Evidence Weakens That China Did the Recent Cyberattacks 197
click2005 notes an article in The Register calling into question the one piece of hard evidence that has been put forward to pin the Google cyberattacks on China. It was claimed that a CRC algorithm found in the Aurora attack code was particular to Chinese-language developers. Now evidence emerges that this algorithm has been widely known for years and used in English-language books and websites. Wired has a post introducing the Pentagon's recently initiated effort to identify the "digital DNA" of hackers and/or their tools; this program is part of a wide-ranging effort by the US government to find useful means of deterring cyberattacks. This latter NY Times article notes that Google may have found the best deterrence so far — the threat to withdraw its services from the Chinese market.
Let's Be Foolish (Score:5, Interesting)
So... Throwing this out there...
hypothetically could it have been the Human Rights groups in China?
Yes it would be an odd move as it could put themselves and their friends in quite a bit of danger, but it could also be high reward, if other countries fall for it and do something about it (if they could)
I know it's bad to think about the victim as possible being the one who set things up, but from time to time we need to at least explore the idea, or you will get played repeatedly.
Re:Don't Be Foolish (Score:4, Interesting)
Let me play devil's advocate here for one second.
You are assuming that the only party interested in following or harassing the human rights activists are the Chinese government. It's not hard to think up *other* persons or groups that might be interested. Judging from the ultra nationalist kooks we have, we can imagine private nutcases who think of themselves as more patriotic than the government, who think the Party is much too wishy washy on the issues of class traitors and much too interested in appeasing the West.
That's just the second most likely scenario. Other, more exotic scenarios are possible as well. In a world with so many people connected to the Internet, virtually every kind of crackpot you can imagine is out there. All it takes is one with an Internet feed.
I think we have a preponderance of evidence situation here. On the whole, the most likely culprit is the Chinese government. But it's not quite to the "beyond a reasonable doubt" stage. You look at the whole web of evidence: the motivations, track record of past behavior, known propensities to industrial espionage, methods used, means and opportunity. Virtually every single datum is likely to have an innocuous explanation. It's the overall picture that convicts.
Re:Don't Be Foolish (Score:3, Interesting)
I agree with you, but I'd like to point out that that is not proof at all. When making accusations that can damage the relations of the two largest economies in the World, we should be damn sure of what we are doing. Google seems to be, but they also have more information than the rest of us. We are speculating.
In this case, I am still troubled by the apparent incompetence of the Chinese Government. Why did they think they could do this and get away with it? Didn't they realize that it could damage important and profitable relations with American companies and the Government? It seems like they could gain very little from reading a few individual's e-mails.
We shouldn't rule out the remote possibility that China is essentially being framed by an entity that can benefit from the US and China fighting. More likely, I think the breaches came from China but were not approved at a very high level (in which case someone is in deep shit). Either way, the US should tread carefully without proof.
The Chinese code matches _exactly_ (Score:5, Interesting)
As someone who has been reverse engineering quite a bit of software recently, I can tell you that the assembly code from the attack and the Chinese version of the algorithm match completely. In other words, the output looks like exactly what an (optimizing) compiler would've produced given that source code. Note the operations performed inside the loop and the use of stack allocation for the table (and therefore the required initialization every time the function is called).
As far as I can see, none of the English versions are similar. Sure, they implement the same algorithm, but the chinese implementation matches the attack code, not just the algorithm,
Re:Don't Be Foolish (Score:5, Interesting)
Something about a land war in Asia.
Which brings us to the second-most likely suspect: one of Google's competitors in China. Think about it for a moment:
It's a win-win as long as it can't be pinned on them specifically.
Re:Digital DNA? (Score:2, Interesting)
Hmmm...
In that sense, we should free any mob bosses in jail. I'm sure, since they've never pulled the trigger, they never killed anyone.
Ok that's a bit of a stretch, but if their(those who manage these systems) incompetent systems management is leading to compromised systems, aren't they just as much a part of the problem?
Re:Don't Be Foolish (Score:1, Interesting)
With all these companies flocking to China to get a share of that huge market, willing to obey whatever restrictions and ill practices, it's only natural for Chinese gov't to think that it can do whatever it wants and get away with it. After all, it's the world depending on China now instead of the other way around.
The chance of certain 3rd party starting this attack to worsen US-China relationship is, well, practically zero. Hacking into gmail account of human right activists is very unlikely to start a serious row, and in most probable situation, would be dealt with under the table between Google and Chinese gov't. Literally everyone was surprised that Google publicly sent an ultimatum.
Re:Let's Be Foolish (Score:4, Interesting)
It requires someone to anticipate the unusual move of Google on this attack.
It requires someone confident enough to operate from China and escape the Chinese government's scrutiny, even after their operations have been revealed.
I think that makes a lot of hypothesis.
The Chinese government has spent hundreds of millions training a "cyber-army". Maybe they have spent so much in that toy that they are flexing their muscles a bit ? It is not that long ago that experts were warning about the hacking capabilities of China [timesonline.co.uk]