Tall stories from Chinese hackers

There’s an interesting interview with the leader of a Chinese hacker group on CNN. Xiao Chen makes a number of claims: that his group is paid by the Chinese government, that they have successfully hacked the Pentagon, and that even the highest security websites have weaknesses that can be exploited.

I’m not going to outright dismiss Chen’s claims as being typical hacker arrogance because firstly, I wouldn’t be at all surprised if the Chinese government were paying hackers (in the same way that the American government is probably also doing so). What would surprise me would be hearing one of those hackers talking about it. And as he is so forthcoming in talking to CNN then why wont he “specify what was gleaned” when talking about the alleged Pentagon website hack?

The last point about high security websites all having weaknesses is something I’ve long stated as being an inevitable fact associated with the increasingly complex products that we are putting online. This isn’t just related to the number of lines of code either. The middleware, and third party components that we’re plugging in are just as likely to contain exploitable issues as the code that we’re writing ourselves. I don’t need some self-acclaimed hacker to tell me that as I frequently see the evidence for myself.

Anyone can call themselves a hacker – these days all you need is a few point and click scanning tools and a copy of Metasploit. So, I’m not going to give any credit to Xiao Chen or his group. I’m also not going to give any credit to CNN for wasting their time talking to him.

You can read the full article here: http://edition.cnn.com/2008/TECH/03/07/china.hackers/index.html?eref=rss_latest