Slashdot Mirror

← Back to Stories (view on slashdot.org)

Evidence Weakens That China Did the Recent Cyberattacks

Posted by kdawson on from the reasonable-doubt-abounds dept.

click2005 notes an article in The Register calling into question the one piece of hard evidence that has been put forward to pin the Google cyberattacks on China. It was claimed that a CRC algorithm found in the Aurora attack code was particular to Chinese-language developers. Now evidence emerges that this algorithm has been widely known for years and used in English-language books and websites. Wired has a post introducing the Pentagon's recently initiated effort to identify the "digital DNA" of hackers and/or their tools; this program is part of a wide-ranging effort by the US government to find useful means of deterring cyberattacks. This latter NY Times article notes that Google may have found the best deterrence so far — the threat to withdraw its services from the Chinese market.

10 of 197 comments (clear)

  1. Don't Be Foolish by eldavojohn · · Score: 5, Insightful
    Let's check out the official Google word from the official legal chief officer of Google:

    Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.

    Emphasis mine. Nowhere is he talking about a CRC algorithm or even fingerprinting the attack to a particular country. Instead, the obvious question is simply this: Who else would hack one of the most successful companies in the world only to read the e-mails of Human Rights Activists in China? What possible gain could anyone else have from this information?

    I'm not saying hard evidence has been provided one way or the other (I'm not even sure it could be proven one way or the other unless someone claims ownership) but the only evidence the accuser offered up was this. Not that the "algorithm was only known to Chinese" nor anything as simpleton.

    --
    My work here is dung.
    1. Re:Don't Be Foolish by TheKidWho · · Score: 5, Insightful

      Someone who is trying to discredit China?

    2. Re:Don't Be Foolish by DeltaQH · · Score: 5, Funny

      Someone trying to say that someone is trying to discredit China?

    3. Re:Don't Be Foolish by lewp · · Score: 5, Funny

      Politics does have a tendency to produce gang-bangs.

      Go to school for Computer Science, they said... Get a good job, they said...

      --
      Game... blouses.
  2. Xenogooglia Run Amok by eldavojohn · · Score: 5, Funny

    This CRC-16 implementation seems to be virtually unknown outside of China, as shown by a Google search for one of the key variables, "crc_ta[16]". At the time of this writing, almost every page with meaningful content concerning the algorithm is Chinese:

    Oh. My. God. I just reran the search and it's changed. The top results are in English! It's the British that are attacking Google! Wait, one of the links is to a Blogspot site. Sweet Jesus, the attacks are coming from inside Google's own employee base! But wait, if you click crc_ta[16] enough times then Slashdot will show up in the list. Meaning Slashdot is the attacker on Google!

    Oh Great Britain, Slashdot and even Google themselves, why have you forsaken us?

    Google's pageranking engine returns a good enough set of available crawable webpages. It does not indicate guilt or scan all of human knowledge. Using it as any sort of evidence in a huge international scandal is less than prudent.

    --
    My work here is dung.
  3. Let's Be Foolish by weszz · · Score: 5, Interesting

    So... Throwing this out there...

      hypothetically could it have been the Human Rights groups in China?

    Yes it would be an odd move as it could put themselves and their friends in quite a bit of danger, but it could also be high reward, if other countries fall for it and do something about it (if they could)

    I know it's bad to think about the victim as possible being the one who set things up, but from time to time we need to at least explore the idea, or you will get played repeatedly.

  4. The Chinese code matches _exactly_ by marcansoft · · Score: 5, Interesting

    As someone who has been reverse engineering quite a bit of software recently, I can tell you that the assembly code from the attack and the Chinese version of the algorithm match completely. In other words, the output looks like exactly what an (optimizing) compiler would've produced given that source code. Note the operations performed inside the loop and the use of stack allocation for the table (and therefore the required initialization every time the function is called).

    As far as I can see, none of the English versions are similar. Sure, they implement the same algorithm, but the chinese implementation matches the attack code, not just the algorithm,

    1. Re:The Chinese code matches _exactly_ by the_povinator · · Score: 5, Informative
      To add to this: the analysis on the original "research blog" was also more specific than the register article. He said:

      By decompiling the algorithm and searching the Internet for source code with similar constants, operations and a 16-value CRC table size, I was able to locate one instance of source code that fully matched the structural code implementation in Hydraq and also produced the same output when given the same input

      The Register people seem to have accepted similarity in code, without going to the trouble of checking the outputs.

      --
      The .sig is dead, and I believe I had a hand in killing it.
  5. This isn't a court of law by Sycraft-fu · · Score: 5, Insightful

    Google doesn't have to prove things beyond a reasonable doubt. More to the point they don't have to prove it beyond any and all doubt no matter what, which is the standard many geeks seem to use. Internally, they only have to prove it to their own satisfaction, which it would seem they've done.

  6. Re:F-China by newcastlejon · · Score: 5, Funny

    How do you say "Propaganda" in Chinese?

    Quietly.

    --
    If God forks the Universe every time you roll a die, he'd better have a damned good memory.