Google's "Get Out of China" Free Card analyzed

Throughout history there have always been people willing to steal and spy. It is an honored profession in many cultures and seen as a great act of patriotism to risk your life to gather information from another country. Of course the country you are spying on will see it quite different, but the world is all perception anyway. Now that we are in the age of the Cyber Spy, espionage is often done from a single console which is connected through multiple bounces to remote systems that have been previously compromised for use in distributed attacks. This makes it harder [but not impossible] to track and locate the perpetrators and also means that even if you find the source system of an attack that does not mean that is the root source.  As we mentioned the origin of the actual attack many come through several bounce systems [called BNCs] before it gets to the system that has the command and control [CNC] functions and from there several more BNCs before you find the source of the malicious code. Even communication from an infected target system is hard to trace. Too often the malicious coder will place an intermediate server for direct communication with infected target systems which then can bounce the traffic for return to the main CNC servers. Yes, sometimes people get sloppy and try to script a return bounce from a target system but that leaves the path open to discovery by decompiling the code on the infected system. So in the end it is very hard to find the source of any sophisticated attack.  

By now I know you are wondering what this has to do with anything. Well it has everything to do with a recent announcement by Google. In the announcement Google directly pointed the finger at China for corporate espionage. They claim that they were able to trace the source of a targeted attack on their [and other company'’] systems to China. The attack, Google claims, was vectored through a vulnerability in Microsoft’s Internet Explorer and was used to gain remote control of systems with access to sensitive data.  So far the story sounds entirely plausible.

But let’s take a look at the presented facts and see if they really hold water or if there is something else going on that Google and others might now want you to know about.