Evidence Weakens That China Did the Recent Cyberattacks 197
click2005 notes an article in The Register calling into question the one piece of hard evidence that has been put forward to pin the Google cyberattacks on China. It was claimed that a CRC algorithm found in the Aurora attack code was particular to Chinese-language developers. Now evidence emerges that this algorithm has been widely known for years and used in English-language books and websites. Wired has a post introducing the Pentagon's recently initiated effort to identify the "digital DNA" of hackers and/or their tools; this program is part of a wide-ranging effort by the US government to find useful means of deterring cyberattacks. This latter NY Times article notes that Google may have found the best deterrence so far — the threat to withdraw its services from the Chinese market.
Don't Be Foolish (Score:5, Insightful)
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.
Emphasis mine. Nowhere is he talking about a CRC algorithm or even fingerprinting the attack to a particular country. Instead, the obvious question is simply this: Who else would hack one of the most successful companies in the world only to read the e-mails of Human Rights Activists in China? What possible gain could anyone else have from this information?
I'm not saying hard evidence has been provided one way or the other (I'm not even sure it could be proven one way or the other unless someone claims ownership) but the only evidence the accuser offered up was this. Not that the "algorithm was only known to Chinese" nor anything as simpleton.
Re:Don't Be Foolish (Score:5, Insightful)
Someone who is trying to discredit China?
Re:Don't Be Foolish (Score:5, Funny)
Re: (Score:3, Insightful)
Who else would hack one of the most successful companies in the world only to read the e-mails of Human Rights Activists in China? What possible gain could anyone else have from this information? ... ...
Someone who is trying to discredit China?
Someone trying to say that someone is trying to discredit China?
All of the above?
Politics does have a tendency to produce gang-bangs.
Re:Don't Be Foolish (Score:5, Funny)
Go to school for Computer Science, they said... Get a good job, they said...
Re: (Score:3, Funny)
To my knowledge, there are only two groups of people that follow Chinese human rights activists; The Chinese,(for tank tread inspections), and the Activist's Moms. I didn't know that Mom's had such a in depth awareness of Cyber Attacking. Go figure.
Re: (Score:2)
Who else would hack one of the most successful companies in the world...?
I suppose the US government wouldn't need to hack, it would just ask for the information from third parties or would recruit the help of the telecoms, right?
Re: (Score:2)
China does a good job of discrediting itself. Deny and 'don't answer the question' Someone trying to say that someone is trying to discredit China?
Well that would be you then. Are you admitting something?
Re:Don't Be Foolish (Score:5, Funny)
You just can't see past the end of your nose, to the possibility that it was someone trying to discredit someone who tried to say that someone is trying to discredit China.
Re:Don't Be Foolish (Score:5, Funny)
Truly, you have a dizzying intellect.
Re:Don't Be Foolish (Score:5, Funny)
Wait til I get going! Now, where was I?
Re:Don't Be Foolish (Score:5, Interesting)
Something about a land war in Asia.
Which brings us to the second-most likely suspect: one of Google's competitors in China. Think about it for a moment:
It's a win-win as long as it can't be pinned on them specifically.
Re: (Score:2)
You assume I had credit to begin with!
Re: (Score:2)
I have it on authority that it was the same group in the U.S. who planned the Sept 11 attacks!
... or I just made that up.
Re: (Score:2)
Re: (Score:3, Funny)
Right, of course. I was framed! Poor Chinese, all they want to do is run people over with tanks and everyone has to keep bothering them.
Re: (Score:3, Insightful)
Re: (Score:3, Insightful)
This is one of those situations like when the feds deal with the mob. You know it has to be them, there is no way there isn't...but without "proof", all you have are unsubstantiated claims.
Sometimes the justice system prevails...and sometimes it gets in its own way.
Re: (Score:2)
I'd rather have a self-hamstrung justice system than one that lets the powerful people at the top do whatever the fuck they want to do.
Bureaucracy is a pain in the ass, but it's a damned good defense against evil men in powerful places.
Centralized control is perfect except for that small detail of not always being able to trust the point man.
I'll avoid a Godwin offense.
Re: (Score:2)
I completely agree...i was just pointing out that the very laws designed to protect the innocent can often protect the guilty.
Re: (Score:2)
I'd rather have a self-hamstrung justice system than one that lets the powerful people at the top do whatever the fuck they want to do.
Well, luckily I live in the USA, so I don't have to decide - I get both.
I mean look at the O.J. Simpson trials - the prosecution couldn't even frame a guilty man!
This isn't a court of law (Score:5, Insightful)
Google doesn't have to prove things beyond a reasonable doubt. More to the point they don't have to prove it beyond any and all doubt no matter what, which is the standard many geeks seem to use. Internally, they only have to prove it to their own satisfaction, which it would seem they've done.
Re: (Score:2, Funny)
Re: (Score:2)
and sometimes you just have to fall back on mail fraud.
Re: (Score:2, Insightful)
Yeah because people never hide things and lie to push their own agendas.
Gmail accounts of Chinese human rights activists.
If I were the US government, these are the kinds of accounts I would access to test cyber warfare tools.
Like you aren't saying it was China, I'm not saying the US government was behind it but just that the evidence
seems circumstantial and very convenient. The evidence was also circumstantial and very convenient when used
as justification to invade Iraq.
Re: (Score:2)
That's just what they want you to think!
Let's Be Foolish (Score:5, Interesting)
So... Throwing this out there...
hypothetically could it have been the Human Rights groups in China?
Yes it would be an odd move as it could put themselves and their friends in quite a bit of danger, but it could also be high reward, if other countries fall for it and do something about it (if they could)
I know it's bad to think about the victim as possible being the one who set things up, but from time to time we need to at least explore the idea, or you will get played repeatedly.
Re: (Score:2)
Also, it's hard to see the payoff. Even with censorship, Google in China seems to be more independent than Baidu, so it's hard to see how Human Rights groups would benefit by driving Google out of China.
Re:Let's Be Foolish (Score:4, Interesting)
It requires someone to anticipate the unusual move of Google on this attack.
It requires someone confident enough to operate from China and escape the Chinese government's scrutiny, even after their operations have been revealed.
I think that makes a lot of hypothesis.
The Chinese government has spent hundreds of millions training a "cyber-army". Maybe they have spent so much in that toy that they are flexing their muscles a bit ? It is not that long ago that experts were warning about the hacking capabilities of China [timesonline.co.uk]
Re:Don't Be Foolish (Score:5, Insightful)
Exactly. Thread over. Nothing else to say.
I certainly didn't think it was the Chinese because the attacks supposedly originated in China. I thought it was the Chinese because it was after the accounts of Chinese Human rights activists.
Unless THAT part can get discredited, I will still point my finger.
Re: (Score:2)
Re: (Score:2)
Personally I couldn't care less. I think there is an issue in the way the Chinese Government is run. If it takes some underhanded tactics to change things over there I'm all for it.
I gave up the idea of righteousness and honour when the US marched through Afghanistan into Iraq. No need to be Idealist when you aren't in control.
Re: (Score:3, Insightful)
Google "Tiananmen Square Massacre" or "Tibet". Seems to me that those activists don't have to manufacture any proof.
Re: (Score:2)
Google "Tiananmen Square Massacre" or "Tibet". Seems to me that those activists don't have to manufacture any proof.
there is plenty of proof, however what there isn't is plenty of world support for them. Like it or not this attack could have easily originated from any number of foreign governments or rights groups, however the most likely suspect is still the chinese government.
Re:Don't Be Foolish (Score:4, Interesting)
Let me play devil's advocate here for one second.
You are assuming that the only party interested in following or harassing the human rights activists are the Chinese government. It's not hard to think up *other* persons or groups that might be interested. Judging from the ultra nationalist kooks we have, we can imagine private nutcases who think of themselves as more patriotic than the government, who think the Party is much too wishy washy on the issues of class traitors and much too interested in appeasing the West.
That's just the second most likely scenario. Other, more exotic scenarios are possible as well. In a world with so many people connected to the Internet, virtually every kind of crackpot you can imagine is out there. All it takes is one with an Internet feed.
I think we have a preponderance of evidence situation here. On the whole, the most likely culprit is the Chinese government. But it's not quite to the "beyond a reasonable doubt" stage. You look at the whole web of evidence: the motivations, track record of past behavior, known propensities to industrial espionage, methods used, means and opportunity. Virtually every single datum is likely to have an innocuous explanation. It's the overall picture that convicts.
Re: (Score:2)
Re: (Score:3, Interesting)
I agree with you, but I'd like to point out that that is not proof at all. When making accusations that can damage the relations of the two largest economies in the World, we should be damn sure of what we are doing. Google seems to be, but they also have more information than the rest of us. We are speculating.
In this case, I am still troubled by the apparent incompetence of the Chinese Government. Why did they think they could do this and get away with it? Didn't they realize that it could damage importan
Re: (Score:2)
It COULD be Baidu trying to eliminate competition. Although the fact that their domain was hacked makes that theory very unlikely.
Re: (Score:2)
Emphasis mine. Nowhere is he talking about a CRC algorithm or even fingerprinting the attack to a particular country. Instead, the obvious question is simply this: Who else would hack one of the most successful companies in the world only to read the e-mails of Human Rights Activists in China? What possible gain could anyone else have from this information?
There seems to be the general point of view the Google discovered what was happening and investigated on their own rather than enlist the State Dept. and their help from the beginning to use Google's network to observe, create honey pots and collect further data.
Perhaps they seeded the compromised accounts with information provided by the State Dept. to see who acted on that information and it turned out to be the Chinese Government?
Re:Don't Be Foolish (Score:4, Insightful)
What possible gain could anyone else have from this information?
*shrug* A loyal PRC citizen wanting to do the "right thing" or someone who'd like to sell the information for money to the Chinese government or someone else who might need leverage in negotiation with the Chinese government.
Re:Don't Be Foolish (Score:5, Insightful)
You think it's more likely that a CEO made a moral choice? Don't make me laugh. If morals had anything to do with it, they would never have gotten into China in the first place. It's not like Tiananmen Square hadn't happened yet....
No, I strongly suspect it's more like "Betraying the trust of other people is okay as long as you don't betray mine." And odds are, in a few months, this will all be forgotten and it will be back to business as usual, censorship, spying, and all. I'd love to be wrong about my cynicism, but it happens so rarely these days....
Xenogooglia Run Amok (Score:5, Funny)
This CRC-16 implementation seems to be virtually unknown outside of China, as shown by a Google search for one of the key variables, "crc_ta[16]". At the time of this writing, almost every page with meaningful content concerning the algorithm is Chinese:
Oh. My. God. I just reran the search [google.com] and it's changed. The top results are in English! It's the British that are attacking Google! Wait, one of the links is to a Blogspot site. Sweet Jesus, the attacks are coming from inside Google's own employee base! But wait, if you click crc_ta[16] [slashdot.org] enough times then Slashdot will show up in the list. Meaning Slashdot is the attacker on Google!
Oh Great Britain, Slashdot and even Google themselves, why have you forsaken us?
Google's pageranking engine returns a good enough set of available crawable webpages. It does not indicate guilt or scan all of human knowledge. Using it as any sort of evidence in a huge international scandal is less than prudent.
Re: (Score:3, Insightful)
The 'who else but the Chinese Government would want access to human rights activist accounts' argument is a little thin. So suddenly if anyone's account gets hacked, we can just immediately assume it's a group that opposes them and then pull our business out of an entire market?
Seems pretty dubious to me
BTW, why are there 5 FAs to read. Holy sheit
Re: (Score:3, Funny)
Meaning Slashdot is the attacker on Google!
We slashdotted China? Wow, I'm impressed!
Re: (Score:2)
Your post is the second result on Google. Congratulations.
Re: (Score:2)
Oh. My. God. I just reran the search and it's changed. The top results are in English! It's the British that are attacking Google! Wait, one of the links is to a Blogspot site. Sweet Jesus, the attacks are coming from inside Google's own employee base! But wait, if you click crc_ta[16] enough times then Slashdot will show up in the list. Meaning Slashdot is the attacker on Google!
Actually, your link likely won't substantially alter the rankings of Slashdot when you search for that term. The repetition of the term in this thread will do so, but your title likely not do so since all links in comments in slashdot automatically get nofollow tags. That means that search engines give the links little to no weight. This is a common tactic to reduce the incentive of spammers to spam links.
Re: (Score:2)
??? prophet!
digital DNA is years old (Score:3, Informative)
weakened evidence... of what? (Score:4, Insightful)
Evidence weakens that Joe Stewart's analysis shows that the CRC algorithm used in the attack was developed by Chinese programmers.
As other folks have pointed out, this is NOT the basis of Google's or others' assessments that the attacks originated from within mainland China, and in no way does it weaken the evidence regarding the origin of the attack.
F-China (Score:2, Insightful)
Why all the pro-China posts lately on Slashdot?
We getting astro-turfed by Red China?
They claimed, of course they didn't do it, and seem to never mention by name the laws that Google must abide by.
Screw them.
How do you say "Propaganda" in Chinese?
Re: (Score:2)
Screw them.
I agree. Right now I'm training an army of American hackers that are going to roll over China. Check out this video [youtube.com] of my protege at work. That madd h4xx iz a freebie for you, the more advanced stuff (like photoshopping a cat's head onto a dog's body) will cost ya. USA #1 baby.
Re: (Score:2)
I agree. Right now I'm training an army of American hackers that are going to roll over China. Check out this video [youtube.com] of my protege at work. That madd h4xx iz a freebie for you, the more advanced stuff (like photoshopping a cat's head onto a dog's body) will cost ya. USA #1 baby.
While you are at it, you should try to implement The Daemon [thedaemon.com]. ;-)
Valtor
PS: Great book by the way.
Re:F-China (Score:5, Funny)
How do you say "Propaganda" in Chinese?
Quietly.
Re: (Score:3, Informative)
Why all the pro-China posts lately on Slashdot?
I've noticed this too. I try to be objective about Chinese and American relations. We're definitely frienemies, but lately I've noticed subtle push-back from the pro-China folks.
Like my comment in a previous post got modded to +4 insightful but then ended back down to +2:
Google should also check where all their laptops were manufactured. And make sure each BIOS is clean.
There's a battle going on on /.
Re:F-China (Score:5, Funny)
Beware, the chinese astroturfers also have modpoints.
Re: (Score:2)
Yeah, I just noticed that. The post went from 2 points to four points, back to 2 in 15 minutes.
Re: (Score:2)
Go Dragons!
Re: (Score:2)
(The Drexel Dragons, not the Chinese ones)
Re: (Score:2)
heh, thanks :)
I was wondering for a second, the sports presence here is so terrible I barely even recognize my school's own mascot ;)
Re: (Score:2)
Now down to 1 point.
Re: (Score:2, Insightful)
Re: (Score:2)
So what's stopping us? Simple. The manufacturing capacity exists in China and they are willing to look the other way and ignore environmental laws. Oh, and don't forget that a significant percentage of the parts are also manufactured there. The cost of manufacturing finished goods anywhere else is significantly higher because you first have to import the parts and China has tariffs that deliberately make it more expensive for unfinished goods to leave the country.
It's not nearly as easy as you think. I
The Chinese code matches _exactly_ (Score:5, Interesting)
As someone who has been reverse engineering quite a bit of software recently, I can tell you that the assembly code from the attack and the Chinese version of the algorithm match completely. In other words, the output looks like exactly what an (optimizing) compiler would've produced given that source code. Note the operations performed inside the loop and the use of stack allocation for the table (and therefore the required initialization every time the function is called).
As far as I can see, none of the English versions are similar. Sure, they implement the same algorithm, but the chinese implementation matches the attack code, not just the algorithm,
Re:The Chinese code matches _exactly_ (Score:5, Informative)
The Register people seem to have accepted similarity in code, without going to the trouble of checking the outputs.
Re: (Score:2)
Of course would you want to bet that even if it matched another implementation that it wasn't a Chinese programmer?
The first deep programing book I ever read was Data Structures + algorithms = Programs. It has influenced my code style just as the fact that my first programing teacher was an old Fortran programmer. Yes I often use i for for loops to this day even though I know it is now considered bad form.
So if I wrote an attack would would we say it couldn't have come from the US because some of the algo
Re: (Score:2)
Of course would you want to bet that even if it matched another implementation that it wasn't a Chinese programmer?
You seem unclear on the purpose of evidence. Its purpose is to distinguish between hypotheses. There are two hypotheses here. 1) Some hacker based in China did the hacking. 2) The first hypothesis is not true (the "null hypothesis"). An implementation that everyone knew about and anyone could have used doesn't distinguish between hypotheses #1 and #2. Hence, it cannot be evidence for hypothesis #1. An obscure implementation that has only been seen in China, favors hypothesis #1.
Re: (Score:2)
I do see the difference.
The thing is that even if the implementation is most commonly seen in China that is also evidence. And as the grandparent post pointed out the implementation does exactly match the implementation as often taught in china.
My point is that with the mobility of knowledge we have today that a match or that implementation being documented else where isn't definitive one way or the other.
Re: (Score:2)
My point is that with the mobility of knowledge we have today that a match or that implementation being documented else where isn't definitive one way or the other.
I'm not sure what this "definitive" thing you're talking about is.
Informed judgment is always a matter of balancing probabilities. Why anyone would talk about anything being "definitive" instead of "highly probable" is not clear.
In this case, the evidence, both who the target was (Chinese human rights organizations) and the low-level details of
Re: (Score:2)
I do agree. What I was saying that just because that implementation was documented outside China it doesn't in any way decrease the probability that it was done by China.
Or if they had used an implementation that was never documented in China.
The targets are the big evidence in my book.
What I find somewhat interesting is that they used a CRC implementation as the "fingerprint".
Who writes their own CRC code anymore? I mean not since college have I written a CRC function. There are a million of them available
Re: (Score:2)
Re: (Score:2)
What does "definitive" have to do with it? They have motive, opportunity, and evidence pointing at them. That's not "definitive" but good enough. You don't prove "beyond a shadow of a doubt" but "beyond a reasonable doubt." Simply put, unless there's anyone else likely to do it, the obvious person did it. No one has suggested anyone else cr
Stop messing with my brains. (Score:3, Funny)
Digital DNA? (Score:2, Informative)
How hard is that? Parse /var/log/secure, do a lookup and see where the attacks are coming from.
Wow. No Brazil today. That's odd.
Re:Digital DNA? (Score:4, Insightful)
Right, because there's no such thing as proxies.
Re: (Score:2, Interesting)
Hmmm...
In that sense, we should free any mob bosses in jail. I'm sure, since they've never pulled the trigger, they never killed anyone.
Ok that's a bit of a stretch, but if their(those who manage these systems) incompetent systems management is leading to compromised systems, aren't they just as much a part of the problem?
Re:Digital DNA? (Score:4, Insightful)
My point was that it's really easy to mask where you're coming from by bouncing through legitimate services provided by companies all over the world (who I'm sure would be quite reluctant to release their logfiles just because you asked for them really nicely). Looking at
IP Addresses (Score:2)
While these machines could be rouge agents in the Chinese Gov't. infrastructure they're even less likely to admit a security compromise that than espionage.
Re: (Score:2)
Huh, and here I thought all the Rouge agents came from Cambodia!
Re: (Score:2)
OK (Score:2)
What other nation or group has motivation for hacking into human rights organizations for Tibet and China? Who else would see that as a threat?
"Deterring" a whole class for the misdeeds of one (Score:4, Insightful)
Do you recall how unfair you thought it was when your third-grade teacher punished the entire class for the misbehavior of one student because she couldn't identify the perpetrator? That's exactly what Google is doing. It's not "deterrence" at all. At best it's indirect deterrence, since it doesn't affect hackers directly; what it affects is the entire Chinese "class" by withdrawing from its network and e-economy, hurting or diminishing the many in an attempt to change the behavior of just a few.
Re: (Score:2)
Isn't that a basic principal of communism?
Share the risk.
Re: (Score:2)
Well... since SOME people claim that communism is economic entropy, then by extension you're saying that it's a basic principle of entropy, and that the entire universe has to share the risk because of the few?
Nice.
Re:"Deterring" a whole class for the misdeeds of o (Score:4, Insightful)
Except that the scale of the attacks, the targets of the attacks, and the fact that they went on in a country that is fanatical about monitoring internet use, strongly suggests that the Chinese government either conducted or encouraged the attack. So it is reasonable for Google to hold the Chinese government responsible. Clearly Google's view is, "We try to cooperate with your unreasonable censorship rules, we expect you not to try to crack into our systems. You didn't hold up your end of the bargain, so the deal is off. If you don't like it, we'll take our ball and go home."
Re: (Score:2)
That description and justification is only true IFF the Chinese government was responsible or holding the purse strings. TFS and TFA suggest that this is perhaps not the case after all.
Google is perhaps justified in taking SOME kind of knee-jerk action to protect itself, temporarily at least, in the absence of knowing the real cause or source, but what's your justification? You have nothing to protect, do you? Are you protecting a blind faith in Google and by extension the rightness of its actions?
Re: (Score:2)
That's an odd question. Are you asserting that nobody should have opinions on topics such as political censorship, human rights, or the relationships between information-based corporations and
Re: (Score:2)
Watch who they put to death (Score:2)
If you want to know if the hacks were done with Chinese government approval, watch and see who they put to death for it. As with the contaminated baby formula, China has a strong tradition of swift trials and swifter executions for those citizens who through unauthorized behavior embarrass them on the world stage. Strong enough that it makes them rather transparent when denying something they actually did do.
No wonder we can't compete! (Score:2)
Actually, I kinda like the Chinese use of the death sentence for life-threatening corruption. Unfortunately, in this case the misbehavior doesn't appear to be life threatening. (Unless you're one of the human rights activists hacked, and you accidentally said something counter to the interests of the Chinese government on the foolish assumption that your private emails were, in fact, private. In that case, then certainl
Skip the NY Times (Score:2, Informative)
2 unrelated events? (Score:2)
If you put both together, assuming that have the same source, could point to someone big enough to be backed by China gove
Please Define "China" (Score:2)
Even if it was a Chinese group (Score:2)
It doesn't mean that its the Chinese government...
Re: (Score:2)
Re: (Score:2)
I see you totally missed my point.
Isn't it obvious? They cut a deal! (Score:2)
I'm surprised that people aren't reaching for the most obvious explanation for this announcement of newly-weakened evidence. Isn't it obvious that it's a part of a deal that Google cut with China, in which it was agreed that tensions will be de-escalated in public?
Google is saying the equivalent of "Oh, did I call your mama a whore in front of the whole world? No, no, of course not! I was saying she was a HORRibly nice woman, but my phone was cutting out! I would never accuse your mama of pulling tricks for
It's not the chinese... (Score:2, Insightful)
I don't like China, and I think their government is insanely authoritarian. From Green Dam to pulling Avatar out of theaters to having no health standards on the toys they produce is only the beginning. I've heard so many bad things about the Chinese government I wouldn't even know where to begin. But it doesn't take a genius to realize China is NOT behind these attacks.
Let's look at the facts. First Google releases a statement saying they were attacked, and they think it was China, and as a result they
Re: (Score:2)
I've been reading this explanation in the chinese news sites, and have been waiting for someone to post it here, comrade.
Good luck with that. You'll need it.
Re: (Score:2)
Re: (Score:2)
I know right. Why should anyone worry about a country that loathes personal freedoms? They just want to be left alone after all. Poor old China, always getting the shaft.