A brand-new investigation – we know you love it.
We’re back once more to tell a familiar tale: how an MSS-sponsored APT group – known for its hacking operations around the world – has been caught red-handed. This time, in Wuhan.
It should come as no surprise that Wuhan was already a place of interest to us before the city reached global fame in 2020. Wuhan is home to some of China’s most impressive cyber talent. We knew there was bound to be some shady things going on in the city – all we needed was a lead.
We got to thinking. We know that not all of China’s best hackers are self-trained – what if they learn together? This thought led us to the tip of our metaphorical iceberg: the Wuhan Kerui Cracking Academy.
Wuhan Kerui Cracking Academy
When we think of a typical hacker up to no good, a certain image comes to mind. A dingy, dimly-lit bedroom home to a young twenty-something who probably has more computers than friends. But the Wuhan Cracking Academy turns that all on its head, with seemingly big classrooms, stuffed with bright cyber talent.
Established in 2007, the Kerui Cracking Academy prides itself on providing its students the best information security training in the industry, including the ‘most professional reverse security course’ as part of its curriculum. So confident is the school of its teaching abilities that it tells prospective students not to worry about finding a job – in fact ‘almost 100% of students get a job within one month.’ Impressive!
The ‘Professor X’ of the Kerui Cracking Academy is none other than the international cyber superstar Qian Linsong. Aside from his role as founder of Wuhan Kerui Cracking Academy, Professor Qian Linsong acts as part-time teacher at the National Cyber Security College of Wuhan University, a tutor at the Huazhong University of Science and Technology and the Vice Chairman of Quanzhou Artificial Intelligence Society.
He is perhaps best known however for his book on C++ disassembly and reverse analysis. Here’s a picture of him in his superstar coat and glasses signing a book for one of his fans:
And for those looking to understand what led Qian to set up Wuhan’s own School for the Gifted, you are in luck. The ever so modest Qian has documented his life in a blog, complete with pictures at Disney World.
Following an increase in China-US hacking, a youthful Qian started downloading hacking software from websites to tinker with at home. In 2002, at the age of 23, Qian lands a job in the US analyzing products developed by an American company. It’s not long though – only 2 years – before Qian finds himself resigning and moving back to China, taking up a lecturer position at Tsinghua University.
Reading through his blog you get a sense of Qian the man. An intelligent, dedicated teacher who likes wine and archery as much as he enjoys working in cyber. But it’s not long before you begin to see Qian’s – and Kerui’s – links to the Chinese state…
Alongside the Kerui Cracking Academy, Qian runs a side-hustle as the owner of the Kerui Reverse Technology Company, also founded in 2007. The homepage makes clear that the company has provided ‘technical services for many projects of the Ministry of Public Security and the Ministry of State Security’. So, it is safe to assume that Qian is no stranger to working with Chinese intelligence services.
We couldn’t help but wonder whether Qian’s cooperation with the MSS runs a little deeper. Is Qian supplying the MSS with freshly trained hackers? Or even up-skilling hackers the MSS have found? Just to add to our suspicions, the Kerui Cracking Academy seems to have kept a close eye on the work destinations of its graduates – with some of them labelled as ‘Mystery Unit’ and ‘Keep Confidential’.
This got team I-T thinking: this site must be a goldmine for names of people hacking for Chinese intelligence services. We began investigating and struck gold. Kerui Cracking’s ‘Testimonials’ page.