23 February 2010 | 8,523 views

US Investigators Pinpoint Author Of Google Attack Code

Acunetix Web Application Security

The big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.

Within the last few days the origin of the code was traced to 2 Chinese schools which both claimed they had no knowledge of the exploit.

It was always thought the exploit originated from China due to parts of the code only being discovered on Chinese language sites, the latest news is that the actual origin of the code has been discovered by US investigators.

US investigators have pinpointed the author of a key piece of code used in the alleged cyber attacks on Google and at least 33 other companies last year, according to a new report.

Citing a researcher working for the US government, The Financial Times reports that a Chinese freelance security consultant in his 30s wrote the code that exploited a hole in Microsoft’s Internet Explorer browser. The report also says that Chinese authorities had “special access” to this consultant’s work and that he posted at least a portion of the code to a hacking forum.

The story follows another report from The New York Times that traced the attacks to a pair of Chinese schools – Shanghai Jiaotong University and Lanxiang Vocational School – claiming that the latter had ties to the Chinese military. A day later, representatives of both schools denied involvement to the Chinese state news agency, and the Lanxiang representative denied ties to the military.

It all sounds like a conspiracy from the TV show 24 with schools tied to the Chinese military and ‘special’ access to underground forums.

It’ll be interesting to watch which direction it heads after this and if it’s going to increase the tension between the US and China governments. The whole cyberwar has been going on for quite a while now with both sides trying to covertly steal information from each other.

So far the author of the code has not been named and his real identity or purpose is also a little vague.

According to The Financial Times report, the unnamed security consultant who wrote the exploit code is not a full-time government worker and did not launch the attacks himself. In fact, the FT says, he “would prefer not to be used in such offensive efforts.”

The reports says that when he posted the code to the hacking forum, he described it as something he was “working on.”

With a January blog post, Google announced that attacks originating from China had pilfered unspecified intellectual property from the company, and Microsoft later said the attack had exploited a hole in its Internet Explorer 6 browser. According to security researchers, at least 33 other companies were targeted by similar attacks.

If I understand correctly what is being implied above, the author of the code posted a PoC (proof of concept) type exploit to a hacking forum.

Someone took this PoC, turned it into a working exploit and attacked 33 US based companies. If the conspiracists are right this ‘someone’ would be the Chinese government and they used to the exploit to steal commercially valuable data from some big US players.

Any thoughts?

Source: The Register





                

Recent in Exploits/Vulnerabilities:
- Heartbleed Bug SSL Vulnerability – Everything You Need To Know
- Oracle Java Cloud Service Vulnerabilities Publicly Disclosed
- ODA – Online Web Based Disassembler

Related Posts:
- aidSQL – PHP Application For SQL Injection Detection & Exploitation
- WPScan – WordPress Security/Vulnerability Scanner
- BodgeIt Store – Vulnerable Web Application For Penetration Testing

Most Read in Exploits/Vulnerabilities:
- Learn to use Metasploit – Tutorials, Docs & Videos - 225,298 views
- AJAX: Is your application secure enough? - 118,946 views
- eEye Launches 0-Day Exploit Tracker - 84,996 views

Low-cost VPS Hosting

3 Responses to “US Investigators Pinpoint Author Of Google Attack Code”

  1. cbrp1r8 23 February 2010 at 4:10 pm Permalink

    sounds about right…

  2. Erik 23 February 2010 at 7:27 pm Permalink

    Right on, Darknet :-) They still have plausible deniability … how clever

  3. toby 24 February 2010 at 3:43 pm Permalink

    Well, yeah makes sense..

    Create a PoC and post it somewhere in the Internet. Somebody will take it and convert it to a working exploit.

    Why dirty one’s hands if there are enough ‘volunteers’ doing it for them.