The Dragon’s Lair?

Sunday, February 21, 2010

Bill Wildprett, CISSP, CISA

0f48ebb4a6ca02dbf5141affdbfa6898

An excellent article in the N.Y. Times on February 18th stated that two Chinese schools, the Shanghai Jiaotong University and the Lanxiang Vocational School were involved in the recent online attacks against Google and dozens of other U.S. corporations.  These conclusions come from research by various security researchers, the NSA, and U.S. defense contractors.

There are multiple possibilities to consider here and more detailed information is required before making any final conclusions.  One the one hand, it appears to be obvious ~ yes, it’s the Chinese government/military working with or sponsoring patriotic student hacking activities.

On the other hand, perhaps not.  An important part of the covert Intelligence function and process is the dissemination of dis-information for various reasons, be they political, economic, strategic, etc.,  As the Times article speculates, this may be a false-flag intelligence operation led by another nation-state.

To do this successfully, you need insiders who work for you who can plant the trail of ‘bread crumbs’ that lead back to the source of origin or you need outsiders who can co-opt internal resources to make it look like the attacks came from the schools.  For the latter, you’d need to control individual servers or a botnet from within China to do the attacks, with just enough hard-to-find, but incriminating and hard-to-spoof pieces of evidence to prove the assertion.

Think about who might do this, why and how?

...

If you put the tinfoil conspiracy theory hat on, is it possible that pirated copies of Microsoft Windows could be involved?  That’ would be almost too perfect.  A completely new twist on the meaning of Trojan Horse!  The news that there was a completely undiscovered flaw in IE6 that was used for the attacks is plausible, but is it probable?  Are we talking undiscovered, or simply unrevealed?

I’m not a forensics expert or CS grad, so am more than curious about how you’d prove, absolutely, that the attacks came from specific machines, not just IP addresses.  We can’t use the Evil bit to solve this conundrum.

It’s interesting to speculate about all this and it certainly will be interesting to follow.  Will we ever know the Truth or just read stories; it’s like an Information Security version of the Allegory of the Cave

Later friends!

by Bill Wildprett, Suspicious Minds blog, Copyright 2010

Possibly Related Articles:
7005
Breaches Privacy Vulnerabilities Webappsec->General
Google Hacks China
Post Rating I Like this!
6d117b57d55f63febe392e40a478011f
Anthony M. Freed I think the Chinese regime has sufficiently demonstrated that they will not play by anyone's rules but their own, and it is not a big leap in logic to come to the conclusion that hackers receive robust support from Beijing - be it direct engagement or overt tolerance of these activities.
1266863344
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked