Bo Chou – a veteran of the Chinese People's Liberation Army (PLA), has followed a Russian hacker, stealing business data of people visiting Shanghai hotels and reselling for profit. Bo's revelations are told in a new book by cyber security journalist Kate Fazzini from CNBC entitled "Kingdom of Lies" (Kingdom of lies). Quote:
Bo Chou – living somewhere in China, used to be a hacker serving the PLA. He described the past life as boring and tasteless. He refused to talk about work because he was forced to remain silent but wanted to talk about the Russians. He personally likes Russians because of the glamor. After serving in the army, Bo found inspiration from Russian hackers and the story began:
Get ideas from Russian hackers:
At that time around 2012, Bo watched how to exploit the security hole of a very famous Russian carder named Valery Romanov. Carder is a hacker who specializes in stealing credit card codes from retail chain security holes and reselling this information on dark web or using it to buy things that can be converted into cash like phones. , gift cards or even tires.
Carder is flashy and they are not afraid to show off their achievements on social networks. They often post photos of selfie next to a pile of money or next to their favorite car. Valery Romanov also often poses next to a cash register, hand signals a gang. He also posted photos of Tupac Shakur's lyrics (2Pac) – the famous American rapper in the early 90s, shot dead when he was 25 years old. BO feels envious of Valery.
Valery is a funny and extremely capitalist person with a great personality that makes every Chinese hacker idol. Bo didn't want to imitate Valery, he just wanted to see what Valery did and became interested in rap music because Romanov. And then the Romanov disappeared, he was captured by the FBI while he was on an island.
Bo lived on the outskirts of Shanghai and was working as a doorkeeper for a hotel. He remembers the past as a hacker, remembering his dark web friends. Hotel work is very interesting, he welcomes people from many parts of the world to attend all this conference to another conference. Conferences could be about housing, medical equipment, household appliances, computers, finance, non-profit projects, non-governmental organizations. And so he decided to hit a big batch.
Perfect object, perfect data:
Bo loves data and is very good at data. He likes to combine data, making it meaningful. The guests who come to the hotel are perfect subjects with perfect data.
He uses a common, readily available malware to help him gather a lot and quickly get information about a company. He spread malware through storage USB devices scattered around convention centers, making people pick it up, plug into computers – computers filled with spreadsheets and customer lists. He didn't do this at the hotel he was working on because it was so close to home, as a personal rule.
To implement the plan, Bo found a supplier of cheap, good-quality USB storage devices, and he bought thousands of them for only $ 100. He then went to a place that specialized in selling small decorations, mass-produced and bought a few beautiful, formal metal bowls.
Bo proceeded to load the malware into USB and create a "professional" appearance for these USB devices by attaching decorations that look like donor gifts for the conference and putting these USB sticks into the needle bowl. type and a small board with the words: "Free USB, welcome!" He left the USB-filled bowls at the conference center's hotel or dining hall, even a press room for journalists and media agencies to take breaks and meet.
In the early days of implementing the plan, conference participants picked up the USB and used them regularly, the intensity of use diminished after the conference ended. Many people know that free things can hide risks, but Bo doesn't mind much. He just needs people to pick up and use this malicious USB device.
Plugging the USB into the computer, the malware is immediately spread and Bo will get more and more spreadsheets – the Excel documents contain lots of data and he also only designed for malware to get this kind of data. Malware can be detected if the IT department of the corporation conducts regular scans when these greedy guests return to New York, San Francisco, London or Brisbane but all are too late.
Bo will have everything he needs to include all his email, personal information from the victim's directory. He especially liked the business plan tables, the budget spending table, the idea of merging …
Big data, small market:
What does Bo do with this valuable information? He owns a legitimate account on a US freelancer website and he sells business information to other companies. Many companies like Bo's data width and depth without knowing where this data comes from.
The freelancer platform is very simple, the basic price for each "gig" (probably each contract for sale and purchase of data) is 5 USD and anyone can use it to do business. Bo chose a simple interface for her personal page, listed her position as Japan and used a special software as well as a virtual private network (VPN) to conceal the real situation in front of people as well as Chinese government. The outsider looked at only to see that Bo's computer was located in an apartment complex in Tokyo.
From here, he provides "selective" lists made up of "publicly available information" of large corporations in many industries doing business in Shanghai, from construction materials, finance to risk advice organizations or even money laundering.
Starting at a price of only US $ 5 for a basic declaration, Bo soon picked up money thanks to quality data. He was also very good at selecting data, those who bought Bo's data also introduced him to other partners in their industry. His name became famous for those who wanted to search for a detailed list of potential customers. Bo became a master of PowerPoint when he made data more intuitive, easier to understand for non-tech customers.
The freelancer platform allows him to receive money in many ways, from currencies such as USD, EUR to pre-coding – all of which are much more valuable than the yuan. This job made him earn money quickly, so lucrative that he felt unable to give up. But he always lived in a state of anxiety, he was afraid that one day, he would disappear like the one he considered a hero – Valery Romanov.