has a relentlessly autodidactic drive that is common in early tech entrepreneurs. He taught himself how to write code, and eventually mastered complex Internet software protocols.

Laura Milburn, 63, his wife of 21 years, calls him "brilliant" but also "incredibly stubborn." A few years earlier she watched him in a legal tussle with a neighbor who had built a deck four feet over what they thought was their property line. Milburn ended up spending more than $100,000 in a year-long fight just so they could split the difference, with each side getting two feet, she says.

No Clue

"He's not the kind of person who would back down to someone because they threaten him," Laura Milburn says. Even so, she adds, "I don't think he had a clue what he was getting into."

Both of those traits explain why Milburn didn't hire an expensive incident response team to hunt the hackers down in his network -- the kind larger corporations often use.

Milburn, after all, had built Solid Oak's network himself. "I thought they might be able to get around some IT guy, but there's no way they were going to get around me," he says.

Milburn learned everything he could about computer security. He read professional papers and called up experts he knew. He began writing his own software to monitor the connections his computers were making to outside networks, looking for tell-tale signs of the hackers at work.

Buried Folder

In April 2010, during a 6:30 a.m. check of his servers -- by then part of his daily routine -- Milburn stumbled on a folder buried in an obscure Microsoft directory, one that's normally unused. What he found inside startled him. The file contained the encrypted versions of all eight passwords in his system -- the keys to the entire network. The hackers could use the passwords to control just about anything he could, from web servers to e-mail.

The folder was gone two days later, he says, and in its place were several pieces of software he didn't recognize. Later, he found out they were custom-designed software the hackers use to perform tasks on corporate networks. He had found their tool kit.

Rather than panic, Milburn said he felt an adrenalin rush.

"It was like, 'okay, now I can figure out what they're doing.'" After months of detective work, Milburn was no longer chasing ghosts.

Two Battles

Even at the best of times, Solid Oak's headquarters is a warren of server rooms and cluttered offices that, Milburn says, could sometimes resemble the inside of a well-maintained garage. In the summer of 2010, it reflected the disarray of a company in crisis, littered with the results of Solid Oak's two on-going battles, one legal, one digital.

The firewall that blew out in March, a small box the size of an office telephone, still sat propped in a chair. Foot-high stacks of legal documents covered tables and spilled onto the floor. Two 60-foot data cables -- which Milburn could use in a pinch to circumvent his own compromised e-mail system via a commercial internet connection -- ran from one end of the office to the other.

Milburn's biggest concern was that the hackers seemed to be trying to hit the heart of his business. The lawsuit months earlier had brought a rush of publicity for CYBERsitter, and Milburn released a new version of the software. That combination would normally boost sales.

Sales Dive

While bulk sales and orders over the phone were up, 60 percent of Solid Oak's business depended on users buying the $39.95 program directly from the website. As the network problems continued, so did the fall in sales. Milburn wouldn't provide month-to-month sales figures, saying it could aid competitors, but he says the normally profitable company dipped into the red after a big drop in web sales the month the lawsuit was
filed. Net losses averaged $58,000 a month after that, even as Milburn slashed expenses, he says.

Tracing the drop, he could see that customers were coming to the website to buy the software like always. They'd type in credit card numbers and click submit, but most of the orders -- on some days 98 percent -- weren't going through, Milburn says. He replaced servers and tried other fixes. Nothing worked.

As his income dried up, Milburn kept the company afloat in part with insurance proceeds from the loss of two properties in the November 2008 Tea Fire in the hills of Santa Barbara that burned 210 homes over three days.

Foregoing Salaries

He went without pay, and DiPasquale agreed to forego her salary for a few months too. She and her husband, a professional chef, drew down their savings, but by the summer of 2010, the money was running out.

Some tough conversations played out at home, DiPasquale says. She argued that what was going on was wrong; quitting would mean the hackers had won.

Her husband wondered exactly what they had gotten into and where it would end. "He was saying, 'What are we up against? Is there going to be someone sitting outside the house?'" she says. Because she was working alone at home, he made sure the house alarm was on every day before leaving for work.

In his own battle, Milburn became more obsessed. He'd get up by 5 a.m., work until 7 p.m. grab something to eat, then sign on from home to check his servers again. Constantly missing meals, Milburn began subsisting on pre-packaged sandwiches from a convenience store close to the office.

Sabotage Evidence

"It would be ten o'clock at night and I'd get an idea, 'huh, let me just check this,'" Milburn says. "That would lead to another hour of frustration trying to figure something out."

Examining the script that controlled the payment processing function in November that year, he noticed that a single character was missing from the string -- an apostrophe. That was enough to cause the page to time out, rather than to complete the credit card transaction. Customers were leaving in frustration.

The apostrophe was sometimes there and sometimes not, so some payments went through. There may have been other ways that the hackers were sabotaging his sales, but Milburn was sure he had found at least one.

"A hacker could certainly edit the script and break it so it wouldn't work," says Stewart, the Dell SecureWorks threat expert. "That would be a great way to do it without calling attention to the fact that they were in the system."

No one ever told Milburn that he was facing, not amateurs but professionals who had ransacked secure U.S. government networks, until the results of Stewart's analysis last August.

Unique Tools

The tools Milburn found in his network were unique to the Comment group, according to Stewart. They included software designed to let the hackers send out stolen files and steal security credentials.

Without a more in-depth investigation, Stewart said it was difficult, if not impossible, to determine the hackers' goal as they rifled Milburn's network. Some of what Milburn experienced, including repeated and regular crashing of his servers, could have been an unintended side-effect as the hackers infested the network with backdoors and other malware.

Or it might have been deliberate. From a hacker's point of view, everything Milburn experienced is technically "pretty elementary," says Nicholas Percoco, who heads SpiderLabs, a Chicago-based security division of Trustwave Corp. Percoco and his team are paid by corporations to hack into their networks to test security -- what's known as penetration testing. "If I can do it, the Chinese certainly can do it," he says.

Reaching Settlement

At one point, Milburn was able to identify a server that the hackers appeared to be using as a staging point to attack other targets. He was never able to shut down their activities, though.

In August 2011, a California district judge rejected a move by some of the defendants to shift Solid Oak's lawsuit to China, and ruled that it could go ahead in a U.S. court. Negotiations for settlement moved forward in earnest.

Solid Oak reached agreement with defendants for an undisclosed sum last February, and the case was dismissed two months later. Milburn says he can't discuss the terms, including exactly which defendants participated. His attorney, Gregory Fayer, now at Fayer Gipson LLP, says the Chinese government, which had by then declared that the Green Dam program would be strictly voluntary, was not among them. In U.S. District Court in California, the presiding judge declared China in default in the lawsuit for failing to respond.

Hackers Depart

Within two months of the settlement, Milburn says, the unusual activity in the company's computer network had nearly stopped.

The wild ride of those three years did more than wreak havoc on Solid Oak's computers. It threw into question Milburn's retirement plans, he says. During the worst moments, he wondered if he would have to start over, get rid of the CYBERsitter domain name and try again under a new digital identity, just to be free of his adversaries.

Milburn now feels he can move on, even if he didn't prevail. Sales haven't fully recovered, but he says he now has a chance to rebuild his customer base.

"It turns out they were just better than me," says Milburn, whose doctor recently diagnosed him with a stress-related ailment.

"But it was the right thing to do," he says. "You don't do anybody a favor by not taking a stand on this kind of stuff."

With the company's finances now more stable, DiPasquale recently went out and bought a new computer. "I just wanted to tie the last one to an anvil and toss it in the sea," she says.

Even so, DiPasquale says, "I don't think I'll ever feel completely safe on my own computer again."



China Mafia-Style Hack Attack Drives California Firm to Brink - Bloomberg
 

desicanuk

Regular Member
Joined
Nov 7, 2011
Messages
527
Likes
686
China Mafia-Style Hack Attack Drives California Firm to Brink
Bloomberg


During his civil lawsuit against the People's Republic of China, Brian Milburn says he never once saw one of the country's lawyers. He read no court documents from China's attorneys because they filed none. The voluminous case record at the U.S. District courthouse in Santa Ana contains a single communication from China: a curt letter to the U.S. State Department, urging that the suit be dismissed.

That doesn't mean Milburn's adversary had no contact with him.

For three years, a group of hackers from China waged a relentless campaign of cyber harassment against Solid Oak Software Inc., Milburn's family-owned, eight-person firm in Santa Barbara, California. The attack began less than two weeks after Milburn publicly accused China of appropriating his company's parental filtering software, CYBERsitter, for a national Internet censoring project. And it ended shortly after he settled a $2.2 billion lawsuit against the Chinese government and a string of computer companies last April.

In between, the hackers assailed Solid Oak's computer systems, shutting down web and e-mail servers, spying on an employee with her webcam, and gaining access to sensitive files in a battle that caused company revenues to tumble and brought it within a hair's breadth of collapse.

One-Man Fight

As the public dispute unfolded in decorous courtrooms, Milburn's computer prowess was tested to its limits in what amounted to a digital home invasion by what he later learned was one of the most prolific hacking teams in China. He waged his own desperate one-man fight without weapons or help from authorities, swapping out servers, puzzling over middle-of-the- night malfunctions, and watching his sales all but evaporate -- his every keystroke monitored by spies who had turned his technology against him.

Milburn, 61, rarely took a day off during that time as he struggled around the clock to keep his computer network running and his firm afloat. He doubts he'll ever know exactly what was going on, but he has theories.

"It felt like they had a plan," says Milburn, sitting in his office two blocks from Santa Barbara's main drag, where he's now focused on rebuilding his business. "If they could just put the company out of business, the lawsuit goes away. They didn't need guys with guns or someone to break my kneecaps."

Clandestine Methods

The cyber attack against Solid Oak provides a rare look at the clandestine methods in play as high-tech spies and digital combatants seek to gain a brass-knuckle advantage in the global economy, from trade disputes to big-dollar deals to lawsuits. U.S. officials say that China in particular uses its national security apparatus for such intrusions, targeting thousands of U.S. and European corporations and blurring the traditional lines of espionage.

While his civil case was pending, Milburn didn't discuss the cyber intrusion publicly, saying only that the company and its Los Angeles-based law firm had received e-mails containing spyware. He had no idea who was behind it until last August, when he provided malware samples to a
security firm at the request of a Bloomberg reporter.

A forensic analysis of the malware by Joe Stewart, a threat expert at Atlanta-based Dell SecureWorks, identified the intruders who rifled Solid Oak's networks as a team of Shanghai- based hackers involved in a string of sensitive national security-related breaches going back years.

Many Victims

Commercial hacker hunters -- who refer to the team as the Comment group, for the hidden program code they use known as "comments" -- tie it to a multitude of victims that include the the president of the European Union Council, major defense contractors and even Barack Obama's 2008 presidential campaign. The group has been linked to the People's Liberation Army, China's military, according to leaked classified cables.

The Solid Oak attack is a micro tale of what some of the U.S. and Europe's largest corporations have experienced, says Representative Mike Rogers, a Republican from Michigan who chairs the House Intelligence Committee. The campaign to steal private files and intellectual property, even to the point of collapsing businesses, amounts to a criminal racket for commercial gain, says Rogers.

"I used to work organized crime in Chicago -- I don't know, but it sure seems like there are a lot of similarities," says Rogers, a former FBI agent.
Unlikely Entanglement

Headquartered in a converted Victorian house, Milburn's small company seems an unlikely candidate to become entangled in an international feud with China, except for one thing: it was a market leader in the U.S. for software that lets parents and schools block objectionable web content, like pornography and violence.

China was looking for software to do the same thing on a national scale. In May 2009, Chinese officials ordered web- filtering software called Green Dam Youth Escort installed on every computer sold in the country. They touted the software's ability to protect young Internet users by filtering pornography. Critics in China, who identified more than 6,000 political keyword filters, branded it an extension of China's censorship regime.

When University of Michigan researchers examined the program in June 2009 to see how it worked, they discovered that thousands of lines of code directly matched Milburn's software, which has 1.1 million active users. Included, apparently by mistake, was a CYBERsitter upgrade announcement -- the "smoking gun" that the software had been pirated, according to Milburn.

Copied Code

An independent analysis later found that four of the five active filters were copied almost verbatim from CYBERsitter and that Green Dam could not operate correctly when those filters were disabled. It's possible the code was stolen in an earlier hack, but Milburn believes the thieves simply bought a copy and broke the encryption protecting the code.

In interviews with reporters, he said he was considering a lawsuit and vowed to pursue an injunction.

On June 24 -- 12 days after Milburn went public with his legal intentions -- the hackers made their first appearance. Working from her home office 150 miles south of Santa Barbara in Orange County, Jenna DiPasquale, 39, who is Milburn's daughter and Solid Oak's one-woman marketing department, received a carefully forged e-mail containing hidden spyware.

Poisoned E-Mails

It looked like a routine message from Milburn, so DiPasquale clicked on the attachment, realizing only later that the e-mail address was a couple of letters off. Solid Oak employees received more bogus e-mails over the next few days, setting off alarm bells.

Milburn contacted Matthew Thomlinson, a Microsoft Corp. (MSFT) threat expert for help. Thomlinson found the malware had downloaded software that burrowed into the company's Microsoft operating system, automatically uploading more tools the hackers could use to control the network remotely. The malware had been created on a Chinese-language computer, he concluded. As far as Milburn knew, though, his attackers could have been anyone from seasoned professionals to hacktivists tapping on a keyboard in a Beijing basement, he says.

The more urgent question was whether the attackers were behind the strange things that began happening in his network.

DiPasquale was at her desktop computer, helping the company's attorneys with research sometime in August, when she noticed the light on her webcam come on. A few days later, a message flashed on her laptop indicating that the camera on that machine had been activated as well. She made an alarmed call to Milburn. After learning that Chinese hackers had eavesdropped on the Dalai Lama and his staff using their own computers, he went through the office, covering every webcam and microphone with black electrical tape.

Strange Problems

Then the company's e-mail servers began shutting down, sometimes two or three times a week, slowing e-mail traffic, the main way the company provides customer service. Similar problems began plaguing the web servers -- a bigger problem since web sales of CYBERsitter supply more than half of Solid Oak's revenue. By September and October, website sales were off 55 percent from mid-year and Milburn was struggling to figure out how the hackers might be behind it.

"I panicked," says Milburn, who combines a beach comber's countenance with the nervous energy of a workaholic. "What the hell is happening to my income, where is the money going, why aren't we getting orders?"

'Very Scary'

"This slow realization came that, 'wait a second, they're coming after us now,'" says DiPasquale, who felt she could no longer trust her own
computer. "It was very scary."

Milburn had contacted the Federal Bureau of Investigation after the flurry of e-mail assaults, and an agent from the Seattle field office called and took details, including samples of the malware and, later, server logs, he says. But the agency shed almost no light on the situation, he says, and he was never told if the material was useful.

That doesn't mean the bureau was in the dark about Milburn's attackers. U.S. law enforcement and intelligence officials had amassed a long dossier on the group, which they had been tracking since 2002, according to leaked cables and two people familiar with government investigations into the group.

Laura Eimiller, an FBI spokeswoman in Los Angeles, said the bureau couldn't comment on its interactions with Solid Oak or any investigation.

Civil Action

Milburn forged ahead in court in an attempt to win damages for the alleged theft. He and his small team of lawyers had spent six months analysing the similarities in the two software programs. He filed suit in January 2010 against the Chinese government and two Chinese software companies that had developed Green Dam.

Milburn's suit also named seven big computer manufacturers, including Sony Corp. and Lenovo Group Ltd. (LNVGY), which the suit alleges had begun installing or distributing the software in the program's early phases.

As in the digital fight, not all of Milburn's legal adversaries were what they seemed. Zhengzhou Jinhui Computer System Engineering Co., one of the two Chinese companies that developed Green Dam, had ties to the People's Liberation Army University, a research center for China's military, according to a June 2009 U.S. Embassy diplomatic cable published by Wikileaks the following year.

No Information

No one from Zhengzhou Jinhui was available to address the CYBERsitter allegations, according to a person who answered the phone at the company.

A spokesman for China's foreign ministry said he had no information on the cyber assault against Solid Oak and declined to comment further. When Milburn's suit was filed, Chinese officials said the government "highly values and fully respects the intellectual property rights of software."

Six days after the suit was filed on Jan. 5, 2010, Milburn's Los Angeles-based law firm at the time, Gipson Hoffman & Pancione, was hit with a cyber intrusion using e-mails similar to those aimed at Solid Oak but with different malware, according to the law firm. Forensics analysis shows that attack probably emanated from China as well, says Stewart, the Dell (DELL) SecureWorks threat expert.

It had been clear to everyone that one motive for the attacks might be espionage related to possible legal action, Milburn says. If the hackers were able to steal documents or record conversations, they could preview strategies and negotiating positions, even identify legal weaknesses in the case.

No Chances

Milburn decided not to take chances with the lawsuit. Using techniques gleaned from talking to security experts, his small team developed their own ad hoc counter-espionage measures. Solid Oak and its lawyers exchanged legal documents using rotating webmail accounts or document-sharing sites like San Francisco-based Dropbox Inc., deleting the accounts after a single use.

Occasionally, Milburn drove to an empty house he and his wife owned in the hills around Santa Barbara. Sitting at the kitchen table, he'd make phone calls or exchange e-mails with his attorneys, alternating between four different cell phones from three different carriers.

The lawsuit seemed to trigger a more serious phase of the attack, Milburn says. Computer failures that had occurred a couple times a week now sometimes happened two or three times a day.

Failures Escalate

Milburn constantly had to reboot servers, occasionally in the middle of the night. During work hours, it became hard for DiPasquale to get Milburn on the phone because he always seemed preoccupied fixing something. Tempers at work flared more often.

"Everybody started to wonder what they were doing wrong on a personal level," DiPasquale says, adding that because Milburn couldn't trace the
source of the network problems, it became hard to sort out who was to blame or why. "Things got very tense."

One thing was clear: the technology that ran Milburn's company was no longer solely under his control.

In March 2010, a staccato of text message alarms woke him in the middle of the night, signalling that his servers were all shutting down. He hurriedly drove the four-mile winding road to the office to find that his commercial-grade SonicWALL firewall had failed, taking his entire network off line. He spent a good part of the next day on the phone with the manufacturer, who was stumped.

"Those things are like old carburetor engines, they never quit," Milburn says.

Through Cobwebs

After his e-mail servers crashed during an exchange with his attorneys, he crawled under the large house that serves as the company's headquarters in search of a device that someone might have physically planted. Pawing through cobwebs with a flashlight, he spent an hour opening utility boxes and eyeing the fiber-optic cable. He found nothing.

Milburn says he was riding "that fine line between ultra- caution and paranoia."

Born in Santa Monica, Milburn didn't graduate from high school, but he has a relentlessly autodidactic drive that is common in early tech entrepreneurs. He taught himself how to write code, and eventually mastered complex Internet software protocols.

Laura Milburn, 63, his wife of 21 years, calls him "brilliant" but also "incredibly stubborn." A few years earlier she watched him in a legal tussle with a neighbor who had built a deck four feet over what they thought was their property line. Milburn ended up spending more than $100,000 in a year-long fight just so they could split the difference, with each side getting two feet, she says.

No Clue

"He's not the kind of person who would back down to someone because they threaten him," Laura Milburn says. Even so, she adds, "I don't think he had a clue what he was getting into."

Both of those traits explain why Milburn didn't hire an expensive incident response team to hunt the hackers down in his network -- the kind larger corporations often use.

Milburn, after all, had built Solid Oak's network himself. "I thought they might be able to get around some IT guy, but there's no way they were going to get around me," he says.

Milburn learned everything he could about computer security. He read professional papers and called up experts he knew. He began writing his own software to monitor the connections his computers were making to outside networks, looking for tell-tale signs of the hackers at work.

Buried Folder

In April 2010, during a 6:30 a.m. check of his servers -- by then part of his daily routine -- Milburn stumbled on a folder buried in an obscure Microsoft directory, one that's normally unused. What he found inside startled him. The file contained the encrypted versions of all eight passwords in his system -- the keys to the entire network. The hackers could use the passwords to control just about anything he could, from web servers to e-mail.

The folder was gone two days later, he says, and in its place were several pieces of software he didn't recognize. Later, he found out they were custom-designed software the hackers use to perform tasks on corporate networks. He had found their tool kit.

Rather than panic, Milburn said he felt an adrenalin rush.

"It was like, 'okay, now I can figure out what they're doing.'" After months of detective work, Milburn was no longer chasing ghosts.

Two Battles

Even at the best of times, Solid Oak's headquarters is a warren of server rooms and cluttered offices that, Milburn says, could sometimes resemble the inside of a well-maintained garage. In the summer of 2010, it reflected the disarray of a company in crisis, littered with the results of Solid Oak's two on-going battles, one legal, one digital.

The firewall that blew out in March, a small box the size of an office telephone, still sat propped in a chair. Foot-high stacks of legal documents covered tables and spilled onto the floor. Two 60-foot data cables -- which Milburn could use in a pinch to circumvent his own compromised e-mail system via a commercial internet connection -- ran from one end of the office to the other.

Milburn's biggest concern was that the hackers seemed to be trying to hit the heart of his business. The lawsuit months earlier had brought a rush of publicity for CYBERsitter, and Milburn released a new version of the software. That combination would normally boost sales.

Sales Dive

While bulk sales and orders over the phone were up, 60 percent of Solid Oak's business depended on users buying the $39.95 program directly from the website. As the network problems continued, so did the fall in sales. Milburn wouldn't provide month-to-month sales figures, saying it could aid competitors, but he says the normally profitable company dipped into the red after a big drop in web sales the month the lawsuit was
filed. Net losses averaged $58,000 a month after that, even as Milburn slashed expenses, he says.

Tracing the drop, he could see that customers were coming to the website to buy the software like always. They'd type in credit card numbers and click submit, but most of the orders -- on some days 98 percent -- weren't going through, Milburn says. He replaced servers and tried other fixes. Nothing worked.

As his income dried up, Milburn kept the company afloat in part with insurance proceeds from the loss of two properties in the November 2008 Tea Fire in the hills of Santa Barbara that burned 210 homes over three days.

Foregoing Salaries

He went without pay, and DiPasquale agreed to forego her salary for a few months too. She and her husband, a professional chef, drew down their savings, but by the summer of 2010, the money was running out.

Some tough conversations played out at home, DiPasquale says. She argued that what was going on was wrong; quitting would mean the hackers had won.

Her husband wondered exactly what they had gotten into and where it would end. "He was saying, 'What are we up against? Is there going to be someone sitting outside the house?'" she says. Because she was working alone at home, he made sure the house alarm was on every day before leaving for work.

In his own battle, Milburn became more obsessed. He'd get up by 5 a.m., work until 7 p.m. grab something to eat, then sign on from home to check his servers again. Constantly missing meals, Milburn began subsisting on pre-packaged sandwiches from a convenience store close to the office.

Sabotage Evidence

"It would be ten o'clock at night and I'd get an idea, 'huh, let me just check this,'" Milburn says. "That would lead to another hour of frustration trying to figure something out."

Examining the script that controlled the payment processing function in November that year, he noticed that a single character was missing from the string -- an apostrophe. That was enough to cause the page to time out, rather than to complete the credit card transaction. Customers were leaving in frustration.

The apostrophe was sometimes there and sometimes not, so some payments went through. There may have been other ways that the hackers were sabotaging his sales, but Milburn was sure he had found at least one.

"A hacker could certainly edit the script and break it so it wouldn't work," says Stewart, the Dell SecureWorks threat expert. "That would be a great way to do it without calling attention to the fact that they were in the system."

No one ever told Milburn that he was facing, not amateurs but professionals who had ransacked secure U.S. government networks, until the results of Stewart's analysis last August.

Unique Tools

The tools Milburn found in his network were unique to the Comment group, according to Stewart. They included software designed to let the hackers send out stolen files and steal security credentials.

Without a more in-depth investigation, Stewart said it was difficult, if not impossible, to determine the hackers' goal as they rifled Milburn's network. Some of what Milburn experienced, including repeated and regular crashing of his servers, could have been an unintended side-effect as the hackers infested the network with backdoors and other malware.

Or it might have been deliberate. From a hacker's point of view, everything Milburn experienced is technically "pretty elementary," says Nicholas Percoco, who heads SpiderLabs, a Chicago-based security division of Trustwave Corp. Percoco and his team are paid by corporations to hack into their networks to test security -- what's known as penetration testing. "If I can do it, the Chinese certainly can do it," he says.

Reaching Settlement

At one point, Milburn was able to identify a server that the hackers appeared to be using as a staging point to attack other targets. He was never able to shut down their activities, though.

In August 2011, a California district judge rejected a move by some of the defendants to shift Solid Oak's lawsuit to China, and ruled that it could go ahead in a U.S. court. Negotiations for settlement moved forward in earnest.

Solid Oak reached agreement with defendants for an undisclosed sum last February, and the case was dismissed two months later. Milburn says he can't discuss the terms, including exactly which defendants participated. His attorney, Gregory Fayer, now at Fayer Gipson LLP, says the Chinese government, which had by then declared that the Green Dam program would be strictly voluntary, was not among them. In U.S. District Court in California, the presiding judge declared China in default in the lawsuit for failing to respond.

Hackers Depart

Within two months of the settlement, Milburn says, the unusual activity in the company's computer network had nearly stopped.

The wild ride of those three years did more than wreak havoc on Solid Oak's computers. It threw into question Milburn's retirement plans, he says. During the worst moments, he wondered if he would have to start over, get rid of the CYBERsitter domain name and try again under a new digital identity, just to be free of his adversaries.

Milburn now feels he can move on, even if he didn't prevail. Sales haven't fully recovered, but he says he now has a chance to rebuild his customer base.

"It turns out they were just better than me," says Milburn, whose doctor recently diagnosed him with a stress-related ailment.

"But it was the right thing to do," he says. "You don't do anybody a favor by not taking a stand on this kind of stuff."

With the company's finances now more stable, DiPasquale recently went out and bought a new computer. "I just wanted to tie the last one to an anvil and toss it in the sea," she says.

Even so, DiPasquale says, "I don't think I'll ever feel completely safe on my own computer again."



China Mafia-Style Hack Attack Drives California Firm to Brink - Bloomberg
I have always maintained that although the Chinese are a descent lot ,the PRC it-self is the new Nazi power.Any casual observation and comparison with Hitler's Germany
should convince anyone of the obvious.Most comments from Chinese members to this site are extremely arrogant and jingoistic .The climate in PRC to-day is not conducive to peaceful co-existence with its neighbours.Nehru like Chamberlain was an appeaser.Then it was Czechoslovakia,now it is Tibet,East Turkmenistan etc.Unless India and others stand up to PRC I see trouble ahead.
 

rockdog

Senior Member
Joined
Dec 29, 2010
Messages
3,932
Likes
2,873
Country flag
Then it was Czechoslovakia,now it is Tibet,East Turkmenistan etc.Unless India and others stand up to PRC I see trouble ahead.
Lack of basic education: "East Turkmenistan" is what? It's called "Eastern Turkistan"...

OK, let's talk about the J&K issues between India and Pakistan, i strongly asking both nations need to retreat the armies from borders of Jamaica & Kashmir regions...
 

Ray

The Chairman
Professional
Joined
Apr 17, 2009
Messages
43,132
Likes
23,834
Well, the Chinese do have a weird way of ensuring that whatever they want, they will get, even if using means that are not quite above board.

But then, that is what the Chinese are.
 

Ray

The Chairman
Professional
Joined
Apr 17, 2009
Messages
43,132
Likes
23,834
East Turkestan (also Eastern Turkistan, Chinese Turkestan, and other variants) is a political term with multiple meanings depending on context and usage or so it is said.

It is also known as Sinkiang or Xinjiang Uyghur Autonomous Region.

The Chinese are very chary about use of any other name than Xinjiang Uyghur Autonomous Region since they feel it means support for the Uyghurs be it East Turkestan Islamic Movement (ETIM) or East Turkestan Liberation Organization.

Chinese diplomatic missions have objected to foreigners' use of "East Turkestan". They argue that the term is political and no longer geographical or historical, and that its use represents "a provocation" to the sovereignty of China. (Rahman, Anwar (2005). Sinicization Beyond the Great Wall: China's Xinjiang Uighur Autonomous Region. Troubador Publishing Ltd. pp. 20–26).

It maybe recalled in the Kashgar region on November 12, 1933, Uyghur separatists declared the short-lived.

In 2001, the government of China lifted its ban on state media's using the terms "Uyghurstan" or "East Turkestan", as part of a general opening up after the September 11 attacks to the world about political violence in Xinjiang and a plea for international help to suppress what they see as "East Turkestan terrorists".

It is interesting to note that Xinjiang (Chinese: 新疆; pinyin: Xīnjiāng; Postal map spelling: Sinkiang) is arrogant, because if the individual Chinese characters are to be taken literally and not as a proper name, then Xinjiang means "New Territory". The official translation for "Xinjiang" is "old territory returned to the motherland".

From various sources.
 
Last edited:

blank_quest

Senior Member
Joined
Aug 4, 2012
Messages
2,119
Likes
925
Country flag
OK, let's talk about the J&K issues between India and Pakistan, i strongly asking both nations need to retreat the armies from borders of Jamaica & Kashmir regions...
Lack of basic education: "Jamaica & Kashmir" is what? It's called "Jammu & Kashmir"
 

rockdog

Senior Member
Joined
Dec 29, 2010
Messages
3,932
Likes
2,873
Country flag
Bullying neighbors and now even individuals, so much for the so called 'peaceful rise of china'.
5 yrs ago, i watched a BBC India's TV (Or NDTV?) program, called "India, Brothers or Bully" (BBC NEWS | South Asia | India - regional bully or friend?).

Those guys on TV were excitingly discussing India dominate position over subcontinent, and debating on how to use this position to gain all its benefit to Pakistan, Bangal, Nepeal....

But those guys are never talked about India's biggest neighbor China in this program, like China never be a part of India's neighbor, i didn't know the reason at that time.

From this TV program, i can clearly see India's pride mindset over subcontinent, and its self inferior emotion to China, since India in fact lost both military and economic competition to China for past 50 yrs.
 

Ray

The Chairman
Professional
Joined
Apr 17, 2009
Messages
43,132
Likes
23,834
OK, let's talk about the J&K issues between India and Pakistan, i strongly asking both nations need to retreat the armies from borders of Jamaica & Kashmir regions...
You may talk to yourself if you wish since that would not be within the scope of this thread since it is titled - Another Chinese Bullying - This Time Against a Private Individual

As it is we have veered off to Turkmenistan, Tukestan and so on. At least here is can be argued that it is connected to China, the poster having conceded that it is a part of China.
 

jalsa

Regular Member
Joined
Nov 27, 2012
Messages
724
Likes
442
5 yrs ago, i watched a BBC India's TV (Or NDTV?) program, called "India, Brothers or Bully" (BBC NEWS | South Asia | India - regional bully or friend?).

Those guys on TV were excitingly discussing India dominate position over subcontinent, and debating on how to use this position to gain all its benefit to Pakistan, Bangal, Nepeal....

But those guys are never talked about India's biggest neighbor China in this program, like China never be a part of India's neighbor, i didn't know the reason at that time.

From this TV program, i can clearly see India's pride mindset over subcontinent, and its self inferior emotion to China, since India in fact lost both military and economic competition to China for past 50 yrs.
We never wanted to bully our neighbors nor do we have territorial claims on every country in the vicinity unlike china. Whats wrong with India assuming dominant position in the subcontinent? after all India is the biggest country in this neighborhood, it has nothing to with bullying or claiming the land of every country, thats what you chinese do.

Our economy may be lagging behind chinese but we are no way inferior to you, you never saw them talking about china then how can you see self inferior emotion?
 

Bangalorean

Ambassador
Joined
Nov 28, 2010
Messages
6,233
Likes
6,853
Country flag
We never wanted to bully our neighbors nor do we have territorial claims on every country in the vicinity unlike china. Whats wrong with India assuming dominant position in the subcontinent? after all India is the biggest country in this neighborhood, it has nothing to with bullying or claiming the land of every country, thats what you chinese do.

Our economy may be lagging behind chinese but we are no way inferior to you, you never saw them talking about china then how can you see self inferior emotion?
And our economy is behind them, just because we reformed our economy 13 years after they did. There are a lot of asinine Chinese who think that they are superior just because their economy is around a decade ahead, forgetting what a pile of turd their country was when that thug Mao was ruining the nation. Basically, India today is where China was at the turn of the millennium - we lost more than a decade because of the horrible NehruGandhi economic policies.
 

asianobserve

Tihar Jail
Banned
Joined
May 5, 2011
Messages
12,846
Likes
8,556
Country flag
Please confine the discussion to the issue. May I know from our Chinese members their reaction to this particular incident...
 

rockdog

Senior Member
Joined
Dec 29, 2010
Messages
3,932
Likes
2,873
Country flag
You may talk to yourself if you wish since that would not be within the scope of this thread since it is titled - Another Chinese Bullying - This Time Against a Private Individual
Do you think "desicanuk" 's talk is very stick to the topic?
 

Ray

The Chairman
Professional
Joined
Apr 17, 2009
Messages
43,132
Likes
23,834
OK we have got the views of issues other than the current title requirements.

Therefore, can we return to the subject of the title?
 

rockdog

Senior Member
Joined
Dec 29, 2010
Messages
3,932
Likes
2,873
Country flag
We never wanted to bully our neighbors nor do we have territorial claims on every country in the vicinity unlike china. Whats wrong with India assuming dominant position in the subcontinent?
Come on, let me give you a list:

1. India had war with Pakistan and Banga right?
2. India sent troop to Sri Lanka, and finally made your leader get bombed right?
3. India controlling Bhutan's and Nepal's diplomatic and defense affairs right?
4. Sikkim now is part of India right?

There are 7 nations/regions border with India, do you think you don't bully them?
If above behaviors are not bully, i don't know what to say ^_^


Plus, there are 15 nations sharing the border with China, and China had war & conflict with 3 of them for past 50 yrs: India, Russia, Vietnam:
The percentage is: 20%

So your comment:
We never wanted to bully our neighbors nor do we have territorial claims on every country in the vicinity unlike china
has no data support, sorry. You better to learn some basic geographic and history knowledge first.
 

Known_Unknown

Devil's Advocate
Senior Member
Joined
Apr 21, 2009
Messages
2,626
Likes
1,670
The whole of ASEAN and east Asia (except your retarded twin North Korea) is up in arms against China, and you presume you can teach lessons to India?

You Chinese don't control your own country and live like slaves under the jackboot of the CCP, what's the use of all that economic and military power when it is used against your own citizens?

The OP is a heart-rending story of one man being pursued relentlessly by a bunch of government sponsored thugs from a foreign country. If this is what the thugs do to an American in the US, I can only imagine the atrocities that common Chinese would have to face everyday.
 

Bangalorean

Ambassador
Joined
Nov 28, 2010
Messages
6,233
Likes
6,853
Country flag
^^ Only a Chinese will call the wars with Pakistan "bullying". Silly fellows.

The stupid little Pakis started all wars with India, and lost each time. And Chinese call it "bullying".

Actually, a country like Pakistan is nothing but a menace and international headache, the nation should cease to exist, for the amount of crap they have done in their existence.
 

jalsa

Regular Member
Joined
Nov 27, 2012
Messages
724
Likes
442
Come on, let me give you a list:

1. India had war with Pakistan and Banga right?
2. India sent troop to Sri Lanka, and finally made your leader get bombed right?
3. India controlling Bhutan's and Nepal's diplomatic and defense affairs right?
4. Sikkim now is part of India right?

There are 7 nations/regions border with India, do you think you don't bully them?
If above behaviors are not bully, i don't know what to say ^_^


Plus, there are 15 nations sharing the border with China, and China had war & conflict with 3 of them for past 50 yrs: India, Russia, Vietnam:
The percentage is: 20%

So your comment:

has no data support, sorry. You better to learn some basic geographic and history knowledge first.
1. India Pakistan are always started by Pakistan, we intervened in 1971 to stop mass killings by pakistani soldiers and the result.. Bangladesh was created and when did India stated war with Bangladesh?

2. It was a strategic blunder.

3. We don't control everything of Nepal and Bhutan, our treatment for them is so much better compared to how you treat the Tibetans.

4. Sikkim is now part India because they wanted to join India, unlike china we didn't annex them.

There are 15 nations bordering with china and you have disputes with almost all of them.

has no data support, sorry. You better to learn some basic geographic and history knowledge first.
Don't you claim territorial waters of other countries in South China Sea by showing some ancient maps?
 

rockdog

Senior Member
Joined
Dec 29, 2010
Messages
3,932
Likes
2,873
Country flag
OK we have got the views of issues other than the current title requirements.

Therefore, can we return to the subject of the title?
I agree, and i appreciate your effort! Let's back to the topic.

I am an IT guy and running a IT company in China, i would give my comment for some of those stories from the article.

The Green Damn project is a big scandal and joke in China at that time and till now.

The story was:
The company who made the "Green Damn" issues an 3 Million USD contract with China's IT Department, asking the IT Department to do a government purchase from this company, by the name of "Internet management", and the aim was: forcing all the newly bought computers to use it for fileting porno content sensitive political contents

But not only the civil, even the Education Department are opposing it, since it went too much, and the quality was too bad: some school's computers were even damaged by this software.

By the end, the investigation finally revealed that: it's a big Corruption scandal: the company was a newly found company and has not technical background, it just had a connection with some VIPs from China's IT Department, so they use government money to laundry it, and by the name of "Internet governance".

Of course, since this is not a commercial project, they fastest way is to find a piece of source code to copy, and make it looks like a software.

One year after, the project is cancelled by the social pressure, and no one talks about it anymore. Of course, the original inventor of this software can't find any one they would sue, since that company would even doesb't exist any more...
 
Last edited:

Latest Replies

Global Defence

New threads

Articles

Top