Chinese Hack Tracked Back to Two Universities and an IE Exploit

Illustration for article titled Chinese Hack Tracked Back to Two Universities and an IE Exploit

Investigators at the NSA have tracked the huge online attacks that Google used as their reason for leaving the Chinese market to two universities, one with ties to the Chinese military.

Advertisement

If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.

Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.

Advertisement

So this could mean a couple of things. The Chinese government could be using this school as a front for its attacks. Or it could be the work of "patriotic hackers" in the school, one of the best computer programs in the world. Or the schools could have been used as a proxy by another country looking to put the blame on China.

But one thing is sure: the attacks took place through a newly-discovered Internet Explorer vulnerability.

Executives at Google have said little about the intrusions and would not comment for this article. But the company has contacted computer security specialists to confirm what has been reported by other targeted companies: access to the companies' servers was gained by exploiting a previously unknown flaw in Microsoft's Internet Explorer Web browser.

Forensic analysis is yielding new details of how the intruders took advantage of the flaw to gain access to internal corporate servers. They did this by using a clever technique - called man-in-the-mailbox - to exploit the natural trust shared by people who work together in organizations.

After taking over one computer, intruders insert into an e-mail conversation a message containing a digital attachment carrying malware that is highly likely to be opened by the second victim. The attached malware makes it possible for the intruders to take over the target computer.

This is why you should not be running IE 6.0, you lazy companies. [NY Times]

Share This Story

Get our newsletter

DISCUSSION

I think Microsoft is secretly behind it all to get people to flee from Internet Explorer... Oh no even better, Bill Gates trying to make Ballmer suck a massive Donkey Kong so that he can ride back in as the white knight... Ooooh even better Google trying to make itself a hero. (no... no nothing is better than making Ballmer suck a Donkey Kong... preferably not on literally thank you)

I don't know, either way it can't just be either the Chinese govt. or some patriotic hacker doing some extra credit, or some eastern european syndicate that just happens to exploit IE/IE6 because it is riddled with more holes than swiss cheese. pffft! That would be lame.

Space Aliens would also be an acceptable villain.

In all seriousness though... we really need to catch up. I'm sorry, but really cool Air Force commercials showing people in fatigues staring at large screens and typing gibberish while claiming to be the cyber-security front line, is not the same as actually having a cyber-security front line. Most of the people either doing it, or teaching people how to do it probably went to school here. We have the skill. Let's grow a pair or two.