Trend Micro says Luckycat hack attack originated from China
Trend Micro Trend Micro

A Chinese graduate was said to be involved in attacks that were linked to Japan, India and Tibet. Trend Micro released the research paper, which unveiled details on the hacker.

Antivirus provider Trend Micro said that a hacker in China was linked to computer breaches, according to a research paper they released. The attacks targeted Japan, India and Tibet.

Among the hacker's nicknames are dang0102 and scukhr. The hacker is a former graduate student who is said to work for the Internet portal company Tencent. There was also a report that, while not identifying the hacker by name, claimed that he or she wrote articles on computer hacking and defense. The information was found through an e-mail address and an instant messaging service in China, called QQ.

The LuckyCat campaign attacked a diverse set of targets using a variety of malware, some of which have been linked to other cyber-espionage campaigns, reported Trend Micro in its research paper. The LuckyCat campaign began in June 2011, involving at least 90 attacks across 233 computers.

The same hacker also published a post on a student BBS of the Sichuan University using the nickname, suckhr, in 2005 ... He wanted to recruit 2-4 students to a network attack and defense research project at the Information Security Institute of the Sichuan University Institute then, the report added.

The New York Times revealed the name of the former student.

The New York Times identified the owner of the alias as Gu Kaiyuan, based on online records of his writing. Mr. Gu is now an employee at Tencent, which offers social networking, instant messaging, online gambling and other online features, the newspaper revealed.

Gu has denied any involvement. The QQ number associated with the hacker-controlled server belongs to my classmate, not me. I have not participated in any hacking, he said.

A researcher who was involved in the investigation at Trend Micro, in an interview on Friday, said that the online aliases were being used by multiple people.

That's what it seemed like to me based on the posts I saw online. We saw two aliases, 'dang0102' and 'scuhrk,' make separate posts that contained the same QQ number that was used to register a command and control server, Nart Villeneuve of Trend Micro said. He didn't rule out more than one hacker being involved.

Chinese officials did not respond to request for comments.

(reported by Jonathan Charles, edited by Surojit Chatterjee)

The New York Times China New York The New York Times