Slashdot Mirror
Evidence Weakens That China Did the Recent Cyberattacks
click2005 notes an article in The Register calling into question the one piece of hard evidence that has been put forward to pin the Google cyberattacks on China. It was claimed that a CRC algorithm found in the Aurora attack code was particular to Chinese-language developers. Now evidence emerges that this algorithm has been widely known for years and used in English-language books and websites. Wired has a post introducing the Pentagon's recently initiated effort to identify the "digital DNA" of hackers and/or their tools; this program is part of a wide-ranging effort by the US government to find useful means of deterring cyberattacks. This latter NY Times article notes that Google may have found the best deterrence so far — the threat to withdraw its services from the Chinese market.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.
Emphasis mine. Nowhere is he talking about a CRC algorithm or even fingerprinting the attack to a particular country. Instead, the obvious question is simply this: Who else would hack one of the most successful companies in the world only to read the e-mails of Human Rights Activists in China? What possible gain could anyone else have from this information?
I'm not saying hard evidence has been provided one way or the other (I'm not even sure it could be proven one way or the other unless someone claims ownership) but the only evidence the accuser offered up was this. Not that the "algorithm was only known to Chinese" nor anything as simpleton.
My work here is dung.
This CRC-16 implementation seems to be virtually unknown outside of China, as shown by a Google search for one of the key variables, "crc_ta[16]". At the time of this writing, almost every page with meaningful content concerning the algorithm is Chinese:
Oh. My. God. I just reran the search and it's changed. The top results are in English! It's the British that are attacking Google! Wait, one of the links is to a Blogspot site. Sweet Jesus, the attacks are coming from inside Google's own employee base! But wait, if you click crc_ta[16] enough times then Slashdot will show up in the list. Meaning Slashdot is the attacker on Google!
Oh Great Britain, Slashdot and even Google themselves, why have you forsaken us?
Google's pageranking engine returns a good enough set of available crawable webpages. It does not indicate guilt or scan all of human knowledge. Using it as any sort of evidence in a huge international scandal is less than prudent.
My work here is dung.
We were using and describing digital DNA in the mid to late 80s although the terminology used was slightly different as we /stole/ the term FIST from ham radio to use for it. it's actually an interesting technique although we weren't that sophisticated as we only looked at command streams and lingustics to identify country of origin and style of attack and group M.O. rather than pin pointing the actual attacker.
It was actually used successfully in a few virus and trojan incidents and I stil have at least a partial copy of the NARK database I collated at the time.
So... Throwing this out there...
hypothetically could it have been the Human Rights groups in China?
Yes it would be an odd move as it could put themselves and their friends in quite a bit of danger, but it could also be high reward, if other countries fall for it and do something about it (if they could)
I know it's bad to think about the victim as possible being the one who set things up, but from time to time we need to at least explore the idea, or you will get played repeatedly.
Evidence weakens that Joe Stewart's analysis shows that the CRC algorithm used in the attack was developed by Chinese programmers.
As other folks have pointed out, this is NOT the basis of Google's or others' assessments that the attacks originated from within mainland China, and in no way does it weaken the evidence regarding the origin of the attack.
Why all the pro-China posts lately on Slashdot?
We getting astro-turfed by Red China?
They claimed, of course they didn't do it, and seem to never mention by name the laws that Google must abide by.
Screw them.
How do you say "Propaganda" in Chinese?
As someone who has been reverse engineering quite a bit of software recently, I can tell you that the assembly code from the attack and the Chinese version of the algorithm match completely. In other words, the output looks like exactly what an (optimizing) compiler would've produced given that source code. Note the operations performed inside the loop and the use of stack allocation for the table (and therefore the required initialization every time the function is called).
As far as I can see, none of the English versions are similar. Sure, they implement the same algorithm, but the chinese implementation matches the attack code, not just the algorithm,
our largest trading partner isnt secretly trying to destroy us.
how is it these "china is coming to kill us all through the tubes" articles make it to slashdot? they have no nerdworthy content. One may go so far as to simply claim its masturbatory whitewash more suited for the daily fare of Fox news.
to play devils advocate, yes the aurora code was fascinating reading and research, and this article was at least somewhat meritous if only to discredit the present aire of distrust and fear of china.
Good people go to bed earlier.
Did anybody notice the C code in the C language in the paper?
http://www.fjbmcu.com/chengxu/crcsuan.htm
function is called cal_crc
seems like C is the thing that hacker needs to speak... I mean, yeah, there're comments in Chinese, but I mean, com'on when was the last time you read code with comments that's NOT in Chinese??
Please stop finding and posting evidence contrary to my preconceived notions! Enough already. As it is I am trying to contain my cognitive dissonance and I can do without all these pesky counter evidence, thank you. Next you will ask me to believe that Microsoft is not 100% evil and Apple is not 100% cool and Google is not 100% non-Evil (tm).
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Google doesn't have to prove things beyond a reasonable doubt. More to the point they don't have to prove it beyond any and all doubt no matter what, which is the standard many geeks seem to use. Internally, they only have to prove it to their own satisfaction, which it would seem they've done.
How hard is that? Parse /var/log/secure, do a lookup and see where the attacks are coming from.
Wow. No Brazil today. That's odd.
We just don't know. It could be an attack by Chinese hackers. It could be a false flag operation by the CIA posing as Chinese hackers. It could be Russian hackers pretending to be the CIA posing as Chinese hackers. It could be an internal hack to give Google more leeway in China. It could be an internal hack to give Google an excuse to leave China. It could be a publicity stunt by human rights activists. No public announcement can be trusted if so much is at stake. The only people who will ever know for sure are the ones who did it.
This is what non-technical people don't get about computer networks: The only thing which matters is hard security. "This is forbidden" is not security. The intruders can be anywhere in the world and they can, if they're careful, avoid leaving traces. The only defense against that kind of threat is making intrusions as hard as possible. There is no meaningful legal defense. You can raise a diplomatic fuss, but it will not get you anything.
The smoking gun I'd heard about was the IP Addresses of the command servers, not this CRC algorithm.
While these machines could be rouge agents in the Chinese Gov't. infrastructure they're even less likely to admit a security compromise that than espionage.
Set aside the industrial espionage charges. Who benefits from the hacking of the activists' and journalists' accounts? The PRC and its enemies. The usual suspects like the Russian mob, Nigerians, etc. have little, if anything, to gain from this and certainly not enough to offset the harm that could happen if a company with Google's expertise brought scrutiny to them.
Android belongs to the Open Handset Alliance, and not Google.
What other nation or group has motivation for hacking into human rights organizations for Tibet and China? Who else would see that as a threat?
"If any question why we died, Tell them because our fathers lied."
if you search the following in google.com
'Aurora' code circulated for years on English sites
the first result shows 22 related articles, but if you follow the link, it returns nothing. i guess something is going on.
http://news.google.com/news/story?hl=en&client=firefox-a&rls=org.mozilla:en-US:official&q=%27Aurora%27+code+circulated+for+years+on+English+sites&um=1&ie=UTF-8&ncl=dq-hKpjDVjltfwM&ei=FUVfS-uyIpLf8Qb0v_CHDA&sa=X&oi=news_result&ct=more-results&resnum=1&ved=0CAgQqgIwAA
It was f'n China. The same fingerprint has been left all over US tech companies that DO point back to China. They got busted with their hands in the cookie jar and now will do anything to cover it up. Give us all a break you commie bastards.
Do you recall how unfair you thought it was when your third-grade teacher punished the entire class for the misbehavior of one student because she couldn't identify the perpetrator? That's exactly what Google is doing. It's not "deterrence" at all. At best it's indirect deterrence, since it doesn't affect hackers directly; what it affects is the entire Chinese "class" by withdrawing from its network and e-economy, hurting or diminishing the many in an attempt to change the behavior of just a few.
If you want to know if the hacks were done with Chinese government approval, watch and see who they put to death for it. As with the contaminated baby formula, China has a strong tradition of swift trials and swifter executions for those citizens who through unauthorized behavior embarrass them on the world stage. Strong enough that it makes them rather transparent when denying something they actually did do.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
As an FYI, skip the NYTimes version of this story, I have had 4 users walk in today with infected systems. It appears that NYTimes has pulled another screwup in security land http://news.cnet.com/8301-1009_3-10351460-83.html
Let's say the attack did originate in China, how many attacks originate in Russia, Brazil, hell how many originate in the good ole US of A?
I understand the argument that says "well it was Chinese Human Rights activists attacked" - but what about the recent Climate researcher email hack? Did everyone suddenly place blame on the U.S. as it really fought to slow down any sort of real climate agreements?
Maybe, I'm kind of new to this but were Chinese Human Rights activists even the only ones whose emails were hacked or do we have a number for emails hacked into and what percentage were actually Human rights activists?
I'm really skeptical about this as it seems as though its being blasted all over media outlets to try to persuade us about something. This is especially suspicious when you see what has been going on recently with U.S. China relations.
Sorry these things are starting to bug me, its cool for France and Britain to try to pass laws to keep Muslim women from wearing Burqas, but we are all up in arms when Chinese people are kept from watching American pr0n and advertisements.
Insanity.
While what you say is true to a point, it neglects what this trade *is*, and the fact that China is just barely below trade with Canada at this point, and will over take it real soon now.
Canada exports to the US (and to a greater level daily to China) mostly raw materials, not much different except in scale from some third world colonized nation. There are exceptions of course, they do manufacture cars and parts, etc, and some modern networking ear, etc, but by the numbers, petroleum exports top the list.
http://internationaltrade.suite101.com/article.cfm/canadas_top_exports_imports
Whereas on the other hand, China exports to the US almost completely value-added manufactured items, i.e. economic multipliers, things that build their internal economy to a greater degree than just raw resource exporting. Raw resources for export don't make the top ten list for them, and I doubt they want to do much of that, they would rather use the stuff they got themselves..along with everyone else's stuff they can get their hands on:
http://www.uschina.org/statistics/tradetable.html
Raw resource exports are a short range economic windfall,"fat city" type thing.. long range, sorry, an exploited colony is an exploited colony...
I'll settle for evidence of the in trusion. Consider this crazy far out alternative hypothesis:
1) Google needs content. Content is what drives clicks - and they are the masters at deriving profits from clicks. The censoring of Tianamen plus other juicy human rights issues limits the traffic that Google can drum up. Google needs growth to maintain its crazy stock price valuation.
2)How can Google get to use this censored content? How can Google find an excuse to drop the censorship-easy- claim they have been 'wronged' and position their action as a response. This way Google maintains the moral high ground AND opens up traffic.
Without any proof either way, we are victims of smoke blowers.
Aside from the particulars of this case, consider the following analogy- suppose you come across this intelligent population that has until now not seen the internet. The world is intensely curious about this new tribe living on an isolated island that has learned to do things without technology and whose members live to be 200 years old. (For argument's sake, let's call these people the Na'Vi). Google wants to put these people on the net so that the world's insatiatiable curiosity can be quenched (and google can derive billions of clicks on their ads in the process). Should Google be allowed to invade the space of the Na'Vi?
Mikono tepito cartelopo munaca tetasky jukiolli jutmoi deyiuma!!!! Ticate!!!
Isn't that a basic principal of communism?
Share the risk.
Don't know something? Look it up. Still don't know? Then ask.
No. All it shows is that the sort of behavior expected from such events is counterproductive.
Instead, act in favor of good and against evil without regard to how others act. The saying goes, (paraphrased) 'you can't play an honest man.'
If you put both together, assuming that have the same source, could point to someone big enough to be backed by China government, but if were unrelated could be "normal", as in one from hacking groups and other from people intruding in mass amounts of accounts or just "fans" of chinese politics (wonder how much westerns tried to hack or DoS i.e. irani sites when US government/media started to turn on the heat on them). Still could have been sponsored by the chinese government, just that aren't the only suspect there.
Well... since SOME people claim that communism is economic entropy, then by extension you're saying that it's a basic principle of entropy, and that the entire universe has to share the risk because of the few?
Nice.
Except that the scale of the attacks, the targets of the attacks, and the fact that they went on in a country that is fanatical about monitoring internet use, strongly suggests that the Chinese government either conducted or encouraged the attack. So it is reasonable for Google to hold the Chinese government responsible. Clearly Google's view is, "We try to cooperate with your unreasonable censorship rules, we expect you not to try to crack into our systems. You didn't hold up your end of the bargain, so the deal is off. If you don't like it, we'll take our ball and go home."
I was looking at some stuff about cosmic rays, and ionizing radiation (as a result of the article about the composite crew module test), and found the same graphic wired is using on a NASA page:
http://www.nasa.gov/centers/marshall/images/content/98985main_1025SR_m.jpg
They likely have far more pressing things on hand, like getting enough money to live off of.
Further, if they prove it can be done by disorganized, preoccupied rabble, then sooner or later they might get captured by Chinese government officials and forced to reveal their methods, at which point other "human rights groups in China" would do "copycat attacks", purely, of course, to try to pin the blame on China itself, who is "innocent".
You don't do an attack. You make an attack.
That description and justification is only true IFF the Chinese government was responsible or holding the purse strings. TFS and TFA suggest that this is perhaps not the case after all.
Google is perhaps justified in taking SOME kind of knee-jerk action to protect itself, temporarily at least, in the absence of knowing the real cause or source, but what's your justification? You have nothing to protect, do you? Are you protecting a blind faith in Google and by extension the rightness of its actions?
If when you say "China was responsible for the attacks" you are referring to the Chinese Government or persons acting at the direction or in the employ of the Chinese Government, I'd agree that's probably not the case. On the other hand if you are referring to persons based in China acting of their own volition in an attempt to show patriotism for their country possibly in return or with the expectation of favors from those in power then I think we can safely say "Yeah, that's them." It is all very convenient for the Chinese Government because they can sit back and truthfully say "We did not do these things." If anyone can ever really prove the source of these attacks, the Chinese Government can shake a finger at those responsible and say "Don't do that again." claiming they've done all they can to stop the rogue vandals.
"The ferrets, they're every where I tell you!"
It doesn't mean that its the Chinese government...
---- Booth was a patriot ----
Google is operating a website. I can reach it from France, I can reach Chinese websites too. The fact Chineses can't reach google.com from their connection has little to do with Google's policy.
The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
That's an odd question. Are you asserting that nobody should have opinions on topics such as political censorship, human rights, or the relationships between information-based corporations and governmental entities unless they have some kind of "justification" in the form of a personal interest to protect?
I'm surprised that people aren't reaching for the most obvious explanation for this announcement of newly-weakened evidence. Isn't it obvious that it's a part of a deal that Google cut with China, in which it was agreed that tensions will be de-escalated in public?
Google is saying the equivalent of "Oh, did I call your mama a whore in front of the whole world? No, no, of course not! I was saying she was a HORRibly nice woman, but my phone was cutting out! I would never accuse your mama of pulling tricks for a fiver! We're totally BFF's after all, right?"
We could do the same thing here too, if it weren't for that pesky "constitution" thing!
Actually, I kinda like the Chinese use of the death sentence for life-threatening corruption. Unfortunately, in this case the misbehavior doesn't appear to be life threatening. (Unless you're one of the human rights activists hacked, and you accidentally said something counter to the interests of the Chinese government on the foolish assumption that your private emails were, in fact, private. In that case, then certainly this hack could be life threatening.)
I've abandoned my search for truth; now I'm just looking for some useful delusions.
I don't like China, and I think their government is insanely authoritarian. From Green Dam to pulling Avatar out of theaters to having no health standards on the toys they produce is only the beginning. I've heard so many bad things about the Chinese government I wouldn't even know where to begin. But it doesn't take a genius to realize China is NOT behind these attacks.
Let's look at the facts. First Google releases a statement saying they were attacked, and they think it was China, and as a result they are going to remove search restrictions on Google china. Almost immediately following this Hillary Clinton demands that China explain themselves and Obama somehow diverts the issue of the attack into a case against how we all don't like Chinese govt internet policies...which is really a separate issue.
The fact is, if the Chinese gov't were to hack into Google, they wouldn't make it so damn obvious. Secondly, after suspicion is squarely put on China, and China vehemently denies it, there is a DDoS attack against those Chinese human rights organizations...for 16 hours. Ok...denial of service for 16 hours....what does this accomplish? There was no extortion. It accomplished absolutely nothing. That is, absolutely nothing beneficial for China. All it does is make China look even more guilty to the idiots who buy into this little hoax. But China is not so stupid. If they had been responsible, and caught, they would be trying to lay low...not exacerbate the situation! The only purpose that those DDoS attacks served was to further frame China and make people angry at them. It wasn't China.
I don't know who it was, but my gut tells me it was more likely the US looking for an excuse to further degrate US-China relations. Why would the US want to degrate US-China relations? I don't know, but maybe it has something to do with the trillions of dollars we owe China and have no way to pay back. Just saying...
This article and Google's claim remain unrelated.
As mentioned in the article: google has provided no concrete evidence it came from China.
They do not need to do so. Besides I'm sure that releasing their evidence would endanger national security... as they have got to be one of the greatest suppliers of intelligence (data) to the powers that be. They haven't said as much... but we all know.
It is highly likely that it came from China... that is not the dispute. The question is whether or not the operation was supported by the Chinese government. I mean the question is: was it a lone hacker? or the Chinese government?
I don't think the implementation of one algorithm over the other will tell us that.
Especially since the very observation and recognition of any algorithm would render that algorithm useless as a fingerprint to the initial location of the writing of the source code. ie: if one can find said algorithm during investigation and locate it somewhere in the world (online, book, etc)... then that algorithm is available from anywhere. QED.
IMO: this article offers no information about the true source/intent of the malware and related gmail attacks.
It does show how the concept of this article... of trying to find the location of written code using an implemented algorithm... is flawed.
fuck! I just saw "spys" in another topic.
Inconceivable
Like all pain, suffering is a signal that something isn't right
Internally, they only have to prove it to their own satisfaction, which it would seem they've done.
Proof is a powerful negotiating tool. Make the chinese government red-faced -- gives you leverage.
Like all pain, suffering is a signal that something isn't right
So I was quietly wondering if the Chinese used their "very privileged" access to Windows Source code to help find the Zero Day in IE. Is that what Balmer meant when he said he was interested in being part of the solution in China?
I never went to third grade, you insensitive clod.
Do you recall how unfair you thought it was when your third-grade teacher punished the entire class for the misbehavior of one student because she couldn't identify the perpetrator? That's exactly what Google is doing.
Not quite. In the classroom setting, the punished students all have the same amount of (no) power, and the teacher has the most.
So if this situation is a classroom, the Chinese government is the teacher (has all the power), the students are Chinese citizens (same amount of no power), and Google is the guest speaker who, while giving his career presentation, was pickpocketed by the teacher.
Your version presumes that the Chinese government is in fact responsible. What if it's not, as the summary and article say may be the case after all?
Until this latest fiasco, it has been unthinkable that a company would pull out of China. Companies have done so for human rights issues in the past (1990s), only to come back later in the decade. There's a general notion that foreign companies "need" China, and the Chinese government and Chinese people have become aware and arrogant of this fact. Most in China believe that Google is just doing what us Westerns know that the PRC does all the time -- blow off steam, make some noise, and continue business as usual.
There has been an increasing amount of articles in journals and newspapers discussing the possibility that though we have traditionally thought that we can't live without China, many businesses have starting to think that they can't live with China. Combined with its worsening human rights record, its worsening censorship, and its increasing disregard for anyone and anything but its own interests, the PRC government has been repeatedly sending the message that "play nice with us, no matter how much you dislike it, or you can't have a piece of our billion person pie". Google is sending the message that "you're pissing us off and we're thinking that it may no longer be worth it".
The point I'm trying to make, here, is that nobody has thought that a company would seriously consider pulling out of China since the 90s. The fact that Google is seriously considering leaving the country is groundbreaking, and it's something that companies all over the world are watching carefully. And for those that saying that it wouldn't matter to China if Google pulled out -- you're just being cynical. Google is no minor player in China. If their market share is actually 30%, as reported, that's more 115 million Chinese internet users, and that's better than Yahoo!, Bing, Ask, and AOL in the US combined.
I use Google and I like Google. But no company should be able or allowed to blackmail a country. Google has only been in China for 4 years - and if they dont like it than bai-bai.
There's a general notion that foreign companies "need" China
Maybe amongst your average American consumer, but the drones up in their glass towers don't think this way. If an extra dollar can be added to a golden parachute, directors will jump the Chinese bandwagon in a heartbeat and shift operations elsewhere. China know this so they keep the factory lines populated, and the wages stay in the dirt. Were this to change in any big way, companies would flee to the next impoverished over populated patch of ground looking to do it all again.
Companies like google are getting in early and waiting for the standard of living to rise so that they can eventually turn some decent profits - give it a couple of weeks, people will forget about this google thing and life goes on. Same as usual.
Some companies pulled out of China, but these were naught more than short lived dog and pony shows to earn an extra buck on the waves of good will and love that they produced. Only in the more affluent countries do people actually care about such things as human rights, just so long as they can care from a distance anyway.
Stop the marketingspeak already. Why is everything "DNA" these days ? Sleep DNA, colour DNA, digital DNA. I move we terminate all lifeforms containing too much stupid-DNA.
What a depressingly stupid machine.
If that's the case, then we'll need a car analogy.