Evidence weakens concerning the "alleged" cyber-attack by China!!!

[SinoIndusFriendship]

Evidence weakens concerning the "alleged" cyber-attack by China!!!

'Aurora' code circulated for years on English sites ? The Register

click2005 notes a an article in The Register calling into question the one piece of hard evidence that has been put forward to pin the Google cyberattacks on China. It was claimed that a CRC algorithm found in the Aurora attack code was particular to Chinese-language developers. Now evidence emerges that this algorithm has been widely known for years and used in English-language books and websites. Wired has a post introducing the Pentagon's recently initiated effort to identify the "digital DNA" of hackers and/or their tools; this program is part of a wide-ranging effort by the US government to find useful means of deterring cyberattacks. This latter NY Times article notes that Google may have found the best deterrence so far — the threat to withdraw its services from the Chinese market.

Aurora' code circulated for years on English sites

Where's the China connection?

By Dan Goodin in San Francisco • Get more from this author

Posted in Security, 26th January 2010 11:02 GMT

Free whitepaper – Straight Talk with Dell: Sending out an SaaS

Updated An error-checking algorithm found in software used to attack Google and other large companies circulated for years on English-speakinglanguage books and websites, casting doubt on claims it provided strong evidence that the malware was written by someone inside the People's Republic of China.

The smoking gun said to tie Chinese-speaking programmers to the Hydraq trojan that penetrated Google's defenses was a cyclic redundancy check routine that used a table of only 16 constants. Security researcher Joe Stewart said the algorithm "seems to be virtually unknown outside of China," a finding he used to conclude that the code behind the attacks dubbed Aurora "originated with someone who is comfortable reading simplified Chinese."
Click here to find out more!

"In my opinion, the use of this unique CRC implementation in Hydraq is evidence that someone from within the PRC authored the Aurora codebase," Stewart wrote here.

In fact, the implementation is common among English-speaking programmers of microcontrollers and other devices where memory is limited. In 2007, hardware designer Michael Karas discussed an almost identical algorithm here. Undated source code published here also bears more than a striking resemblance.

The method was also discussed in W. David Schwaderer's 1988 book C Programmer's Guide to NetBIOS. On page 200, it refers to a CRC approach that "only requires 16 unsigned integers that occupy a mere 32 bytes in a typical machine." On page 205, the author goes on to provide source code that's very similar to the Aurora algorithm.

"Digging this a little deeper though, the algorithm is a variation of calculating CRC using a nibble (4 bits) instead of a byte," programmer and Reg reader Steve L. wrote in an email. "This is widely used in single-chip computers in the embedded world, as it seems. I'd hardly call this a new algorithm, or [an] obscure one, either."

Two weeks ago, Google said it was the victim of highly sophisticated attacks originating from China that targeted intellectual property and the Gmail accounts of human rights advocates. The company said similar attacks hit 20 other companies in the internet, finance, technology, media and chemical industries. Independent security researchers quickly raised the number of compromised companies to 34.

But Google provided no evidence that China was even indirectly involved in the attacks targeting its source code. During a conference call last week with Wall Street analysts, CEO Eric Schmidt said only that that world's most populous nation was "probably" behind the attacks.

One of the only other reported links between China and the attacks is that they were launched from at least six internet addresses located in Taiwan, which James Mulvenenon, the director of the Center for Intelligence Research and Analysis at Defense Group, told The Wall Street Journal is a common strategy used by Chinese hackers to mask their origin. But it just as easily could be the strategy of those trying to make the attacks appear to have originated in China.

The claim that the CRC was lifted from a paper published exclusively in simplified Chinese seemed like the hard evidence that was missing from the open-and-shut case. In an email to The Register, Stewart acknowledged the CRC algorithm on 8052.com was the same one he found in Hydraq, but downplayed the significance.

"The guy on that site says he has used the algorithm, didn't say he wrote it," Stewart explained. "I've seen dates on some of the Chinese postings of the code dating back to 2002."

Maybe. But if the 16-constant CRC routine is this widely known, it seems plausible that attackers from any number of countries could have appropriated it. And that means Google and others claiming a China connection have yet to make their case.

The lack of evidence is important. Google's accusations have already had a dramatic effect on US-China relations. If proof beyond a reasonable doubt is good enough in courts of law, shouldn't it be good enough for relations between two of the world's most powerful countries? ®

This article was updated to include details from Schwaderer's book. Thanks to Philippe Oechslin, of OS Objectif Sécurité SA for alerting us to its contents.

 

[SinoIndusFriendship]

China denies role in cyber attacks on Google ? The Register

China denies role in cyber attacks on Google

* Alert
* Print
* Post comment

Claims 'groundless'

By Cade Metz in San Francisco • Get more from this author

Posted in Security, 25th January 2010 05:03 GMT

Free whitepaper – What Exchange can't do - and Dell can

China has denied it was involved in the December cyber attacks on Google and at least 33 other companies.

On Monday, the BBC reports, a spokesman for the Chinese Ministry of Industry and Information Technology rejected claims that the state had anything to do with the attacks - or any others.
Click here to find out more!

"The accusation that the Chinese government participated in [any] cyber attack, either in an explicit or inexplicit way, is groundless. We [are] firmly opposed to that," the unnamed spokesman told the government-run news agency, Xinhua. "China's policy on internet safety is transparent and consistent."

Google outed the attacks nearly two weeks ago, saying they originated in China. Mountain View threatened to leave the country if it couldn't reach an agreement with the Chinese government to stop censoring results on its local search engine.

According to Google, the attacks targeted the email accounts of Chinese human rights activists. Google said that attacks on two Gmail accounts inside the company were largely unsuccessful, but that a subsequent investigation showed that the accounts of dozens of activists in the US, China, and Europe "have been routinely accessed by third parties."

Last week, US Secretary of State Hillary Clinton called on the Chinese government to investigate Google's claims, saying: "Countries that restrict free access to information or violate the basic rights of Internet users risk walling themselves off from the progress of the next century." She also backed Google's intention to stop filtering search results in China, saying that US outfits such as the Mountain View giant should not support "politically motivated censorship."

"Countries that censor news and information must recognize that from an economic standpoint, there is no distinction between censoring political speech and commercial speech," she said. "If businesses in your nation are denied access to either type of information, it will inevitably reduce growth.”

This is the first time the Chinese government has addressed the cyber attacks head-on. Last week, however, it reiterated that Google and other foreign outfits must obey local law. That same day, Google postponed the launch of two Android phones in the country.

But later in the week, during the company's quarterly earnings call, CEO Eric Schmidt downplayed the situation, saying that the attacks "probably" came from China and that - as of now - Google's business in China is unchanged.

"We continue to follow their laws. We continue to offer censored results," he said. "A reasonably short time from now we will be making some changes there. We have made a strong statement we wish to remain in China. We like the Chinese people. We like our Chinese employees. We like the business opportunities there and we would like to do that on somewhat different terms than we have. But we remain quite committed to being there." ®

 

[SinoIndusFriendship]

Classic AshkeNAZI Khazar's "To wage war by means of deception".

Another false flag attack.

 

[conworldus]

This whole thing is suspicious because the coordination between Google and the U.S government seems too damn well. Can you imagine that the U.S government would so quickly issue strong diplomatic protest within a couple of days without even trying to verify if China was truly behind it?

I think it is one of the U.S "morality" stunt and part of the campaign to surpress China amid its own sense of insecurity of being challenged as the world's only superpower. I think the hacker comes from the CIA, and Google knew it.

 

[stax]

US government and Google must apologize to China government and China people!
Why did they blame China with the baseless evidence? Do they have the right to insult China madly since US is "Freedom"?