Slashdot Mirror
Evidence Weakens That China Did the Recent Cyberattacks
click2005 notes an article in The Register calling into question the one piece of hard evidence that has been put forward to pin the Google cyberattacks on China. It was claimed that a CRC algorithm found in the Aurora attack code was particular to Chinese-language developers. Now evidence emerges that this algorithm has been widely known for years and used in English-language books and websites. Wired has a post introducing the Pentagon's recently initiated effort to identify the "digital DNA" of hackers and/or their tools; this program is part of a wide-ranging effort by the US government to find useful means of deterring cyberattacks. This latter NY Times article notes that Google may have found the best deterrence so far — the threat to withdraw its services from the Chinese market.
So... Throwing this out there...
hypothetically could it have been the Human Rights groups in China?
Yes it would be an odd move as it could put themselves and their friends in quite a bit of danger, but it could also be high reward, if other countries fall for it and do something about it (if they could)
I know it's bad to think about the victim as possible being the one who set things up, but from time to time we need to at least explore the idea, or you will get played repeatedly.
As someone who has been reverse engineering quite a bit of software recently, I can tell you that the assembly code from the attack and the Chinese version of the algorithm match completely. In other words, the output looks like exactly what an (optimizing) compiler would've produced given that source code. Note the operations performed inside the loop and the use of stack allocation for the table (and therefore the required initialization every time the function is called).
As far as I can see, none of the English versions are similar. Sure, they implement the same algorithm, but the chinese implementation matches the attack code, not just the algorithm,