Slashdot Mirror
Experts Closing In On Google Attack Coders
ancientribe writes "The targeted attacks out of China that hit Google, Adobe, and other US organizations are still ongoing and have affected many more companies than the original 20 to 30 reported. Security experts now say they are getting closer to identifying the author or authors of the malware used to breach Google and other organizations."
Why on earth would I download and run the "inoculation" removal software from some unknown company? It might actually be installing more crap! Why not just give us a shell script if it's just wmi calls?
Results 1 to 10 of 5,000,000,000 for "google wannabe hackers".
...
1. Some Script Kiddie
2. Wannabe h4xx0r
The Kai's Semi-Updated Website Thingy
Sounds to me like you're the propaganda machine here. There is nothing new or shocking about U.S. export laws preventing companies like google from offering certain types of services or software to certain countries.
As soon as the United States identifies the culprits in China...wow are they in trouble.
Weaselmancer
rediculous.
Apparently you're too stupid to read the article YOU linked. They are not permitted to allow countries like Syria and Iran to download their apps to comply with US law. Given that they're a US based company, what the fuck do you expect them to do?
You need to work a lot harder than that to prove propaganda.
Are agnostics skeptical of unicorns too?
The thing is, you really don't. It'll be right around that obvious. He's just wrong, plain and simple.
The US media, however, is eager to twist the story.
It would seem not, as you linked to PBS, a news outlet funded by the U.S. Government. LOL
Currently hooked on AMP
Yes, not outright offering Syrians and Iranians their browser, while leaving plenty ways they can still get chrome, and citing sanctions against those countries as the reason is CLEARLY a "propaganda partnership." I mean google has so much to gain by playing along with this massive international conspiracy. So very much. After all, if a resident of Syria were able to use google chrome, the Combine would be unable to stop Gordon Freeman, which is also Google's sworn enemy.
Matter of fact, -I- haven't offered Syrians OR Iranians anything free lately. I guess I'm part of the propaganda machine...
Do you really expect that they would say anything else? "Sorry guys, this one has us stumped, we've no idea who did it." There are 15 paragraphs in TFA, and they've used them to not say a damned thing. Why did they even put this press release out?
*runs*
...One finds them self hungry again in an hour.
Ah, I'm worng. Again.
The largest prime factor of my UID is 263267.
On behalf of myself, I can say that this is retaliation.
I failed to do enough research. Is there a way I can delete the parent post?
The largest prime factor of my UID is 263267.
> Google is a propaganda partner of US.
First, get out of that sh...hole, then get some education, then we'll talk propaganda.
I understand false beliefs - we all have a few, but lack of basic logic in people's thinking in this day and age is just astonishing.
Probably a Kuang Grade Mark Eleven. Big mother.
Hoglund says HBGary was able to identify "markers" specific to the way the Aurora developer wrote the malware. But he says his firm did not include this in its new report. "This is not in the report because we don't want him to know what we know about his coding," he says. "[It] is algorithmic in nature."
Hah riiiight. So just give out hints in the press release? More like, "we don't want to share this information cause it's profitable."
that's teh shizzle bizzle
Dude, I posted a flamebait based on a half-baked article because of my prejudice against media. It doesn't matter if I was correct. I'd advise you to do enough research and collect enough evidence.
The largest prime factor of my UID is 263267.
Hey, I'm prejudiced against media and I made a mistake. Let's leave it at that.
The largest prime factor of my UID is 263267.
Uh, PBS is a non-profit funded by people that watch it, not the government. It has no political ties nor does it use adverts to fund itself.
Yes, obeying US export restrictions is propaganda.
They should just ignore them and go to prison so you feel better in your paranoid world.
About 80 percent of APT attacks use custom malware, Mandia says. "We recently took over 1,800 programs we've collected since 2008 that are all part of APT ... and ran it through AV, and only 24 percent of the malware triggered antivirus," he says. "Over a year ago, none of it was triggering AV."
Signature-based anti-virus scanning isn't going to help. That model is broken and only useful for the "AOL mindset" of the general public. That is, the people who go "ohhhh, SHINY. [click]" and get infected by year-old malware.
Serious pressure on software vendors to make sure their app doesn't need admin rights to run on a Windows box would be a nice step.
Learning HOW to think is more important than learning WHAT to think.
Syria is not being looked at on this forum. Google is doing some funky stuff that even makes me feel wierd.
We look at different things.
I'm here for the experience, not the Hyperbole.
So shouldn't they go get the Exemption Firefox got, or replace their crypto code with Firefox's code?
Or (since Chrome is Windows-only)... use the CSPs in Windows for crypto operations, instead of shipping crypto code with their browser..
Sorry, the US Law excuse doesn't really hold water here.
On the other hand you just made one of the best -1 flamebait threads for all time. If I had mod points I would have read all this and modded it +1 funny.
Money is the root of all evil?
Why should they bother with the hassle of getting an exemption? More importantly, how does the fact that they do not have an exemption make them part of some government propaganda machine?
Oh, and Chrome runs on Linux and OS-X. Not sure where you get the notion that it's Windows only.
The only thing that doesn't hold water here is your argument.
Are agnostics skeptical of unicorns too?
pbs (and npr) is increasingly funded by corporate underwriting. i would certainly consider the pbs underwriting system to be paid advertising. in addition to corporate funding, pbs is brought to you in part by the corporation for public broadcasting, which is indeed federally funded
Well that didn't last long. Nothing worked anymore.
To get my box back, I had to both make my Program Files folder writable, and I had to give my "Mike" account administrative priveliges.
That's just plain wrong.
Request your free CD of my piano music.
But these damn Chinese names all sound the same to a westener's ear.
Ya know that old joke, how do you choose the name for your Chinese child? Drop a silver spoon on a piece of Jade and the sound created is the name.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Is there a way (to) delete (a Slashdot) post?
That depends. Is your name Xenu?
Firefox exceptions apply because their (source) code is freely available for download (and so impossible to control). Google doesn't have this excuse especially for their services or even software which are generally used with an ongoing connection to their servers (where they can easily use geo-location to pick on particular Iranian IP addresses). The situation is not comparable.
The crypto code from FireFox would probably be sufficient to make google's software a controlled item if it was integrated to their proprietary software.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Ah, I'm worng. Again.
And again as well. ;P
Just ain't your day is it?
Just to be a little clearer about the grandparent's points about chrome. Google could probably get a similar exception for Chromium to the firefox one and still have to export control Chrome. The use of Windows crypto functions also won't help since software which uses crypt functions is just as much controlled as software which implements them.
Controls on use of crypt (as well as implementations) actually kind of make sense. a) it's very easy to mess up a use and use a secure crypto function insecurely b) the actual value of a crypto function is in your use of it. In terms of the crazy world of crypto embargos, a typical wish would be to allow the Iranians to do cryptographic signatures, but not to encrypt. However, it can be shown that any signature algorithm can be used to encrypt (well actually hash algorithm). This means that the only control that could possibly be effective is on delivery of software, not delivery of algorithms.
Of course none of the embargo stuff actually is very effective since there are plenty of people (e.g. China) who are more than happy to treat unilateral US embargoes as a business opportunity.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
Google is just as unable to control export as Firefox is.
IP-based "Geolocation" is completely ineffective. Anyone from a "banned" country can simply establish communications through a VPN service, proxy system, or onion router system such as TOR
And banned persons are impossible to detect without requiring every downloader somehow prove their identity, which is impossible without using strong encryption...
I'm guessing the "hacker" responsible listed their name in the comment header. /*
* goofle -- program exploits vulnerabilities @ google.
*
* Author: Johnson "the tiger" Zhang
*
* Purpose: Repress dissidents and hack pron site passwords.
*
* Usage: goofle --help
*
*/
#include ...
Yeah I know comments don't make it through compilation.
Best. First Post. Ever.
Since when does being a Socialist mean 'someone who has a different opinion than me'?
In retaliation to the investigations and accusations, BAE Uk got a massive attack wave this weekend, much larger than anything Google saw. All the attacks came from proxys, but deeper probes showed all the traffic was from china.
BAE had all their systems crippled and apprently had shut the whole network down(we are talking about thousand upon thousands of machines), reset all passwords and wipe a lot of boxes. You wont hear this in the news though. It would be seriously bad for business if the US and Uk governments got wind of it.
China* wont go down without a fight.
*whoever is organising it.
*Chromium* runs on Linux. Chrome doesn't exist for Linux.
You guys are chasing a red herring. Everyone knows that google is a propaganda machine. It's the only thing they sell.
If I want to invent a cologne that smells like hippos and spend a bunch of money on a propaganda campaign to make you all think it will get you a promotion and a girlfriend who looks like a supermodel, the folks at google won't tell me that propaganda is evil and they don't do that sort of thing. They will refer me to the sales department.
Of course google are doing propaganda for the US government. Who else would the US government hire?
-1 Uncomfortable Truth
... everyone knows who did it. It was the CaoNiMa, or the grass-mud horses as you may know them. I really hate those mother f@#$%&s.
f I want to invent a cologne that smells like hippos and spend a bunch of money on a propaganda campaign to make you all think it will get you a promotion and a girlfriend who looks like a supermodel, the folks at google won't tell me that propaganda is evil and they don't do that sort of thing. They will refer me to the sales department.
Quick - snailmail me some of that shit! You can't possibly have smoked it all.
You sir/madam/it, are the King/Queen/What-e-ver Of Arseclowns!
*Chromium* runs on Linux. Chrome doesn't exist for Linux.
http://www.google.com/chrome?platform=linux Seems official Chrome to me (at least is what the package says).
Google is just as unable to control export as Firefox is.
almost.
And banned persons are impossible to detect without requiring every downloader somehow prove their identity, which is impossible without using strong encryption...
But in this case google has no reason to believe and no way to discover that they are dealing with a banned person so they are pretty much in the clear. You can get done for deliberately dealing with a banned person. You can get done for not taking care to avoid dealing with banned people. You can't get done for dealing with a banned person when you believed and had some reason to believe that you were not dealing with a banned person.
I'd even say that this example is almost reasonable. A private person in a banned country could still get to chromium. However a big international corporation would probably find these rules a complete pain since they would clash with all sorts of other internal security rules.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
I can only imagine two outcomes to this: the perpetrators are found, and are found to be _not_ (in the pockets of) the Chinese government, and they are found precisely because of this: I mean, we're talking about *Google*, the *US* and *China* man ! To hell with ordinary malware creators and spamhouses that no law enforcement ever seems to be able to nail, this is important !
Or, they are (suspected to be) still of the Chinese government, in which case it likely dead-end somewhere.
Both outcomes would make me kind of cynical, but that's just me.
Religion is what happens when nature strikes and groupthink goes wrong.
What I meant was that I didn't permit regular users to write into Program Files. My problem was that quite a few of the applications I had installed expected to be able to write into their own installation folders. Even Microsoft is an offender - one has to be an Administrator to run the Visual Studio debugger. I don't see why that should be necessary, unless one is debugging a Service. If one is debugging a non-Administrative executable, Administrative priveliges shouldn't be necessary at all.
Request your free CD of my piano music.
Some states do use secret "Echelon" system to break into private and other states' communication systems. Yes, supposedly and by a self-proclamation these are the "good guys".
Is it a feasible international framework that if one feels himself to be a "good guy" he can eavesdrop on electronic systems? But if he looks like a bad guy, speaks in some exotic ethnic language, then it is a condemnable behavior.
But to Chinese and other Asian people we look like strange exotic humans. There is even a word for European-like people in Asia - "long-noses". And when one lives there it feels exactly this: being a "long nose" among normal people.
So they know that good guys eavesdrop on them with an "Echelon" and keep silence philosophically, but when they try to get some info via eavesdropping a commercial company "Google", it causes a global panic. Or do I get it wrongly?
Maybe it makes sense to lead by an example?
system("wget http://www.google.com/search?q=google");
Security experts now say they are getting closer to identifying the author or authors of the malware
Translated: They now have narrowed the list down to a hand full of people, and will soon decide who will be the best scapegoat. ;)
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Hm. That must be very new then.
You can call anyone a "propaganda machine" if you get to define "propaganda" to suit your case.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
forget the authors, who paid them?
Hm, no. It reads "It's free and installs in seconds For Windows XP, Vista, and 7" and links to platform=win
The fact that you had to dig to learn that shows that they are not proud of that source of funding.
Currently hooked on AMP
We have to find the villains who did this nefarious thing. Otherwise, we'd lack scapegoats and would have it admit to ourselves that:
- Adobe didn't learn a single damn lesson from Microsoft's Word Macro Virus debacles as to why allowing code to be embedded in what most users consider to be a static, non-code executing document is such a bad thing.
- A business that supposedly hires the Best And The Brightest and discards applicants due to bad SAT scores 15 years ago got pwned.
- Businesses were too dumb and shortsighted to update their browsers to something less obsolete and pay for a standard's compliant redesign of their web applications.
- That most of these massive attacks are caused by script kiddies in China trying to impress girls by exploiting corporate stupidity, as opposed to Neo's elite evil twin.
Are you by any chance accessing the site using Windows? Hmm maybe Google did this little thing called a user agent lookup and perhaps to make it easier for their users, they have it automatically hit the site compatible with the accessing OS. You sir are a moron.
You can call anyone a "propaganda machine" if you get to define "propaganda" to suit your case.
You're right. Lets look at the wikipedia entry:
Propaganda
From Wikipedia, the free encyclopedia
For other uses, see Propaganda (disambiguation).
Propaganda is a form of communication aimed at influencing the attitude of a community toward some cause or position. As opposed to impartially providing information, propaganda in its most basic sense, presents information primarily to influence an audience. Propaganda often presents facts selectively (thus possibly lying by omission) to encourage a particular synthesis, or uses loaded messages to produce an emotional rather than rational response to the information presented. The desired result is a change of the attitude toward the subject in the target audience to further a political agenda.
Propaganda is neutrally defined as a systematic form of purposeful persuasion that attempts to influence the emotions, attitudes, opinions, and actions of specified target audiences for ideological, political or commercial purposes through the controlled transmission of one-sided messages (which may or may not be factual) via mass and direct media channels." --Richard Alan Nelson, A Chronology and Glossary of Propaganda in the United States, 1996
So, you don't think Google, the worlds largest advertising company, meets this definition? Why?
-1 Uncomfortable Truth
i didn't dig at all. they (proudly or not) announce their funding from corporate underwriting, the cpb, and viewers like you at the beginning and end of every program
i don't know if it was your intention or not to insinuate that if a media outlet weren't proud of a funding source, that the funding source wouldn't influence the media outlet's reporting. but in any case i would have to disagree. for every story, the reporter would have to consider whether a source of funds will get upset by the story and withdraw financial support for the media outlet. this is especially the case for organizations like pbs which require such funds to maintain day-to-day operations. this choice that must be made, a balancing act between reporting the news as it happened and appeasing funders, compromises journalism
No, I wasn't insinuating what you talked about, never would have considered it. :-) I'm just pointing out that instead of saying "We are funded with tax dollars" they say "from the corporation for public broadcasting." Things like that are never an accident. I don't know why they hide it, but clearly they do.
Currently hooked on AMP
Correction. The Linux version does exist since Feb 4th, though one would wonder why that URL ending with "?platform=linux" redirects to the Windows download (even if you're running Windows). And AC's love for me is reciprocal.
Propaganda is a form of communication aimed at influencing the attitude of a community toward some cause or position
OK, if we define propaganda that way, that includes influencing the community towards a position it is in their interest to take using entirely truthful and honest means.
It is intellectually dishonest to try to trick somebody into condemning something by using an emotionally loaded term in an emotionally neutral sense. You should make clear that your version of propaganda includes MLK's "I have a dream" speech, and the surgeon general's report linking cigarettes with cancer. You ought to make it clear that your position is that literally anything that is intended to persuade people is morally reprehensible.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Viva OpenBSD
[1] http://www.openbsd.org/crypto.html
quite back in the early 80's I took deliver of a plug compatable 300 MB drive fro our prime and that had paperwork attached that said we wernt to export this to list of countries. This has been going on I would imagine since at least WW2
OK, if we define propaganda that way, that includes influencing the community towards a position it is in their interest to take using entirely truthful and honest means.
It is intellectually dishonest to try to trick somebody into condemning something by using an emotionally loaded term in an emotionally neutral sense. You should make clear that your version of propaganda includes MLK's "I have a dream" speech, and the surgeon general's report linking cigarettes with cancer. You ought to make it clear that your position is that literally anything that is intended to persuade people is morally reprehensible.
This is not some little intellectual exercise where we pretend for a little while that this is what propaganda means. I did not invent this definition, and I am not being intellectually dishonest. Any communication that occurs across a one way medium and is intended to create a pre-determined modification in the attitudes and actions is propaganda. That is what the word symbolizes.
Technically, I didn't say that all propaganda is morally reprehensible. I said Google are in the business of selling propaganda. However, since you brought it up, I do believe that propaganda is morally reprehensible. My justification for this position is that people who reach conclusions without being critical of the presuppositions that led to that conclusion are insane, a danger to themselves, a danger to others, and in an ongoing state of frustration, internal conflict and suffering. Propaganda is intended to induce and preserve this state of existence, and in my opinion, that makes it worse than murder.
After that display of doublethink, you might want to critically examine your own preconceptions. You throw out some examples of propaganda that in your mind are so obviously "good" to you that, in your mind, they refute my position. A great many people felt the same way about the climate change issue. Except, of course, that they misinformed the entire planet...
-1 Uncomfortable Truth
So let's be clear: Thomas Paine's "The Rights of Man" was in your view reprehensible. Or the Federalist Papers. Or "Atlas Shrugged" if you prefe. All of them reprehensible.
By the way, recognizing that human language is full of ambiguous constructs like metonymy and polysemy isn't double-think. That's just an unfortunate fact of life. Cynically exploiting those bugs in language to make an emotionally loaded argument *is*.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Yes, all of them are reprehensible.
Your position is really quite ironic. You accuse me of cynically exploiting bugs in language to make an emotionally loaded argument. Yet you have attempted to re-define words during this dialogue in an effort to avoid conceding that you were mistaken. You pull out propaganda pieces as examples. I will go out on a limb and presume that you like these particular propaganda pieces. They are definitely very popular in certain regions.
On a personal note, I would be more emotionally moved if you had referred to Thomas Spence's "The Real Rights of Man", or Peter Kropotkin's "The Conquest of Bread".
Perhaps you are not really engaged in a two way dialogue with me, but your intent is to use slashdot as a one way communication medium, and you are attempting to elicit an emotional response from other people who like these examples so they will not consider my statements too closely. Debates are often like that, aren't they?
-1 Uncomfortable Truth
It was Col. Mustard, in the Dining room, with a Candle Stick.
Harrison's Postulate - "For every action there is an equal and opposite criticism"
Seems like a good reason to increase the defense budget for more cyber security.
More money spent, more jobs, and a safer America to boot!
Wonder who the lucky company is that will get the contracts?
On a personal note, I would be more emotionally moved if you had referred to Thomas Spence's "The Real Rights of Man", or Peter Kropotkin's "The Conquest of Bread".
How is that not double-think?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
What are you some kind of terrorist? The US is bad ass. We're seconds away from Usama Bin Laden (he'll be pwn3d very soon) and these small fry hackers will be caught easily by our government's most inexperienced hackers. In fact they'll probably give it to a high school class a project.
It is not doublethink. I am no less vulnerable to propaganda than anyone else.
Every time someone comes up to me all excited about something and I say to them "Thrill a Bite" in the exact same tone as those old commercials, and the image of that fat dude with the hot sauce pops into my head while some guy is cooking bacon naked or some shit, I think to myself, I cut the cable almost half a decade ago, will this inane shit ever stop polluting my head space? And the answer is, no, it won't. It's no different from any of my other scars.
Ayn Rand in particular fucked me up quite a lot. On the one hand, you can't help but feel compassion for Howard Roarks desire to be a creator. On the other hand, his megalomaniacal insistence that all the world should be available for him to use as raw materials, even the refined creations of other men, yet nothing he has touched should ever be available for others to use as raw materials, but should stand eternal and unchanging as a testament to him for as long as he sees fit, which is his entire life. He is the antithesis of the creator, because what he represents is the end of raw materials for all creators everywhere backed up by force of violence. His desire is not to be "a creator", but to be "the last creator".
It took me years of deconstruction to realize just how vicious and devious that woman was and just how badly it screwed me up reading her work at the age of 14 when I had no experience to pit against her manipulations.
-1 Uncomfortable Truth
But by your definition "propaganda" is not necessarily some thing one is vulnerable to.
I can try to persuade you to a position using entirely rational and supported arguments, motivated by the identification of some mutual, shared interest we have in your taking that position. If we use propaganda the way you propose to use it, that would be propaganda, so long as my attempt at rational persuasion wasn't targeted at one individual.
Why would that be reprehensible?
Dictionaries -- at least cheap ones -- aren't an adequate guide to word usage. In a case like this we can each hunt around until we find a definition that suits our rhetorical purpose. For example, the Oxford Compact Dictionary defines propaganda thus:
information, especially of a biased or misleading nature, used to promote a political cause or point of view.
Now this suits me if I want to absolve Google of being a propagandist, because we aren't talking about political causes or points of view. But that's really a silly debate to be having. I emphasized "especially of a misleading nature" because even the OED has to deal with the issue of the usual sense of the word not being universal. That's the way words are. They aren't perfect instruments.
What I'm really interested in is the argument that any attempts at mass persuasion are ipso facto reprehensible. Your experience with Ayn Rand shed intriguing light on that question. I do not think attempts at persuasion are so injurious to a healthy, inquiring skeptical mind. The answer as you obviously know is to get out into the world and see for yourself, not to become too emotionally attached to some artificial paradigm somebody has constructed in some hermetically sealed, postulated world. Leaving aside trivial instances, every attempt at persuasion will necessarily contain some error, but often something of value which you can use to expand your understanding of the world ... once you've tested it adequately.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Everyone knows what the CPB is. You're being deliberately obtuse to stoke some sort of rightwing fear mongering. Next you'll be telling me that banks are hiding that fact that they're insured by the federal government because they says they're insured by the Federal Deposit Insurance Corporation.
And don't even try to say that because the name contains the word "federal," that shows that it's a government owned corporation, unless you're willing to make the same assertion about Federal Express.
Currently hooked on AMP
Nothing like a crude attempt neuro-linguistic programming to deceive others while hypocritically calling yourself "authentic."
Here's the secret to women. Are you ready for it?
Wait for it.
There is no secret.
When you grok that, then you're ready. Hell, watch Kung-Fu Panda if you're still confused.
You are so naive and ignorant thinking the USA is all powerful.
You don't understand sarcasm do you?
Ayn Rand didn't fuck you up at all. You fucked yourself, and you're blaming Rand for being the dildo you chose.