Wicked Rose

Wicked Rose is the pseudonym of a Chinese hacker responsible for developing the GinWui rootkit used in internet attacks during the summer of 2006. It has been suggested that he works for the Chinese Army.

Beginnings
Tan Dailin was a graduate student at a Sichuan University when he was noticed (for attacking a Japanese site) by the People’s Liberation Army (PLA) in the summer of 2005. He was invited to participate in a PLA-sponsored hacking contest and won. He subsequently participated in a one-month, 16-hour-per-day training program where he and the other students simulated various cyber invasion methods, built dozens of hacking exploits, and developed various hacking tactics and strategies. He was chosen for the Sichuan regional team to compete against teams from Yunnan, Guizhou, Tibet, and Chongqing Military District. His team again ranked number one and he won a cash prize of 20,000 RMB.

Network Crack Program Hacker Group
Then, under the pseudonym Wicked Rose, he formed the Network Crack Program Hacker Group (NCPH Group) and recruited other talented hackers from his school. He found a funding source (an unknown benefactor) and started attacking US sites. After an initial round of successful attacks, his funding was tripled. All through 2006, NCPH built sophisticated rootkits and launched a barrage of attacks against multiple US government agencies. By the end of July, 2006, NCPH had created some 35 different attack variants for one MS Office vulnerability. During the testing phase, NCPH used Word document vulnerabilities. They switched to Excel and later to PowerPoint vulnerabilities. The result of all of this activity is that the NCPH group siphoned thousands, if not millions, of unclassified US government documents back to China.