Google PRC Hackers: Who They Are Depends On Who You Ask
Latest news goes against conventional wisdom:
The computer attack which led Google to threaten leaving China and created a firestorm between Washington and Beijing appears to have been deployed by amateurs, according to an analysis by a U.S. technology firm.
“I would say this particular botnet group was not well funded, in which case I would not conclude they were state sponsored, because the level of the tools used would have been far superior to what it was,” said Gunter Ollmann, vice president of research at Damballa, an Atlanta-based company that provides computer network security. (CNN)
Hmm. What does that say about all those stories of high-level military involvement, hacking academies, scary espionage initiatives? Well, it has the potential to tarnish them a bit, or at least make all that hyperbolic language look stupid in retrospect.
The level of sophistication certainly does not come across as high end:
The botnet used in the attack began being tested in July, nearly six months before the attack, according to Damballa analysis.
He added, “Some of the codes within the malware were at least five years old” — ancient, by software development standards. The attackers used technology “that had been abandoned by professional botnet operators years ago,” he said.
On the other hand, as some of the comments to the CNN article reflect, them Chinese sure are sneaky, and this new information tells us nothing:
. . . and do you think we believe it? This looks like a paid news item from China to hide its military’s hacking activities. Since when amateur Chinese started to hack so sophisticatedly [sic]?
and
the best hackers are not state controlled silly.
I’m surprised that no one suggested the unsophisticated nature of the attacks was actually proof of a highly sophisticated misdirection campaign by the PLA.
First you use outside contractors, then you give them shitty software, and finally you make sure that they use servers that can’t be traced to the government. It’s brilliant!
I guess we’ll all just continue to believe what we want to believe.
If the Cia sends mercenaries to Shanistan. they equip them with anything but M-16s; anything by Kalashnikov will do. If the CIA were to try their hand at hacking, it makes sense, in the name of plausible deniability, to use equipment that is outmoded. The big question is, who was the operator who made that obsolete malware do more than any thought it was capable of.
Well, I can see them using “clean” servers, but bad code? That would be more like the CIA hiring mercenaries and giving them flintlock muskets to use.
If the software was that old and crappy, though, then Google’s security folks have got some questions to answer.