Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Government Security The Internet Technology

Evidence Weakens That China Did the Recent Cyberattacks 197

Posted by kdawson
from the reasonable-doubt-abounds dept.
click2005 notes an article in The Register calling into question the one piece of hard evidence that has been put forward to pin the Google cyberattacks on China. It was claimed that a CRC algorithm found in the Aurora attack code was particular to Chinese-language developers. Now evidence emerges that this algorithm has been widely known for years and used in English-language books and websites. Wired has a post introducing the Pentagon's recently initiated effort to identify the "digital DNA" of hackers and/or their tools; this program is part of a wide-ranging effort by the US government to find useful means of deterring cyberattacks. This latter NY Times article notes that Google may have found the best deterrence so far — the threat to withdraw its services from the Chinese market.
This discussion has been archived. No new comments can be posted.

Evidence Weakens That China Did the Recent Cyberattacks

Comments Filter:
  • Don't Be Foolish (Score:5, Insightful)

    by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Tuesday January 26, 2010 @01:58PM (#30908112) Journal
    Let's check out the official Google word from the official legal chief officer of Google [blogspot.com]:

    Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.

    Emphasis mine. Nowhere is he talking about a CRC algorithm or even fingerprinting the attack to a particular country. Instead, the obvious question is simply this: Who else would hack one of the most successful companies in the world only to read the e-mails of Human Rights Activists in China? What possible gain could anyone else have from this information?

    I'm not saying hard evidence has been provided one way or the other (I'm not even sure it could be proven one way or the other unless someone claims ownership) but the only evidence the accuser offered up was this. Not that the "algorithm was only known to Chinese" nor anything as simpleton.

    • by TheKidWho (705796) on Tuesday January 26, 2010 @02:04PM (#30908224)

      Someone who is trying to discredit China?

      • by DeltaQH (717204) on Tuesday January 26, 2010 @02:15PM (#30908420)
        Someone trying to say that someone is trying to discredit China?
        • Re: (Score:3, Insightful)

          by jc42 (318812)

          Who else would hack one of the most successful companies in the world only to read the e-mails of Human Rights Activists in China? What possible gain could anyone else have from this information? ...
          Someone who is trying to discredit China? ...
          Someone trying to say that someone is trying to discredit China?

          All of the above?

          Politics does have a tendency to produce gang-bangs.

          • by lewp (95638) on Tuesday January 26, 2010 @02:36PM (#30908668) Journal

            Politics does have a tendency to produce gang-bangs.

            Go to school for Computer Science, they said... Get a good job, they said...

            • Re: (Score:3, Funny)

              by LifesABeach (234436)
              "...accessing the Gmail accounts of Chinese human rights activists..."

              To my knowledge, there are only two groups of people that follow Chinese human rights activists; The Chinese,(for tank tread inspections), and the Activist's Moms. I didn't know that Mom's had such a in depth awareness of Cyber Attacking. Go figure.
          • by rajafarian (49150)

            Who else would hack one of the most successful companies in the world...?

            I suppose the US government wouldn't need to hack, it would just ask for the information from third parties or would recruit the help of the telecoms, right?

          • by Foofoobar (318279)
            Someone who is trying to discredit China?
            China does a good job of discrediting itself. Deny and 'don't answer the question' Someone trying to say that someone is trying to discredit China?
            Well that would be you then. Are you admitting something?
        • by sakdoctor (1087155) on Tuesday January 26, 2010 @02:22PM (#30908526) Homepage

          You just can't see past the end of your nose, to the possibility that it was someone trying to discredit someone who tried to say that someone is trying to discredit China.

        • by Dr. Evil (3501)

          I have it on authority that it was the same group in the U.S. who planned the Sept 11 attacks!

          ... or I just made that up.

        • by Trelane (16124)
          INCONCEIVABLE!! ;)
      • Re: (Score:3, Funny)

        by Anonymous Coward

        Right, of course. I was framed! Poor Chinese, all they want to do is run people over with tanks and everyone has to keep bothering them.

      • Re: (Score:3, Insightful)

        by asdf7890 (1518587)
        Or someone wanting to collect information that they might be able to sell to an operative working on behalf of the Chinese government/police. The right data can be very valuable if you can contact the right people to sell it to...
    • Re: (Score:3, Insightful)

      by Pojut (1027544)

      This is one of those situations like when the feds deal with the mob. You know it has to be them, there is no way there isn't...but without "proof", all you have are unsubstantiated claims.

      Sometimes the justice system prevails...and sometimes it gets in its own way.

      • by shentino (1139071)

        I'd rather have a self-hamstrung justice system than one that lets the powerful people at the top do whatever the fuck they want to do.

        Bureaucracy is a pain in the ass, but it's a damned good defense against evil men in powerful places.

        Centralized control is perfect except for that small detail of not always being able to trust the point man.

        I'll avoid a Godwin offense.

        • by Pojut (1027544)

          I completely agree...i was just pointing out that the very laws designed to protect the innocent can often protect the guilty.

        • I'd rather have a self-hamstrung justice system than one that lets the powerful people at the top do whatever the fuck they want to do.

          Well, luckily I live in the USA, so I don't have to decide - I get both.
          I mean look at the O.J. Simpson trials - the prosecution couldn't even frame a guilty man!

      • by Sycraft-fu (314770) on Tuesday January 26, 2010 @02:27PM (#30908576)

        Google doesn't have to prove things beyond a reasonable doubt. More to the point they don't have to prove it beyond any and all doubt no matter what, which is the standard many geeks seem to use. Internally, they only have to prove it to their own satisfaction, which it would seem they've done.

      • Re: (Score:2, Funny)

        by QuantumRiff (120817)
        The hackers weren't the most intelligent. If they would have properly encrypted their code (hell, even a ROT-13), then these groups trying to decipher their algorithms would be breaking the DCMA.
      • by jank1887 (815982)

        and sometimes you just have to fall back on mail fraud.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Yeah because people never hide things and lie to push their own agendas.

      Gmail accounts of Chinese human rights activists.

      If I were the US government, these are the kinds of accounts I would access to test cyber warfare tools.
      Like you aren't saying it was China, I'm not saying the US government was behind it but just that the evidence
      seems circumstantial and very convenient. The evidence was also circumstantial and very convenient when used
      as justification to invade Iraq.

    • Let's Be Foolish (Score:5, Interesting)

      by weszz (710261) on Tuesday January 26, 2010 @02:11PM (#30908316)

      So... Throwing this out there...

        hypothetically could it have been the Human Rights groups in China?

      Yes it would be an odd move as it could put themselves and their friends in quite a bit of danger, but it could also be high reward, if other countries fall for it and do something about it (if they could)

      I know it's bad to think about the victim as possible being the one who set things up, but from time to time we need to at least explore the idea, or you will get played repeatedly.

      • by tgibbs (83782)

        Also, it's hard to see the payoff. Even with censorship, Google in China seems to be more independent than Baidu, so it's hard to see how Human Rights groups would benefit by driving Google out of China.

      • Re:Let's Be Foolish (Score:4, Interesting)

        by Yvanhoe (564877) on Tuesday January 26, 2010 @04:52PM (#30910556) Journal
        It requires someone with enough confidence and resources to attack about twenty US companies for months.
        It requires someone to anticipate the unusual move of Google on this attack.
        It requires someone confident enough to operate from China and escape the Chinese government's scrutiny, even after their operations have been revealed.
        I think that makes a lot of hypothesis.

        The Chinese government has spent hundreds of millions training a "cyber-army". Maybe they have spent so much in that toy that they are flexing their muscles a bit ? It is not that long ago that experts were warning about the hacking capabilities of China [timesonline.co.uk]
    • by Monkeedude1212 (1560403) on Tuesday January 26, 2010 @02:11PM (#30908330) Journal

      Exactly. Thread over. Nothing else to say.

      I certainly didn't think it was the Chinese because the attacks supposedly originated in China. I thought it was the Chinese because it was after the accounts of Chinese Human rights activists.

      Unless THAT part can get discredited, I will still point my finger.

      • by bloodhawk (813939)
        The finger certainly points in the direction of the chinese. HOWEVER, It could just as easily be the US, the chinese rights groups or any other group looking to discredit china. Without proof all you have is likely suspects and given we are supposed to believe in freedoms such as "innocent until proven guilty", what does that make us if we act the way we "think" they themselves are acting.
        • Personally I couldn't care less. I think there is an issue in the way the Chinese Government is run. If it takes some underhanded tactics to change things over there I'm all for it.

          I gave up the idea of righteousness and honour when the US marched through Afghanistan into Iraq. No need to be Idealist when you aren't in control.

        • Re: (Score:3, Insightful)

          by jgrahn (181062)

          The finger certainly points in the direction of the chinese. HOWEVER, It could just as easily be the US, the chinese rights groups or any other group looking to discredit china.

          Google "Tiananmen Square Massacre" or "Tibet". Seems to me that those activists don't have to manufacture any proof.

          • by bloodhawk (813939)

            The finger certainly points in the direction of the chinese. HOWEVER, It could just as easily be the US, the chinese rights groups or any other group looking to discredit china.

            Google "Tiananmen Square Massacre" or "Tibet". Seems to me that those activists don't have to manufacture any proof.

            there is plenty of proof, however what there isn't is plenty of world support for them. Like it or not this attack could have easily originated from any number of foreign governments or rights groups, however the most likely suspect is still the chinese government.

    • Re:Don't Be Foolish (Score:4, Interesting)

      by hey! (33014) on Tuesday January 26, 2010 @02:14PM (#30908388) Homepage Journal

      Let me play devil's advocate here for one second.

      You are assuming that the only party interested in following or harassing the human rights activists are the Chinese government. It's not hard to think up *other* persons or groups that might be interested. Judging from the ultra nationalist kooks we have, we can imagine private nutcases who think of themselves as more patriotic than the government, who think the Party is much too wishy washy on the issues of class traitors and much too interested in appeasing the West.

      That's just the second most likely scenario. Other, more exotic scenarios are possible as well. In a world with so many people connected to the Internet, virtually every kind of crackpot you can imagine is out there. All it takes is one with an Internet feed.

      I think we have a preponderance of evidence situation here. On the whole, the most likely culprit is the Chinese government. But it's not quite to the "beyond a reasonable doubt" stage. You look at the whole web of evidence: the motivations, track record of past behavior, known propensities to industrial espionage, methods used, means and opportunity. Virtually every single datum is likely to have an innocuous explanation. It's the overall picture that convicts.

    • by 0racle (667029)
      And that drunk communist on the steps of the Reichstag proves the communists were trying to destroy Germany.
    • Re: (Score:3, Interesting)

      by rm999 (775449)

      I agree with you, but I'd like to point out that that is not proof at all. When making accusations that can damage the relations of the two largest economies in the World, we should be damn sure of what we are doing. Google seems to be, but they also have more information than the rest of us. We are speculating.

      In this case, I am still troubled by the apparent incompetence of the Chinese Government. Why did they think they could do this and get away with it? Didn't they realize that it could damage importan

    • It COULD be Baidu trying to eliminate competition. Although the fact that their domain was hacked makes that theory very unlikely.

    • by jbezorg (1263978)

      Emphasis mine. Nowhere is he talking about a CRC algorithm or even fingerprinting the attack to a particular country. Instead, the obvious question is simply this: Who else would hack one of the most successful companies in the world only to read the e-mails of Human Rights Activists in China? What possible gain could anyone else have from this information?

      There seems to be the general point of view the Google discovered what was happening and investigated on their own rather than enlist the State Dept. and their help from the beginning to use Google's network to observe, create honey pots and collect further data.

      Perhaps they seeded the compromised accounts with information provided by the State Dept. to see who acted on that information and it turned out to be the Chinese Government?

    • by Aphoxema (1088507) * on Tuesday January 26, 2010 @07:02PM (#30911902) Homepage Journal

      What possible gain could anyone else have from this information?

      *shrug* A loyal PRC citizen wanting to do the "right thing" or someone who'd like to sell the information for money to the Chinese government or someone else who might need leverage in negotiation with the Chinese government.

  • by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Tuesday January 26, 2010 @02:05PM (#30908238) Journal

    This CRC-16 implementation seems to be virtually unknown outside of China, as shown by a Google search for one of the key variables, "crc_ta[16]". At the time of this writing, almost every page with meaningful content concerning the algorithm is Chinese:

    Oh. My. God. I just reran the search [google.com] and it's changed. The top results are in English! It's the British that are attacking Google! Wait, one of the links is to a Blogspot site. Sweet Jesus, the attacks are coming from inside Google's own employee base! But wait, if you click crc_ta[16] [slashdot.org] enough times then Slashdot will show up in the list. Meaning Slashdot is the attacker on Google!

    Oh Great Britain, Slashdot and even Google themselves, why have you forsaken us?

    Google's pageranking engine returns a good enough set of available crawable webpages. It does not indicate guilt or scan all of human knowledge. Using it as any sort of evidence in a huge international scandal is less than prudent.

    • Re: (Score:3, Insightful)

      So based on the name of a variable the attack is from a certain geographic location?

      The 'who else but the Chinese Government would want access to human rights activist accounts' argument is a little thin. So suddenly if anyone's account gets hacked, we can just immediately assume it's a group that opposes them and then pull our business out of an entire market?

      Seems pretty dubious to me

      BTW, why are there 5 FAs to read. Holy sheit
    • Re: (Score:3, Funny)

      by mcgrew (92797) *

      Meaning Slashdot is the attacker on Google!

      We slashdotted China? Wow, I'm impressed!

    • Your post is the second result on Google. Congratulations.

    • by JoshuaZ (1134087)

      Oh. My. God. I just reran the search and it's changed. The top results are in English! It's the British that are attacking Google! Wait, one of the links is to a Blogspot site. Sweet Jesus, the attacks are coming from inside Google's own employee base! But wait, if you click crc_ta[16] enough times then Slashdot will show up in the list. Meaning Slashdot is the attacker on Google!

      Actually, your link likely won't substantially alter the rankings of Slashdot when you search for that term. The repetition of the term in this thread will do so, but your title likely not do so since all links in comments in slashdot automatically get nofollow tags. That means that search engines give the links little to no weight. This is a common tactic to reduce the incentive of spammers to spam links.

  • by walkoff (1562019) on Tuesday January 26, 2010 @02:10PM (#30908302)
    We were using and describing digital DNA in the mid to late 80s although the terminology used was slightly different as we /stole/ the term FIST from ham radio to use for it. it's actually an interesting technique although we weren't that sophisticated as we only looked at command streams and lingustics to identify country of origin and style of attack and group M.O. rather than pin pointing the actual attacker. It was actually used successfully in a few virus and trojan incidents and I stil have at least a partial copy of the NARK database I collated at the time.
  • by jdgeorge (18767) on Tuesday January 26, 2010 @02:15PM (#30908408)

    Evidence weakens that Joe Stewart's analysis shows that the CRC algorithm used in the attack was developed by Chinese programmers.

    As other folks have pointed out, this is NOT the basis of Google's or others' assessments that the attacks originated from within mainland China, and in no way does it weaken the evidence regarding the origin of the attack.

  • F-China (Score:2, Insightful)

    by BlueBoxSW.com (745855)

    Why all the pro-China posts lately on Slashdot?

    We getting astro-turfed by Red China?

    They claimed, of course they didn't do it, and seem to never mention by name the laws that Google must abide by.

    Screw them.

    How do you say "Propaganda" in Chinese?

    • Screw them.

      I agree. Right now I'm training an army of American hackers that are going to roll over China. Check out this video [youtube.com] of my protege at work. That madd h4xx iz a freebie for you, the more advanced stuff (like photoshopping a cat's head onto a dog's body) will cost ya. USA #1 baby.

      • by Valtor (34080)

        I agree. Right now I'm training an army of American hackers that are going to roll over China. Check out this video [youtube.com] of my protege at work. That madd h4xx iz a freebie for you, the more advanced stuff (like photoshopping a cat's head onto a dog's body) will cost ya. USA #1 baby.

        While you are at it, you should try to implement The Daemon [thedaemon.com]. ;-)

        Valtor

        PS: Great book by the way.

    • Re:F-China (Score:5, Funny)

      by newcastlejon (1483695) on Tuesday January 26, 2010 @02:47PM (#30908800)

      How do you say "Propaganda" in Chinese?

      Quietly.

    • Re: (Score:3, Informative)

      by chiguy (522222)

      Why all the pro-China posts lately on Slashdot?

      I've noticed this too. I try to be objective about Chinese and American relations. We're definitely frienemies, but lately I've noticed subtle push-back from the pro-China folks.

      Like my comment in a previous post got modded to +4 insightful but then ended back down to +2:

      Google should also check where all their laptops were manufactured. And make sure each BIOS is clean.

      There's a battle going on on /.

    • Re:F-China (Score:5, Funny)

      by Sir_Lewk (967686) <sirlewk@NospAm.gmail.com> on Tuesday January 26, 2010 @03:06PM (#30909048)

      Beware, the chinese astroturfers also have modpoints.

  • by marcansoft (727665) <hector@nOsPam.marcansoft.com> on Tuesday January 26, 2010 @02:16PM (#30908444) Homepage

    As someone who has been reverse engineering quite a bit of software recently, I can tell you that the assembly code from the attack and the Chinese version of the algorithm match completely. In other words, the output looks like exactly what an (optimizing) compiler would've produced given that source code. Note the operations performed inside the loop and the use of stack allocation for the table (and therefore the required initialization every time the function is called).

    As far as I can see, none of the English versions are similar. Sure, they implement the same algorithm, but the chinese implementation matches the attack code, not just the algorithm,

    • by the_povinator (936048) on Tuesday January 26, 2010 @02:20PM (#30908498) Homepage
      To add to this: the analysis on the original "research blog" was also more specific than the register article. He said:

      By decompiling the algorithm and searching the Internet for source code with similar constants, operations and a 16-value CRC table size, I was able to locate one instance of source code that fully matched the structural code implementation in Hydraq and also produced the same output when given the same input

      The Register people seem to have accepted similarity in code, without going to the trouble of checking the outputs.

    • by LWATCDR (28044)

      Of course would you want to bet that even if it matched another implementation that it wasn't a Chinese programmer?
      The first deep programing book I ever read was Data Structures + algorithms = Programs. It has influenced my code style just as the fact that my first programing teacher was an old Fortran programmer. Yes I often use i for for loops to this day even though I know it is now considered bad form.
      So if I wrote an attack would would we say it couldn't have come from the US because some of the algo

      • by khallow (566160)

        Of course would you want to bet that even if it matched another implementation that it wasn't a Chinese programmer?

        You seem unclear on the purpose of evidence. Its purpose is to distinguish between hypotheses. There are two hypotheses here. 1) Some hacker based in China did the hacking. 2) The first hypothesis is not true (the "null hypothesis"). An implementation that everyone knew about and anyone could have used doesn't distinguish between hypotheses #1 and #2. Hence, it cannot be evidence for hypothesis #1. An obscure implementation that has only been seen in China, favors hypothesis #1.

        • by LWATCDR (28044)

          I do see the difference.
          The thing is that even if the implementation is most commonly seen in China that is also evidence. And as the grandparent post pointed out the implementation does exactly match the implementation as often taught in china.
          My point is that with the mobility of knowledge we have today that a match or that implementation being documented else where isn't definitive one way or the other.
           

          • by radtea (464814)

            My point is that with the mobility of knowledge we have today that a match or that implementation being documented else where isn't definitive one way or the other.

            I'm not sure what this "definitive" thing you're talking about is.

            Informed judgment is always a matter of balancing probabilities. Why anyone would talk about anything being "definitive" instead of "highly probable" is not clear.

            In this case, the evidence, both who the target was (Chinese human rights organizations) and the low-level details of

            • by LWATCDR (28044)

              I do agree. What I was saying that just because that implementation was documented outside China it doesn't in any way decrease the probability that it was done by China.
              Or if they had used an implementation that was never documented in China.
              The targets are the big evidence in my book.
              What I find somewhat interesting is that they used a CRC implementation as the "fingerprint".
              Who writes their own CRC code anymore? I mean not since college have I written a CRC function. There are a million of them available

          • by Yvanhoe (564877)
            Knowledge is mobile. However the biggest barriers it meets today are those of language. This isn't a smoking gun (enough other posts point out to the IPs of the control servers and the fact that targeting human rights activists in China benefits no one else) but a clue that everything looks like it is of Chinese origin.
          • by AK Marc (707885)
            My point is that with the mobility of knowledge we have today that a match or that implementation being documented else where isn't definitive one way or the other.

            What does "definitive" have to do with it? They have motive, opportunity, and evidence pointing at them. That's not "definitive" but good enough. You don't prove "beyond a shadow of a doubt" but "beyond a reasonable doubt." Simply put, unless there's anyone else likely to do it, the obvious person did it. No one has suggested anyone else cr
  • by 140Mandak262Jamuna (970587) on Tuesday January 26, 2010 @02:26PM (#30908574) Journal
    Please stop finding and posting evidence contrary to my preconceived notions! Enough already. As it is I am trying to contain my cognitive dissonance and I can do without all these pesky counter evidence, thank you. Next you will ask me to believe that Microsoft is not 100% evil and Apple is not 100% cool and Google is not 100% non-Evil (tm).
  • Digital DNA? (Score:2, Informative)

    by Smallpond (221300)

    How hard is that? Parse /var/log/secure, do a lookup and see where the attacks are coming from.

    121.172.227.78 KR KORNET, Namdong-gu, Incheon
    218.200.163.148 CN China Mobile Communications
    222.173.194.10 CN CHINANET SHANDONG PROVINCE NETWORK
    203.250.137.143 KR kreonet.net
    209.151.248.213 US Cyberverse, Los Angeles Colocation and Datacenter
    190.144.126.227 CO TELMEXLA.NET.CO, Bogota
    203.134.223.248 IN HFCL INFOTEL, Punjab
    194.246.101.52 FR Transnode

    Wow. No Brazil today. That's odd.

    • Re:Digital DNA? (Score:4, Insightful)

      by Domint (1111399) on Tuesday January 26, 2010 @02:44PM (#30908760) Homepage Journal
      How hard is that? Parse /var/log/secure, do a lookup and see where the attacks are coming from.

      Right, because there's no such thing as proxies.
      • Re: (Score:2, Interesting)

        by Seakip18 (1106315)

        Hmmm...

        In that sense, we should free any mob bosses in jail. I'm sure, since they've never pulled the trigger, they never killed anyone.

        Ok that's a bit of a stretch, but if their(those who manage these systems) incompetent systems management is leading to compromised systems, aren't they just as much a part of the problem?

        • Re:Digital DNA? (Score:4, Insightful)

          by Domint (1111399) on Tuesday January 26, 2010 @04:46PM (#30910450) Homepage Journal
          I suppose you'd argue in favor of holding the phone company responsible if you received a harassing phone call as well? You're right, that is a bit of a stretch.

          My point was that it's really easy to mask where you're coming from by bouncing through legitimate services provided by companies all over the world (who I'm sure would be quite reluctant to release their logfiles just because you asked for them really nicely). Looking at /var/log/secure will only catch the most amateur of 'hackers'. The topic at hand is what else one can do to determine who's ultimately behind it.
  • The smoking gun I'd heard about was the IP Addresses [arstechnica.com] of the command servers, not this CRC algorithm.

    While these machines could be rouge agents in the Chinese Gov't. infrastructure they're even less likely to admit a security compromise that than espionage.
  • Set aside the industrial espionage charges. Who benefits from the hacking of the activists' and journalists' accounts? The PRC and its enemies. The usual suspects like the Russian mob, Nigerians, etc. have little, if anything, to gain from this and certainly not enough to offset the harm that could happen if a company with Google's expertise brought scrutiny to them.
  • by koan (80826)

    What other nation or group has motivation for hacking into human rights organizations for Tibet and China? Who else would see that as a threat?

  • Do you recall how unfair you thought it was when your third-grade teacher punished the entire class for the misbehavior of one student because she couldn't identify the perpetrator? That's exactly what Google is doing. It's not "deterrence" at all. At best it's indirect deterrence, since it doesn't affect hackers directly; what it affects is the entire Chinese "class" by withdrawing from its network and e-economy, hurting or diminishing the many in an attempt to change the behavior of just a few.

    • by Jeng (926980)

      Isn't that a basic principal of communism?
      Share the risk.

      • by macraig (621737)

        Well... since SOME people claim that communism is economic entropy, then by extension you're saying that it's a basic principle of entropy, and that the entire universe has to share the risk because of the few?

        Nice.

    • by tgibbs (83782) on Tuesday January 26, 2010 @04:11PM (#30909944)

      Except that the scale of the attacks, the targets of the attacks, and the fact that they went on in a country that is fanatical about monitoring internet use, strongly suggests that the Chinese government either conducted or encouraged the attack. So it is reasonable for Google to hold the Chinese government responsible. Clearly Google's view is, "We try to cooperate with your unreasonable censorship rules, we expect you not to try to crack into our systems. You didn't hold up your end of the bargain, so the deal is off. If you don't like it, we'll take our ball and go home."

      • by macraig (621737)

        That description and justification is only true IFF the Chinese government was responsible or holding the purse strings. TFS and TFA suggest that this is perhaps not the case after all.

        Google is perhaps justified in taking SOME kind of knee-jerk action to protect itself, temporarily at least, in the absence of knowing the real cause or source, but what's your justification? You have nothing to protect, do you? Are you protecting a blind faith in Google and by extension the rightness of its actions?

        • by tgibbs (83782)

          Google is perhaps justified in taking SOME kind of knee-jerk action to protect itself, temporarily at least, in the absence of knowing the real cause or source, but what's your justification? You have nothing to protect, do you? Are you protecting a blind faith in Google and by extension the rightness of its actions?

          That's an odd question. Are you asserting that nobody should have opinions on topics such as political censorship, human rights, or the relationships between information-based corporations and

    • by Yvanhoe (564877)
      Google is operating a website. I can reach it from France, I can reach Chinese websites too. The fact Chineses can't reach google.com from their connection has little to do with Google's policy.
  • If you want to know if the hacks were done with Chinese government approval, watch and see who they put to death for it. As with the contaminated baby formula, China has a strong tradition of swift trials and swifter executions for those citizens who through unauthorized behavior embarrass them on the world stage. Strong enough that it makes them rather transparent when denying something they actually did do.

    • We could do the same thing here too, if it weren't for that pesky "constitution" thing!

      Actually, I kinda like the Chinese use of the death sentence for life-threatening corruption. Unfortunately, in this case the misbehavior doesn't appear to be life threatening. (Unless you're one of the human rights activists hacked, and you accidentally said something counter to the interests of the Chinese government on the foolish assumption that your private emails were, in fact, private. In that case, then certainl
  • Skip the NY Times (Score:2, Informative)

    by Kylere (846597)
    As an FYI, skip the NYTimes version of this story, I have had 4 users walk in today with infected systems. It appears that NYTimes has pulled another screwup in security land http://news.cnet.com/8301-1009_3-10351460-83.html [cnet.com]
  • When i saw the 1st google complaint, i tought that was weird that for one side you have high tech attacks (i.e. the one to steal IP from google, hacking into inside computers using IE6/flash/acrobat/whatever vulnerabilities) and the other was somewhat low tech, social engineering or just shopping into black market to infiltrate into the mail accounts of human rights advocates in China.

    If you put both together, assuming that have the same source, could point to someone big enough to be backed by China gove

  • If when you say "China was responsible for the attacks" you are referring to the Chinese Government or persons acting at the direction or in the employ of the Chinese Government, I'd agree that's probably not the case. On the other hand if you are referring to persons based in China acting of their own volition in an attempt to show patriotism for their country possibly in return or with the expectation of favors from those in power then I think we can safely say "Yeah, that's them." It is all very conven
  • It doesn't mean that its the Chinese government...

  • I'm surprised that people aren't reaching for the most obvious explanation for this announcement of newly-weakened evidence. Isn't it obvious that it's a part of a deal that Google cut with China, in which it was agreed that tensions will be de-escalated in public?

    Google is saying the equivalent of "Oh, did I call your mama a whore in front of the whole world? No, no, of course not! I was saying she was a HORRibly nice woman, but my phone was cutting out! I would never accuse your mama of pulling tricks for

  • I don't like China, and I think their government is insanely authoritarian. From Green Dam to pulling Avatar out of theaters to having no health standards on the toys they produce is only the beginning. I've heard so many bad things about the Chinese government I wouldn't even know where to begin. But it doesn't take a genius to realize China is NOT behind these attacks.

    Let's look at the facts. First Google releases a statement saying they were attacked, and they think it was China, and as a result they

    • I've been reading this explanation in the chinese news sites, and have been waiting for someone to post it here, comrade.

      Good luck with that. You'll need it.

The idle man does not know what it is to enjoy rest.

Working...