A Step-By-Step Guide To How Chinese Hackers Steal American Secrets

chinese hacker

Photo: AP

Dota is an anonymous member of a military-backed group of Chinese hackers notorious for stealing data from American companies.According to Forbes, this group has likely broken into computer systems owned by Coca Cola, security tech firm RSA, and energy company Schneider Electric.

But now we learn from The Next Web that security firm Mandiant was able to screen-capture Dota in action. It’s pretty compelling evidence, showing the hacker registering a new email address (he even provides his phone number for the SMS verification), breaking into victim computers, and stealing their data.

We're looking at the screen of a hacker named Dota. To start, he creates a new Gmail address and lists his country as the US.

But he receives his SMS verification on a phone he indicates as being in China.

Inside one of his email accounts, we see that Dota has used it to create numerous other addresses. There are also bounced messages that indicate this address was used in phishing attempts.

Dota is now using a Ghost Rat server, a piece of malware that can be used to remotely access computers and steal their data. He's testing it on his own computer first to make sure it works.

Now he's inside of a WEBC-2 command and control server. This is software similar to Ghost Rat except that you interact with it via a command line.

A tool called HTRAN is one more way for a hacker to communicate with malware-infected computers.

Using stolen login credentials, the hacker is inside of a Microsoft Exchange email server. The numbers on the left refer to specific emails and the numbers on the right indicate the size of each email.

Inside one of his own servers, the hacker transfers some software tools to a victim's computer via FTP.

With stolen files acquired, the hacker transfers them all back to his own computer.

Here's the full video that Mandiant put out

Not even your phone is necessarily safe from hacking.

Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.