Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Google Government IT

Experts Closing In On Google Attack Coders 141

Posted by samzenpus from the sniff-them-out dept.
ancientribe writes "The targeted attacks out of China that hit Google, Adobe, and other US organizations are still ongoing and have affected many more companies than the original 20 to 30 reported. Security experts now say they are getting closer to identifying the author or authors of the malware used to breach Google and other organizations."
This discussion has been archived. No new comments can be posted.

Experts Closing In On Google Attack Coders More

Experts Closing In On Google Attack Coders

Comments Filter:

  • Would you run unknown code? (Score:4, Interesting)

    by fluffy99 ( 870997 ) on Thursday February 11, 2010 @01:06AM (#31095964)

    Why on earth would I download and run the "inoculation" removal software from some unknown company? It might actually be installing more crap! Why not just give us a shell script if it's just wmi calls?

    • Re: (Score:1, Informative)

      by Anonymous Coward

      Not that unknown. If I remember correctly, they present at BlackHat every year and have published several books.

      • Not that unknown. If I remember correctly, they present at BlackHat every year and have published several books.

        BlackHat you say? If they presented at WhiteHat I'd be more trusting.

  • Results 1 to 10 of 5,000,000,000 for "google wannabe hackers".

    1. Some Script Kiddie

    2. Wannabe h4xx0r ...

  • Boy I can't wait! (Score:5, Insightful)

    by Weaselmancer ( 533834 ) on Thursday February 11, 2010 @01:10AM (#31095996)

    As soon as the United States identifies the culprits in China...wow are they in trouble.

    • China has a tendancy to execute criminals who cause international incidents.
      /That's in addition to the numerous other reasons they normally execute people for.

      • Re: (Score:1)

        by Sheen ( 1180801 )
        Like they are gonna execute someone with that amount of hacking skill, yeah right. or execute, being hired by the executive branch!?

      • China has a tendancy to execute criminals who cause international incidents.

        You mean the Chinese government kills the people it gets to do it's dirty work? Man, communism really IS inefficient!

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          All intelligence agencies do that.

          If you don't know who is going to be the fall guy, it's going to be you.

      • Re: (Score:1)

        by mysidia ( 191772 )

        Will they still do that even now? Or rather send them to be "re-educated" ?

      • Re: (Score:2)

        by sowth ( 748135 ) *

        More like they choose one guy as a scapegoat and execute him, even when the incident (or group of incidents) was obviously caused by many people.

        It is the same as if the RIAA hunted down one person who they thought was infringing their copyrights, and shot him/her. Then they declare the problem of "piracy" solved.

        The real world doesn't work that way. Even if many of the offenders were scared into submission, plenty of others would say: "they just went after one guy when so many of us were doing it? Whoo

    • Re: (Score:1, Funny)

      by Anonymous Coward
      Old news. They've already identified the culprit. And released a description

      He has dark hair and is of Asian appearance

      Shouldn't be long before they catch him...

    • Re: (Score:1)

      by gaelfx ( 1111115 )
      Are you referring to the US, to China or to both? Or the infamous third man that nobody sees until the last reel?

    • Just block all connections between China and the rest or the world for a week or so. Let's see if China feels the economic impact. If it doesn't stop America and others should simply default on all loans from China. The saving on interest payments will more than allow them to balance their books.

      Seriously, any person or company that deals with China any more than they have to gets what they deserve. Why are we dealing with them anyway. Oh yeah, there is so much POTENTIAL for trade with them. Oh wait I forgo

    • As soon as the United States identifies the culprits in China...wow are they in trouble.

      Two words: Extraordinary. Rendition.
      Nuff said.

  • Not Surprising (Score:3, Insightful)

    by LuNa7ic ( 991615 ) on Thursday February 11, 2010 @01:17AM (#31096040)
    Do you really expect that they would say anything else? "Sorry guys, this one has us stumped, we've no idea who did it." There are 15 paragraphs in TFA, and they've used them to not say a damned thing. Why did they even put this press release out?
    • I don't think Google has enough clout to do this, but what could theoretically be done is send out the press release, then watch and see which of the 50 suspects starts to make some moves.

      Don't you watch movies?

    • Re: (Score:1)

      by willyg ( 159173 )

      "Why did they even put this press release out?"

      I thought the reason to put it out was obvious. I know, who on Slashdot would RTFA, but I thought it was obvious from the money shot at the end of the article:

      "Companies are waking up to the fact that they've under-invested in the area of security around surveillance and monitoring and forensics to get to the bottom of what happened."

      * Buy our Services! Buy Now! Help us spread FUD so your associates buy our services!!! *

      Or maybe I'm just being cynical...

    • "Getting closer to identifying the authors" means "we have no fucking clue where to start looking". If they were really closing in, the last thing they'd want is a press release.

      • Re: (Score:1)

        by Threni ( 635302 )

        It means they now know which internet cafe, with no security cameras, was used to access TOR to release their code...

  • ...One finds them self hungry again in an hour.

  • Gotta be a Chinese military virus. (Score:4, Funny)

    by Dahamma ( 304068 ) on Thursday February 11, 2010 @01:23AM (#31096106)

    Probably a Kuang Grade Mark Eleven. Big mother.

  • The interesting bits... (Score:4, Insightful)

    by chill ( 34294 ) on Thursday February 11, 2010 @02:26AM (#31096442) Journal

    About 80 percent of APT attacks use custom malware, Mandia says. "We recently took over 1,800 programs we've collected since 2008 that are all part of APT ... and ran it through AV, and only 24 percent of the malware triggered antivirus," he says. "Over a year ago, none of it was triggering AV."

    Signature-based anti-virus scanning isn't going to help. That model is broken and only useful for the "AOL mindset" of the general public. That is, the people who go "ohhhh, SHINY. [click]" and get infected by year-old malware.

    Serious pressure on software vendors to make sure their app doesn't need admin rights to run on a Windows box would be a nice step.

    • I set it all so it was Read-Only to regular users, then removed my own Administrator privileges. When I logged in as "Mike", I was just a regular user, and had to log in explicitly as Administrator to do anything administrative.

      Well that didn't last long. Nothing worked anymore.

      To get my box back, I had to both make my Program Files folder writable, and I had to give my "Mike" account administrative priveliges.

      That's just plain wrong.

      • http://blogs.msdn.com/aaron_margosis/archive/2004/07/24/193721.aspx [msdn.com] I've used this for years. It launches a command prompt (after requesting passwords) that is still you, but with admin privs. Makes all the stuff that doesn't work under runas work just fine.

        • The problem is though, that very few apps should need admin privs to run. The only ones I know of that actually need admin privs are AV scanners and system tools/utils such as registry tools and defraggers and yes I do know what I'm talking about. As an example, I have two games that absolutely will not run w/o admin privs (not just install) and both apps require at least XP to even run. Why? How about bad coding practices - especially in light of MS having recommended for years that Admin Privs not be used

          • I don't know about works, not having used it in years... But no one in my office has admin privs, and everyone uses office (2007) just fine.

    • Serious pressure on software vendors to make sure their app doesn't need admin rights to run on a Windows box would be a nice step.

      Serious pressure is not going to cut it. We need real, authentic pressure on top executives of software companies. That means looking up their names and addresses, and finding out if they have a pet or not. A poodle or some such. Then a team of open-source ninja's should capture the poodle of the executive and put a video on 4chan, clearly stating what we want from them. "No admin rights or the poodle gets it".

      • Re: (Score:1)

        by maxume ( 22995 )

        Shouldn't the open-source ninjas be demanding an open-source version rather than better Windows support?

    • Re: (Score:2)

      by jimicus ( 737525 )

      Serious pressure on software vendors to make sure their app doesn't need admin rights to run on a Windows box would be a nice step.

      Normal users can't install a service but they can set up an application to run on a scheduled basis. They can also have some tasks run when they log in.

      Normal users can see data. Sometimes it's confidential data.

      Normal users can usually somehow connect to the outside world - even if it's only by email.

      So I don't see how this would really solve anything in the long term.

  • But these damn Chinese names all sound the same to a westener's ear.

    Ya know that old joke, how do you choose the name for your Chinese child? Drop a silver spoon on a piece of Jade and the sound created is the name.

  • not sure its a good idea to say this (Score:3, Interesting)

    by Anonymous Coward on Thursday February 11, 2010 @04:16AM (#31097052)

    In retaliation to the investigations and accusations, BAE Uk got a massive attack wave this weekend, much larger than anything Google saw. All the attacks came from proxys, but deeper probes showed all the traffic was from china.

    BAE had all their systems crippled and apprently had shut the whole network down(we are talking about thousand upon thousands of machines), reset all passwords and wipe a lot of boxes. You wont hear this in the news though. It would be seriously bad for business if the US and Uk governments got wind of it.

    China* wont go down without a fight.

    *whoever is organising it.

  • ... everyone knows who did it. It was the CaoNiMa, or the grass-mud horses as you may know them. I really hate those mother f@#$%&s.

  • I can only imagine two outcomes to this: the perpetrators are found, and are found to be _not_ (in the pockets of) the Chinese government, and they are found precisely because of this: I mean, we're talking about *Google*, the *US* and *China* man ! To hell with ordinary malware creators and spamhouses that no law enforcement ever seems to be able to nail, this is important !

    Or, they are (suspected to be) still of the Chinese government, in which case it likely dead-end somewhere.

    Both outcomes would make m

  • Chinese "Echelon" (Score:4, Informative)

    by Max_W ( 812974 ) on Thursday February 11, 2010 @06:19AM (#31097592)

    Some states do use secret "Echelon" system to break into private and other states' communication systems. Yes, supposedly and by a self-proclamation these are the "good guys".

    Is it a feasible international framework that if one feels himself to be a "good guy" he can eavesdrop on electronic systems? But if he looks like a bad guy, speaks in some exotic ethnic language, then it is a condemnable behavior.

    But to Chinese and other Asian people we look like strange exotic humans. There is even a word for European-like people in Asia - "long-noses". And when one lives there it feels exactly this: being a "long nose" among normal people.

    So they know that good guys eavesdrop on them with an "Echelon" and keep silence philosophically, but when they try to get some info via eavesdropping a commercial company "Google", it causes a global panic. Or do I get it wrongly?

    Maybe it makes sense to lead by an example?

    • I think the big difference is that China uses the information to murder human rights activists and in the US Jon Stewarts gets to rail against the establishment every night on national TV.

    • Echelon, to my knowledge, does not involve the active breaching of private systems. That's the difference. If you have evidence that US government supported entities have actively breached private companies in China, I'd like to hear it.

  • Security experts now say they are getting closer to identifying the author or authors of the malware

    Translated: They now have narrowed the list down to a hand full of people, and will soon decide who will be the best scapegoat. ;)

    • Re: (Score:2)

      by hey! ( 33014 )

      This kind of reminds me of stories of 1960s sub warfare between the US and the Soviets. US subs would trail the soviets using only passive sonar to tell when rudder was applied or engine or trim adjusted. Soon each watch's OOD would feel like he could read the mind of his counterpart on the Soviet boat, whether he was going to turn left or right, or pull a "crazy Ivan", a dangerous figure eight maneuver designed to flush out enemy subs. All this was done blind, and US subs were almost totally silent.

      So I'

  • authors (Score:1, Interesting)

    by Anonymous Coward

    forget the authors, who paid them?

  • The villians must be found! (Score:3, Insightful)

    by Ukab the Great ( 87152 ) on Thursday February 11, 2010 @10:29AM (#31099260)

    We have to find the villains who did this nefarious thing. Otherwise, we'd lack scapegoats and would have it admit to ourselves that:

    - Adobe didn't learn a single damn lesson from Microsoft's Word Macro Virus debacles as to why allowing code to be embedded in what most users consider to be a static, non-code executing document is such a bad thing.

    - A business that supposedly hires the Best And The Brightest and discards applicants due to bad SAT scores 15 years ago got pwned.

    - Businesses were too dumb and shortsighted to update their browsers to something less obsolete and pay for a standard's compliant redesign of their web applications.

    - That most of these massive attacks are caused by script kiddies in China trying to impress girls by exploiting corporate stupidity, as opposed to Neo's elite evil twin.

Slashdot Top Deals

Get hold of portable property. -- Charles Dickens, "Great Expectations"

Close