US Investigators Pinpoint Author Of Google Attack Code


The big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.

Within the last few days the origin of the code was traced to 2 Chinese schools which both claimed they had no knowledge of the exploit.

It was always thought the exploit originated from China due to parts of the code only being discovered on Chinese language sites, the latest news is that the actual origin of the code has been discovered by US investigators.

US investigators have pinpointed the author of a key piece of code used in the alleged cyber attacks on Google and at least 33 other companies last year, according to a new report.

Citing a researcher working for the US government, The Financial Times reports that a Chinese freelance security consultant in his 30s wrote the code that exploited a hole in Microsoft’s Internet Explorer browser. The report also says that Chinese authorities had “special access” to this consultant’s work and that he posted at least a portion of the code to a hacking forum.

The story follows another report from The New York Times that traced the attacks to a pair of Chinese schools – Shanghai Jiaotong University and Lanxiang Vocational School – claiming that the latter had ties to the Chinese military. A day later, representatives of both schools denied involvement to the Chinese state news agency, and the Lanxiang representative denied ties to the military.

It all sounds like a conspiracy from the TV show 24 with schools tied to the Chinese military and ‘special’ access to underground forums.

It’ll be interesting to watch which direction it heads after this and if it’s going to increase the tension between the US and China governments. The whole cyberwar has been going on for quite a while now with both sides trying to covertly steal information from each other.

So far the author of the code has not been named and his real identity or purpose is also a little vague.

According to The Financial Times report, the unnamed security consultant who wrote the exploit code is not a full-time government worker and did not launch the attacks himself. In fact, the FT says, he “would prefer not to be used in such offensive efforts.”

The reports says that when he posted the code to the hacking forum, he described it as something he was “working on.”

With a January blog post, Google announced that attacks originating from China had pilfered unspecified intellectual property from the company, and Microsoft later said the attack had exploited a hole in its Internet Explorer 6 browser. According to security researchers, at least 33 other companies were targeted by similar attacks.

If I understand correctly what is being implied above, the author of the code posted a PoC (proof of concept) type exploit to a hacking forum.

Someone took this PoC, turned it into a working exploit and attacked 33 US based companies. If the conspiracists are right this ‘someone’ would be the Chinese government and they used to the exploit to steal commercially valuable data from some big US players.

Any thoughts?

Source: The Register

Posted in: Exploits/Vulnerabilities, Hacking News


Latest Posts:


LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.
Grype - Vulnerability Scanner For Container Images & Filesystems Grype – Vulnerability Scanner For Container Images & Filesystems
Grype is a vulnerability scanner for container images and filesystems with an easy to install binary that supports the packages for most major *nix based OS.
APT-Hunter - Threat Hunting Tool via Windows Event Log APT-Hunter – Threat Hunting Tool via Windows Event Log
APT-Hunter is a threat hunting tool for windows event logs made from the perspective of the purple team mindset to provide detection for APT movements hidden in the sea of windows event logs.
GitLab Watchman - Audit Gitlab For Sensitive Data & Credentials GitLab Watchman – Audit Gitlab For Sensitive Data & Credentials
GitLab Watchman is an app that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally, this includes code, commits, wikis etc
GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.


3 Responses to US Investigators Pinpoint Author Of Google Attack Code

  1. cbrp1r8 February 23, 2010 at 4:10 pm #

    sounds about right…

  2. Erik February 23, 2010 at 7:27 pm #

    Right on, Darknet :-) They still have plausible deniability … how clever

  3. toby February 24, 2010 at 3:43 pm #

    Well, yeah makes sense..

    Create a PoC and post it somewhere in the Internet. Somebody will take it and convert it to a working exploit.

    Why dirty one’s hands if there are enough ‘volunteers’ doing it for them.