back to article Chinese popped-box VPN crims screamed hacker booty in cleartext

China-based virtual private network provider Terracotta, a favourite of some of the most capable hacking groups, is pumping their stolen user credentials in cleartext. The forehead-slapping gaffe was revealed by RSA fraud prober Kent Backman, while outlining more details about the Terracotta VPN organisation first described in …

  1. DaLo

    Is there a an encrypted message in this story?

    Am I the only one who found this article very difficult to read and completely comprehend what it was trying to say? I had to re-read parts of it a few times to work it out.

    For instance, the paragraph "Backman and fellow RSA bods Alex Cox, Steven Sipes, and Ahmed Sonbol revealed in the August paper Terracotta VPN: Enabler of Advanced Threat Anonymity [pdf] groups including Deep Panda use Terracotta, directly their criminal activity through hacked Fortune 500 companies and other businesses." doesn't scan well, does it?

    1. Anonymous Coward
      Anonymous Coward

      Re: Is there a an encrypted message in this story?

      Presumably someone who hasn't learned to proof-read the output of their voice recognition software.

      Or maybe the sub-ed is on holiday...

    2. Grikath

      Re: Is there a an encrypted message in this story?

      Dunno, but that one might have come straight out of a manual in Singrese.

    3. Pascal Monett Silver badge


      Then you have this gem :

      Most of the 1500-odd nodes are in China, with about 600 in the US

      So, is it 1500 nodes in total, with 600 in the US (meaning 900 in China), or is it 1500 in China and 600 others in the US ?

  2. Your alien overlord - fear me

    So, Terracotta. Good guy or bad guy? Ok, naughty boys might use them but are they also helping Middle Kingdomers get on the real, uncensored internet as well?

    1. Twilight Turtle

      ...Good guy or bad guy?

      It's basically an anonymity network built pretty much solely on compromised Windows infrastructure owned by unaware third parties. Even if there are non-malicious users of it, the thing is in principle nefarious.

  3. Anonymous Coward
    Anonymous Coward

    Likely all bad

    Used by APT outbound and they are allowing other user traffic mostly to mask real function of the network. Likely those other users are well monitored...

  4. TheRealRoland

    n00b here - what are "popped boxes" ?

    Or is this in the category "if you have to ask..." ?

    1. Grikath

      popped box = compromised system

  5. Anonymous Coward
    Anonymous Coward

    These aren't the terracotta warriors you are looking for...

    Ah, the joys of photo tags. The photo of terracotta warriors isn't exactly what you (and the Register Photo Editor) probably assumed it was. This is actually a photo of the showroom display at one of the companies in China that markets replica terracotta warriors, not the actual archaeological marvels located a few kilometres away, outside Xi'an. In the context of the story, one might call them 'proxies', perhaps?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like