Google’s Part -When Google first entered the Chinese market in 2006 it was under an agreement with the Chinese government that they keep tabs on who is searching for what information. They also required Google to block certain search terms and phrases. What many people do not know is that Google also had to keep track of who was using [and what they were doing with] their GMail service. This was a requirement of them doing business in China, which is recognized as one of the largest internet markets in the world.
Coming back to 2010, Google is now saying it had always
hoped it would be able to drop those systems eventually. I am not sure why they are saying they thought this, perhaps they felt their power and money would sway the Chinese government, they were just staggeringly naïve, or they are not being honest. In fact the opposite has been happening; Google [and other companies] have found themselves under pressure to implement even stricter filtering and provide more information to the overly paranoid Chinese government. I am sure that at some point the Google Executives must have been regretting their decision to open up shop in China, but how do you leave and save face?
Crying Foul -On Tuesday, Google
announced that it had uncovered a sophisticated multi-layered attack on their own corporate infrastructure as well as up to 20 other companies. They say that this attack ran from mid-December to January 4th roughly a period of three weeks. The report of the attack was interesting, first Google claimed that it exploited a vulnerability in Adobe’s Acrobat Reader, but then changed the statement to say that it was an unknown flaw in IE. Google says that they had some IP [Intellectual Property] stolen and that some basic GMail account information [account creation date and subject lines of e-mails] was accessed. These accounts were used by two human rights activists in China. Google then went on to say that these accounts were the actual goal of the attack and that the attack was traced back to its source and was found to be using CNC servers with IPs previously associated with other attacks from China. Google’s comments sounded hurt and offended, yet while claiming foul they did not release any information to detail the attack.
McAfee Steps in-While Google was unwilling [or unable] to detail the attack they uncovered and tracked down; the folks at McAfee were able to.
According to McAfee the attack was JavaScript based and use multiple layers of encryption and packing to get past malware scanners. It was basically a “drive by” attack. This is where a malicious coder sends a link to a corrupted web page that forces the download of code components onto a system. However McAfee then went on to detail that the code used multiple encryption keys further masking the modules in the code. One module even encrypted and masked its communication with source servers as normal SSL [Secure Socket Layer] communication. The code was a back door to allow remote control of the infected system. McAfee said it was a beachhead that allowed the attackers entry into the system where they could explore further at will. But although McAfee was able to detail the level of sophistication of the code, strangely they were not willing to point the finger at China. They said that they were unable to conclusively determine the location of the control servers.
© 2009 - 2013 Bright Side Of News*, All rights reserved.
