PRC Scraping Cryptome

Via: Cryptome

This is not about another mythical, horrid Chinese cyber WMD aggression.

Since October 2012 Cryptome has been scraped daily by the IP address, which geolocates to coordinates 39.9075, 116.39723 in central Beijing, China, near the Forbidden City and across the street from the Ministry of Public Security which is geolocated at coordinates 39.903904, 116.399143. As Mandiant alleges the geolocations are close enough to implicate the PRC spooks, or some hacker genius or non-PRC spy pretending to be PRC spooks via IP spoofing.

Log file samples: – – [21/Feb/2013:00:00:07 -0500] “GET /0006/nrc123011.htm HTTP/1.0” 200 186076 “” “Wget/1.12 (linux-gnu)” – – [18/Sep/2012:00:00:00 -0400] “HEAD /2012-info/free-syria/pict116.jpg HTTP/1.0” 200 – “” “Wget/1.12 (linux-gnu)”

The scraper runs overnight during the US Eastern Time Zone for about six to eight hours, cycling through the
entire files on the site, averaging 18 hits per second, checking for new files and downloading them as well as repeated downloads of hundreds of random files with no discernible pattern.

Read more: here

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s