
Meet Hidden Lynx: The most elite hacker crew you’ve never heard of - prajjwal
http://arstechnica.com/security/2013/09/meet-hidden-lynx-the-most-elite-hacker-crew-youve-never-heard-of/
======
chuangtzu
The precautions taken against thieves who open trunks, search bags, or ransack
tills, consist in securing with cords and fastening with bolts and locks. This
is what the world calls wit. But a strong thief comes and carries off the till
on his shoulders, with box and bag, and runs away with them. His only fear is
that the cords and locks should not be strong enough! Therefore, does not what
the world used to call wit simply amount to saving up for the strong thief?
And I venture to state that nothing of that which the world calls wit is
otherwise than saving up for strong thieves; and nothing of that which the
world calls sage wisdom is other than hoarding up for strong thieves.

~~~
supergirl
wat?

~~~
nazgulnarsil
This is actually quite interesting though worded a bit strangely/abstractly.
He's saying that the strong thief prefers a world in which low level thievery
is guarded against because it makes targets fatten themselves up believing
themselves to be safe.

~~~
chuangtzu
Would the thief then prefer a world full of greater doubts?

------
D9u
[http://mayoneez.1g.fi/hiddenlynx/](http://mayoneez.1g.fi/hiddenlynx/)

    
    
      HiddenLynx is a relaxing chinese chess (Xiangqi) game designed to be played every now and then.

------
pearjuice
No matter how obscure and Hollywood-like this "gang" sounds, I am long glad
the reporting about anything with the term "hacking" stopped including
seemlingly obligatory references to Anonymous; the obscure Hollywood-like
hacking gang having ties with everything involving hacking and security
breaches. In a previous situation, surely Hidden Lynx had ties with Anonymous!

Good to see we are done with that fad, at least.

------
ChuckMcM
Welcome to the 21st century I guess. Interesting note on the Bit9 hack though.
I always figured that to be a nation state not a contractor.

~~~
state
Are we sure this isn't partially state-sponsored?

~~~
samspenc
I would totally think these guys are state-sponsored.

This: "Members wield advanced, zero-day attacks that exploit security
vulnerabilities in Oracle's Java, Microsoft's Internet Explorer, and other
widely used software frameworks or applications. The report said their tactics
and exploits are far more advanced than those of the Comment Crew, a China-
affiliated hacking crew that researchers from security firm Mandiant said has
siphoned terabytes of sensitive data from 141 organizations over the past
seven years."

And this: "Team Moudoor, named for the trojan they use, takes a large-scale
approach that broadly penetrates organizations in the financial industry,
local and federal government organizations, and organizations related to
healthcare, education, and law. Team Naid, by contrast, is more of a special
operations squad that keeps a low profile so it can save its resources for the
highest-profile targets in the defense industrial base."

In short, these guys are highly, highly skilled and specialized ... and a
specific attack target and vector.

This is not a bunch of script kiddies looking for fame and glory.

~~~
state
My thoughts exactly.

~~~
RickHull
I suppose you would know.

------
INTPenis
If they're as smart as they are "elite" then this hacker group no longer
exists.

~~~
diminoten
Why not?

They're in China. As long as they're doing work for the Chinese government, as
this article suggests, they're in zero danger.

~~~
gtr32x
I think what the parent meant was such an organization must have re-organized
or manifested into a separate identity(s) than which they were reported as to
divert attention.

At least that was my interpretation.

------
wheaties
I am at once in awe and jealous of the kinds of things these people must
know/be able to do. It's too bad that this kind of skill and knowledge could
not be used in a more legitimate manner with such a high profit potential to
the individual.

~~~
aspensmonster
Who says it isn't being used in a legitimate manner for high profit potential?
It seems you can offer up subscriptions to zero days for millions in annual
fees and never have to worry about prosecution. Just so long as you aren't the
one doing the _actual hacking_ (your clients in the government will take care
of that).

------
NKCSS
Doh! "In July 2012, more than six months earlier, a malicious third-party
gained access to their network using an SQL injection attack."

Why is this kind of attack even possible against a so called 'security' firm.

