Slashdot Mirror

← Back to Stories (view on slashdot.org)

Evidence Weakens That China Did the Recent Cyberattacks

Posted by kdawson on from the reasonable-doubt-abounds dept.

click2005 notes an article in The Register calling into question the one piece of hard evidence that has been put forward to pin the Google cyberattacks on China. It was claimed that a CRC algorithm found in the Aurora attack code was particular to Chinese-language developers. Now evidence emerges that this algorithm has been widely known for years and used in English-language books and websites. Wired has a post introducing the Pentagon's recently initiated effort to identify the "digital DNA" of hackers and/or their tools; this program is part of a wide-ranging effort by the US government to find useful means of deterring cyberattacks. This latter NY Times article notes that Google may have found the best deterrence so far — the threat to withdraw its services from the Chinese market.

4 of 197 comments (clear)

  1. digital DNA is years old by walkoff · · Score: 3, Informative

    We were using and describing digital DNA in the mid to late 80s although the terminology used was slightly different as we /stole/ the term FIST from ham radio to use for it. it's actually an interesting technique although we weren't that sophisticated as we only looked at command streams and lingustics to identify country of origin and style of attack and group M.O. rather than pin pointing the actual attacker. It was actually used successfully in a few virus and trojan incidents and I stil have at least a partial copy of the NARK database I collated at the time.

  2. Re:The Chinese code matches _exactly_ by the_povinator · · Score: 5, Informative
    To add to this: the analysis on the original "research blog" was also more specific than the register article. He said:

    By decompiling the algorithm and searching the Internet for source code with similar constants, operations and a 16-value CRC table size, I was able to locate one instance of source code that fully matched the structural code implementation in Hydraq and also produced the same output when given the same input

    The Register people seem to have accepted similarity in code, without going to the trouble of checking the outputs.

    --
    The .sig is dead, and I believe I had a hand in killing it.
  3. Re:F-China by chiguy · · Score: 3, Informative

    Why all the pro-China posts lately on Slashdot?

    I've noticed this too. I try to be objective about Chinese and American relations. We're definitely frienemies, but lately I've noticed subtle push-back from the pro-China folks.

    Like my comment in a previous post got modded to +4 insightful but then ended back down to +2:


    Google should also check where all their laptops were manufactured. And make sure each BIOS is clean.

    There's a battle going on on /.

    --
    passetspike!
  4. Skip the NY Times by Kylere · · Score: 2, Informative

    As an FYI, skip the NYTimes version of this story, I have had 4 users walk in today with infected systems. It appears that NYTimes has pulled another screwup in security land http://news.cnet.com/8301-1009_3-10351460-83.html