I’m Pretty Sure I Love You, But Still Can’t Prove It

The first time I got a whiff of how search engines would work was in a UNIX lab at Cal around ’93. A couple of guys were hacking out a way to browse the library stacks and they gave me a hint at what things would look like today. Flash forward a couple of years to the Yahoo IPO and we watched as ads rolled across browsers and the dream of truly low hanging fruit from search results intrigued everyone in the advertising world. The big laugh back then was the massive amounts of data that would need to be sorted to be useful to advertising. Then along came those guys from Stanford and the Google Bear.

UNIX - Server

Today we follow Google’s experience in China, that market of 350 million Internet users, hoping upon hope that it will lead to serious opportunities for more technology and science workers. Business around Silicon Valley is working hard to build relationships and deal with the deep mysteries of commerce in the land of the other bear, the one that’s been sleeping these many years.

As expected, "The recent malware hit on Google and other U.S. tech firms showed once again just how hard it is to pin a network strike on a particular person or group. Engineers are pretty sure the attack came from China." Unless Google is at risk, why the public criticisms of China?

According to SecureWorks’ Joe Stewart, in his detailed work on the code, "a snippet of the source code used in the backdoor Trojan horse program planted by the exploit (called “Hydraq” by various anti-virus companies) matched a source code sample that was detailed in a Chinese-language white paper on mathematical algorithms used in electronics."

  - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -
Mining the Cloud to Ease the Enterprise Compliance Burden
- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -

Operation Aurora: Clues in the Code

"Perhaps the most interesting aspect of this source code sample is that it is of Chinese origin, released as part of a Chinese-language paper on optimizing CRC algorithms for use in microcontrollers. The full paper was published in simplified Chinese characters, and all existing references and publications of the sample source code seem to be exclusively on Chinese websites. This CRC-16 implementation seems to be virtually unknown outside of China, as shown by a Google search for one of the key variables, "crc_ta[16]". At the time of this writing, almost every page with meaningful content concerning the algorithm is China."

Still, having origins in China does not get you a public apology from the government. If that is our demand, just an apology, and a promise to quit what They’re doing, we may want to re-think our approach. After all, why is the government of China not cowering in their boots?

According to www.krebsonsecurity.com, "Chinese Windows users may have the most to lose from the public exploitation of this vulnerability." Former Washington Post blogger, Brian Krebs writes, "that one of China’s most-visited anime sites was recently hacked and seeded with the Aurora exploit, serving those who visited with IE6 a Trojan that dropped at least 32 different malicious programs, including password stealers and tools used to enlist infected PCs in coordinated, distributed cyber attacks." The site goes on to quote Gary Warner, research director at U. of Alabama computer forensics, "“There is just a lot of active exploitation going on in the Chinese market right now, and part of that is because there’s a much larger use of IE6 there than there is over in the United States.”

If Google’s technology was threatened, if that is what the markets are thinking, no one is saying.  Though this week’s 10% drop in share price after decent earnings doesn’t evoke confidence. If you have any feelings on the subject, love to hear from you.

Tek-Tips

One Response to I’m Pretty Sure I Love You, But Still Can’t Prove It

  1. Chas February 3, 2010 at 2:01 pm #

    Joe Stewart’s claim is questionable. The nibble crc16 has been around for years:

    http://technolinked.blogspot.com/2010/01/aurora-code-circulated-for-years-on.html

Leave a Reply


*