An excellent article in the N.Y. Times on February 18th stated that two Chinese schools, the Shanghai Jiaotong University and the Lanxiang Vocational School were involved in the recent online attacks against Google and dozens of other U.S. corporations. These conclusions come from research by various security researchers, the NSA, and U.S. defense contractors.
There are multiple possibilities to consider here and more detailed information is required before making any final conclusions. One the one hand, it appears to be obvious ~ yes, it’s the Chinese government/military working with or sponsoring patriotic student hacking activities.
On the other hand, perhaps not. An important part of the covert Intelligence function and process is the dissemination of dis-information for various reasons, be they political, economic, strategic, etc., As the Times article speculates, this may be a false-flag intelligence operation led by another nation-state.
To do this successfully, you need insiders who work for you who can plant the trail of ‘bread crumbs’ that lead back to the source of origin or you need outsiders who can co-opt internal resources to make it look like the attacks came from the schools. For the latter, you’d need to control individual servers or a botnet from within China to do the attacks, with just enough hard-to-find, but incriminating and hard-to-spoof pieces of evidence to prove the assertion.
Think about who might do this, why and how?
If you put the tinfoil conspiracy theory hat on, is it possible that pirated copies of Microsoft Windows could be involved? That’ would be almost too perfect. A completely new twist on the meaning of Trojan Horse! The news that there was a completely undiscovered flaw in IE6 that was used for the attacks is plausible, but is it probable? Are we talking undiscovered, or simply unrevealed?
I’m not a forensics expert or CS grad, so am more than curious about how you’d prove, absolutely, that the attacks came from specific machines, not just IP addresses. We can’t use the Evil bit to solve this conundrum.
It’s interesting to speculate about all this and it certainly will be interesting to follow. Will we ever know the Truth or just read stories; it’s like an Information Security version of the Allegory of the Cave…
by Bill Wildprett, Suspicious Minds blog, Copyright 2010