January 19, 2010 4:00 PM PST

Evidence found of Chinese attack on Google

A malware specialist with SecureWorks said he determined the main program used in the attack contained a module based on an unusual algorithm from a Chinese-authored technical paper.
(From The New York Times)

The story "Evidence found of Chinese attack on Google" published January 19, 2010 at 4:00 PM is no longer available on CNET News.

Content from The New York Times expires after 7 days.

43 comments

Join the conversation!
Add your comment
A little problem here. If the algorithm is so unique to Chinese hackers, how did Mr. Stewart get to know about it? Is he Chinese? Don?t tell me he is the only expert outside China knows about it. This piece ?evidence? holds no water.
Posted by ps3coder (3 comments )
Reply Link Flag
Probably did a Google search for the code and found that it was only on Chinese sites.
The code wasn't in Chinese obviously.
Posted by t8 (3716 comments )
Link Flag
My point is, if Mr. Steward in USA knows a lot about the code and its function, hackers outside China may have the same knowledge and make use of it. How in hell can he conclude only Chinese can use it. This sounds funny to me.
Posted by ps3coder (3 comments )
Link Flag
the thing sounds funny to me is not from the article but from your reply. I didn't find anywhere in the article that implies "ONLY Chinese can use it". The article clearly states: "He acknowledged that he could not completely rule out the possibility that the clue had been placed in the program intentionally by programmers from another government intent on framing the Chinese". His conclusion was just about possibility that some explanation has higher probability than others and that's it. Nothing more and nothing less. It sounds reasonable to me at least.
Posted by knightvn (3 comments )
Link Flag
@ps3coder, I agree with you completely. This article contains a huge logical fallacy, that 'it was only on Chinese language websites' has any importance at all.

"Chinese" is not a secret. It's a language anyone can learn, and if you group all the dialects of Chinese as one language, then well over 1 billion people speak this language.

And anyone on earth, anyone on earth, I repeat for emphasis, is allowed to learn the language.

Having learned Russian, I say I have been amused by this logical fallacy on many occasion. I remember one author of an article said such-an-such was "buried" on Russian language websites and forums.

Strange, I found the info he was referring to in seconds, it couldn't have been more open, widespread, and generally known....

The world is bigger than the English world alone.
Posted by rdupuy11 (908 comments )
Link Flag
@ps3coder, The meaning of Occam's Razor is that the simplest solution to a problem is usually correct. In this case, pretty much all the evidence is pointing at the Chinese. They will have some level of deniability regardless of the evidence, but at this point, the most likely solution and the one that makes the most sense is that they did it. Again, evidence is not proof. There is no proof they did this, it's just more likely than other possibilities.
Posted by nafhan (360 comments )
Link Flag
About google search of code: They need to have the source code of the malware to do search. If the code is written in C++, there is no way to get the source code from the compiled binary. Only the hacker has the source code. This security research will be able to do source code search if he is the hacker.
Posted by fc11 (48 comments )
Link Flag
It's not one single thing that points to the Chinese gov't. It's not that this code was published on Chinese site, it's the combination of that's where the code was published, the accounts that were hacked were Chinese civil rights activists. The servers in the command and control network led back to computers in China eventually, the first line of servers the trojans pointed to, were hacked boxes in the US. There have been several articles giving small bits of info on this. When you add them up, you get one glaringly obvious conclusion.
Posted by bemenaker (438 comments )
Link Flag
Knightvn, I would have no problem if the title ?Chinese algorithm found in attack on Google?. For an evidence, we need something stronger than ?XXX has higher probability than YYY?. Even the probability claim is questionable. If the algorithm is published online, it is actually open to hackers world wide. Can not figure out the meanings because it is authored in Chinese? No problem, try Google Translation (ironically). I am not saying Mr. Steward?s finding is nothing. All I am saying is NY Times and himself did a lousy job of presenting this finding. Nothing more and nothing less.

Nafhan, I agree with fc11 that Occam?s Razor maybe not a good guidance in hacker attack investigation, because hacker attack is computer access in DISGUISE. Remember, we are talking about a highly sophisticated attack.
Posted by ps3coder (3 comments )
Link Flag
if chinese are so smart, why didn't they realize that they should start the attack from somewhere else?
Posted by anakin2006 (74 comments )
Reply Link Flag
they did. some of the servers they used are based in ca....
Posted by pradhanavs (447 comments )
Link Flag
WOW
Posted by masajo928 (64 comments )
Link Flag
Google isn?t trying to lead a fight for freedom. They just want the government to quit hacking their servers. Maybe it?s a cultural issue that gets lost in translation. Intelectual property is property in the same sense and real-property. US companies in general would like the Chinese government to at least fake respect for property rights, for once.
Posted by CheapHomeSolarEnergy (1 comment )
Reply Link Flag
1. No solid evidence showed that the Government was behind the attack.
2. Google's action won't stop further attack. Even if they operate in US only, they still can be attacked. Even my home machine get scanned more than 1000 times a day.
Posted by genpichong (11 comments )
Link Flag
The Chinese have NEVER respected any companies Intellectual property. This is party the reason why China has grown so fast. Industrial espionage.
Posted by kieranmullen (1070 comments )
Link Flag
Hmmm ... anyone check to see if Steve Ballmer has an open back door to China?
Posted by rboblee (19 comments )
Reply Link Flag
If anyone is running Windows in China then there will be a back door open to Ballmer ;)
Posted by aMUSICsite (676 comments )
Link Flag
If you let an alcoholic work in a liquor store then don't be surprised when the pantry is raided.

The best defense is a strong offense. Hire the best programmers ... and a few hackers too!
Posted by tentden (3 comments )
Reply Link Flag
"He acknowledged that he could not completely rule out the possibility that the clue had been placed in the program intentionally by programmers from another government intent on framing the Chinese, but said that this was unlikely. "

Yea because all other people are good people.
Posted by dream_fly (560 comments )
Reply Link Flag
Or maybe they have sufficient IP address activity to give a clue. Or perhaps there is a LOT that Google has not released to the general public about what has been traced and what has been compromised. Surely another government would want to go after China's most feared secret -- there's human rights abuse.

Think -- another government, what would they want? Perhaps to frame the chinese military by going after LLRL or Oakridge or another lab. Frame China for going after oil (our sore spot). Frame China for currency protection. Frame China for any number of things... but outside of China, human rights is not quite on the radar for shaming that country if one was hostile to China.

Do some thinking. Good grief -- it is no wonder this nation has no critical thinking or analytical skills.
Posted by afterhours (215 comments )
Link Flag
He's making this comment in light of what he found AND all the other stuff that's already been uncovered. This isn't the only piece of evidence they are looking at. Anyway, he's a security reasearcher; I'm sure his belief in the inherent goodness of humanity is a little jaded...
Posted by nafhan (360 comments )
Link Flag
The key question is if the Government is behind the attack, not if the attacker is Chinese. Also, many people in other countries can read Chinese. So, this evidence does not mean anything.
Posted by genpichong (11 comments )
Reply Link Flag
Knock off the act, genpichong. You virtually need permission by the government to fart there. They control the pipe.

This evidence means a lot. The fact that you can't understand that shows how pervasive this problem is.
Posted by YouFools (6 comments )
Link Flag
@YouFools

I don't mind speculating that the most likely guilty party is the Chinese government - as an academic exercise. But as for having enough proof, even to make a decision on how to react - that hasn't been shown so far.

fact - The majority of DOS attacks originate from the U.S.
fact - 2 million americans can speak chinese

You shouldn't interpret random facts as being an accusation against the U.S. - it's not. I have no reason to accuse the U.S.

But I am interested in seeing some kind of proof that links this to the Chinese government. The Chinese government cannot control its 1.3 billion people, as you said, to prevent a fart. fart's happen.

We need to see the link to the Chinese government. Let's see it.
Posted by rdupuy11 (908 comments )
Link Flag
@YouFools

China isn't quite as bad as you suggest. I know someone who comes from China and returns to visit every year, and the word is that people have more freedom than the western propaganda wants you to think.
Posted by ddesy (4336 comments )
Link Flag
No it's not the key question. It's pretty widely believed that the Chinese government encourages/allows (they amount to the same thing in China) hacking of foreign corportations and governments. They distance themselves just far enough from the hackers that they can have plausible deniability, even if no one really believes it. Also, this evidence does not exist in a vacuum. Taken together with other stuff that's been uncovered it DOES mean something.
Posted by nafhan (360 comments )
Link Flag
It is so easy now to learn chinese and hack into their servers to conduct your business here in usa and place blame on the chinese.
besides usa hackers and trojan makers are more advanced.
Chinas main hackers are normally gold farmers.
Same route to place a future blame on african hackers..... oh wait that could be a racist term one day.
Posted by inachu1 (1399 comments )
Reply Link Flag
China, Russia, and eastern europe has grown a reputation for hacking activities from IPs located in that area. It is not a matter of racism, it is a matter of law. Obviously, if you hack a company from the US, you are going to be screwed over. Eurasian nations on the other hand are not regulated to comply with american companies, allowing hackers to run freely, and hack US companies as they please.

People don't just blame China because they can, they blame China because as a nation, it has grown a reputation for software crime.
Posted by Yelonde (3236 comments )
Link Flag
I disagree... I was in Japan last week... One of my friend that works in a US Base in Yokosuka, Japan says that most of the hacker now are from China trying to get in the military system over there... The US government to release the list... I also heard North Korea was up there... The US government already known the truth from long ago but they are keeping it silent... I'm sure Google knows more then they are telling...
Posted by masajo928 (64 comments )
Link Flag
I love how the Chinese get so offended by the suggestion that their country performs wholesale piracy, hacking and torture of dissenters. Uhm - go to any market in China and you'll find 15 different iPhone clones. It's not allegation, it's reality.

If you don't like what is clearly the majority opinion of what China is all about, why don't you go back there?

Don't forget to take some stolen technology and intellectual property with you.
Posted by YouFools (6 comments )
Reply Link Flag
@YouFools,

I guess in your world there is an imaginary world government, and China is breaking the law of the One World Government.

But, last I heard, China is a sovereign nation. While I agree with you that they should be heavily criticized for the human rights violations - I see nothing meritorious in these actions...you seem to be mixing that up with other concepts.

I don't agree that they should necessarily pattern their IP laws after ours. Ours are notoriously bad.
If the Chinese want to allow competition on different criteria, that is their right as a society to set the laws that they will live buy.

If they have iPhone knockofss, so be it. In the U.S. facts cannot be copyrighted. In the U.S. a copyright expires after a period of time, so does a patent.

Another country may have unexpiring patents, another may have no patents at all. That's a decision each sovereign nation makes for itself - sometimes based on its own values in culture, but usually based on what it believes is in its economic best self interest.

I think in China, whether de facto or de jure, its clear that a company is going to have trouble patenting such a basic thing as....lets make an example 'rounded phone with clean look'...or 'a process for moving a graphic from one point on the screen to another'...which is great! Our patents are so broad that they stifle innovation, and only the largest companies with 'patent portolios' can go to war with each other, and actually release product.

If you don't know what I mean, look at Nokia vs. Apple as an example. The small guy here has no chance and even huge companies are forever going back to court based on 'patent's of clearly obvious ideas that they earned because they have the money to constantly play the patent registration game.

The superiority of our society is easier to argue for as long as we are more competitive...and as soon as we are less so - wow, its going to be hard to argue that its effective. more likely than not, we'll look to China to see what changes we need to make, soon enough.
Posted by rdupuy11 (908 comments )
Link Flag
A little racist, are we?

In case you forgot, governments and companies are not people. You generalize in a very insulting way.
Posted by ddesy (4336 comments )
Link Flag
"Chinese technical paper" was PUBLIC, right? It is no proof of a Chinese government attack. It is proof of a Chinese authoring a technical paper, though, which in and of itself is laudable.
Posted by TogetherinParis (318 comments )
Reply Link Flag
I totally agree with YouFools. I own a small business and my website was hacked by the chinese a few years ago, destroyed data and stole nothing of value. It was simply a forum of ship modelers. Since the attack, I've configured my servers to not allow any ip address from china or russia to even hit my website. Both countries are notorious for hacking. The only way either country ever was able to obtain 21st century technology was to steal it. The hackers may be smart but if the country as a whole were smart, why can't it develop its own technology instead of stealing it. And what junk the chinese sell. Recalls on toys and other items and the latest junk from china, jewelry laden with cadmium to cut cost. Cheap chinese junk, that's all that's ever come out of that country and why the US continues to bring that junk into the country is beyond me. If leading computer experts say it was the chinese government behind the attacks, I for one can easily believe that given their track record and history for such espionage. Defend yourselves all you want but the evidence is clear to me and I'm sure Google has a tone of evidence they're not sharing with the general public.
Posted by ihatchna (1 comment )
Reply Link Flag
Can you explain why most things made in the US are of no better quality than what is made in China? I didn't think so.
Posted by ddesy (4336 comments )
Link Flag
Well, I agree on China's and Russia's history of hacking. I also agree that they made most of their technology by stealing it, but even if they came up with it on their own, we would be the first to sue them on the grounds of patent infringement, wouldn't we?

I guess the US (and everyone else) imports all that stuff from China for one reason: Cheap means more profit. That's why Google just couldn't stay away from that huge market. Greed above anything.
Posted by dev_xyz (5 comments )
Link Flag
It's amazing isn't it? I don't know about anyone else, but 90% of my logs report intrusion attempts from China. What amazes me is how they go out of their way to keep the sheep in the dark, but have no qualms with their other somewhat nefarious activities.
Posted by igl00lgi (95 comments )
Reply Link Flag
I wonder what the end result is, a nothing to see here special or what.
Posted by TJnGoessel (3 comments )
Reply Link Flag
p.s. to clarify the issue of 'knockoffs'... in the. U.S. the controversial decision was made some time ago to classify 'look and feel' as an IP right.

However, its somewhat absurd. I mean as time went on, how could only Apple have the right to a desktop metaphor? It's too obvious. Stealing an OS is one thing - not being allowed to even write an OS - that stifles innovation.

Apple and MS made nice on some of these subjects...but why would only Apple and MS have the right to such an obvious concept?

Linux these days looks a lot like Windows, and Windows 7 itself, looks very inspired by Mac OS X - how did all this transpire?

There is currently not a lot of suing/countersuing going on, but do big corporations write the law or does Congress?

Where does 'look and feel' come in?

These knockoffs which are sited as an example of Chinese bad behavior - guess what, they don't copy the iPhone OS. They use Neutron OS, and others Linux variants.

They arent' copies at all, except, in one area: look and feel.

Well, look and feel, probably should not be an IP right - and frankly, even if it is in theory, the line is being crossed by the big guys, every day. Why have laws that only some people can use, based on wealth?

Anyway...criticising the Chinese for allowing knockoffs...we have them for sale every single day on e-bay.
We'd have to criticize ourselves as well.
Posted by rdupuy11 (908 comments )
Reply Link Flag
About "Occam's Razor suggests that the simplest explanation is probably the best one," --

This is not true in realm of criminal investigation. I hope that our judges do not use this rule to judge criminal cases (or I will be afriad to live in America). I suggest the author read some Holms detective stories, or just google search "detective story". This will show a lot of examples where criminals try to fool detectives.

As I read in the news, this attack is not performed by a script kiddy, and it is very complicated and coordinated. It is not fair to the hackers to saying their approach is "simple".
Posted by fc11 (48 comments )
Reply Link Flag
This is appalling. Attacks originating from China (some)... hacking email accounts of Chinese Human Right's Activists... I wonder who that could be... must be those ROGUE, NON-GOVERNMENT AFFILIATED PROFITEERING HACKERS! Because there's profit in hacking email accounts of Chinese Human Rights Activists? Nah, it must be Obama trying to frame the Chinese Gov't. Way to go, Obama.

YouFools hit the nail on the head. I keep reading post after post where 2 + 2 does not equal 4. This is borderline Special Ed.
Posted by dantheman67 (1 comment )
Reply Link Flag
The code also included some Red Cliff Kung Fu tricks...
Posted by dev_xyz (5 comments )
Reply Link Flag
It could be either the Chinese Government, the CIA, or Believed-to-be-dead-but-not-Saddham-Hussein... the whole "who did it and (if) to incriminate who" thing blurs the fact that, today, in China your web search and pretty much else is censored.
Posted by dev_xyz (5 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.