C15: 'Huy Remy' is the culprit of Chodientu.com attack!

Representatives of the High Technology Crime Prevention Unit of the C15 Ministry of Public Security said: All evidence clearly demonstrates that Nguyen Quang Huy is the culprit of Chodientu.com attack.

At the workshop on November 9 on violations and e-commerce (E-commerce) by the Department of E-Commerce - Ministry of Trade in coordination with the high-tech crime agencies. , the press has paid special attention to the presentation of the High-tech Crime Prevention Representative, C15 Ministry of Public Security, on a prominent case in the field of network security over time - Chodientu.com website - E-commerce site of Hoa Binh software company was attacked by hackers.

VietNamNet had a quick exchange with Mr. Tran Van Hoa - Head of C15 high-tech crime prevention department on many issues that readers are interested in:

"Nguyen Quang Huy, Huy" Remy "is it true that the perpetrator of Chodientu.com attacks - sir?"

"One hundred percent!"

"But Huy still doesn't acknowledge this behavior?"

"We ( Including C15 and representatives of the Ministry of Posts and Telematics, Ministry of Post and Telematics Inspectorate, Ministry of Culture and Information Inspectorate), including many IT and Legal experts, have concluded that the collected evidence has been completely indicated. Huy is the culprit attacking Chodientu.com domain. "

"Is it like a person who has stepped onto the scaffold still won't acknowledge the crime?"

"That's right! The problem is that he proved guilty."

During the seminar, Mr. Hoa had a presentation on the legal framework for violations and e-commerce crimes, then representatives of High-tech Crime Prevention presented the whole process. Peacesoft's attack on Chodientu.com domain name, as well as providing evidence that they believe it is possible to prove that Huy Remy is the culprit.

Traces of the investigating agency (CQĐT) given by the high-tech crime prevention representative of C15, on the issue of chodientu.com, include:

Firstly, the fact that Huy occupies acount BINHNH on register.com to control domain names, change contact mail: anaconda@anacondasoft.com, quangcao_online_01@yahoo.com, hn_4011@yahoo.com, vbot2006@yahoo.com and Assigned user to email vbot2006 athingcn@yahoo.com (Yahoo Mail mailbox and also Huy remy's nick chat YM) to also have control over the domain names.

Secondly, C15 gave traces to penetrate Hoa Binh PM's server at VNGT service provider via MSSQL user, IP address to access this remote server in the morning of September 23, 2006 was 58,187. 122.76, 58.187.122.204 with the computer name accessed is TEEN_CORP2;Apache log records: In 5 hours 50 minutes on September 23, 2006, the computer with IP address 58.187.122.204 downloaded the backup file of chodientu.com, the file name is "data_backup_all_1809.rar".

The intruder also added a new user to this server and installed 5 backdoor files: a.php, conf_global.php, chabietdaura.php, ver1.php, vicky.asp to this server at peacesoft.net/data/ .

The trace collected by the investigating agency on PM Hoa Binh's server located at VNGT is from Security Log, Apache Log File a.php and "conf_global.php" File.

Third, CQĐT gives traces of appropriating PEACESOFT account on EveryDNS.com of Hoa Binh PM Company.The object used the server located at the VNGT service provider to access EveryDNS - change, pointing all domain names of PM Hoa Binh Company to address 69.37.63.80.Change the contact mail of this account to anaconda@anacondasoft.com, bao_moi_bao_moi_day@yahoo.com.The following traces were found by the CQĐT on the server of Hoa Binh PM Company located in VNGT.

From these traces, the investigating agency simultaneously provided the bases: First, FPT company confirmed the IP address of the investigating agency found in Security Log on the server of PM Hoa Binh Company coinciding with the location. IP was issued to ADSL subscribers of Nguyen Quang Huy at the time the attack was performed.

Secondly, three computers used by Nguyen Quang Huy are called TEEN_CORP1, TEEN_CORP2, TEEN_CORP3.In which TEEN_CORP2 coincides with the computer name that the object used to infiltrate Hoa Binh PM's server.

After that, C15 also launched dozens of screenshots that the investigation agency collected on two computer hard drives by Nguyen Quang Huy.Show that Huy owns the email addresses for chodientu.com domain name control, backdoor files, and strange users established on Hoa Binh's server . etc.

In the following section, C15 gives information showing the unhealthy content of the gmetal.net website.And prove that the owner of this website is Nguyen Quang Huy with the information: Ngy Quang Quang registered gmetal.net on January 9, 2006 with the email address huyremy@gmail.com.On 24/6/2006 changed the mail contacting huy huy@teen.net.vn and on 7/10/2006 changed the contact email to vbot2006@yahoo.com.

C15 representative stated that, given the C15 bases, it can be affirmed that Huy was the subject of Chodientu.com domain name attack, as well as being responsible for the propagation of hilltop culture. of gmetal.net website.

According to a representative of the investigating agency for VietNamNet , "We will forward the records of civil offenses that Huy signed to receive (spread the virus, attack the backdoor server, set up the website without asking for permission). allow, use copyright infringement software - NV) to sanction the Ministry of Post and Telematics Inspectorate and the Ministry of Culture and Information Inspectorate, the total penalties may be up to 50 million, according to the framework of 10 to 20 million VND each. breaking the law ".

"In the short term, the authorities will mobilize litigants to acknowledge the act of attacking domain name chodientu.com, based on criminal details and consequences to consider administrative sanctions. In spite of the evidence, refusing to acknowledge, we will coordinate with the Procuracy to evaluate the evidence to file a lawsuit for criminal prosecution according to the law. "