Security Expert Confirms Chinese Fingerprints On Google Attacks

A researcher working with a leading US security firm has claimed that he has found ‘fingerprints’ of Chinese hackers in the ‘highly sophisticated’ cyber attack that had targeted search engine giant Google and several other US-based companies.

The Director of SecureWorks' Counter Threat unit, Joe Stewart, who reverse engineered the code that was used in the cyber attack, reported that the newly discovered ‘fingerprint’ of Chinese hackers is an error-checking algorithm in the software that installed the Hydraq backdoor on the compromised PCs.

Stewart reported in his paper that the algorithm that installed the Hydraq backdoor comes from a technical paper in the Chinese language that has been published exclusively on some Chinese websites.

He also said that the CRC, or cyclic redundancy check, used a table of only 16 constants, a compact version of the more standard 256-value table.

Claiming that the CRC-16 is ‘virtually unknown’ outside China, he added that “This indicates the Aurora code base originated with someone who is comfortable reading simplified Chinese. Although source code itself is not restrained by any particular human language or nationality, most programmers reuse code documented in their native language.”

Our Comments

However, several other security experts are finding it hard to conclude anything based on this discovery and believe that the ‘fingerprint’ is an attempt to lay a false trail that leads to China. Oh and many might put the blame on secret services like the CIA or the MI5.

Related Links

Cyber sleuth sees China's fingerprints on 'Aurora' attacks

(The Register)

Evidence Found for Chinese Attack on Google

(New York Times)

Security specialist 'has evidence of Chinese attack on Google'

(Telegraph)