Experts Closing In On Google Attack Coders 141
ancientribe writes "The targeted attacks out of China that hit Google, Adobe, and other US organizations are still ongoing and have affected many more companies than the original 20 to 30 reported. Security experts now say they are getting closer to identifying the author or authors of the malware used to breach Google and other organizations."
Would you run unknown code? (Score:4, Interesting)
Why on earth would I download and run the "inoculation" removal software from some unknown company? It might actually be installing more crap! Why not just give us a shell script if it's just wmi calls?
Re: (Score:1, Informative)
Not that unknown. If I remember correctly, they present at BlackHat every year and have published several books.
Re: (Score:2)
Not that unknown. If I remember correctly, they present at BlackHat every year and have published several books.
BlackHat you say? If they presented at WhiteHat I'd be more trusting.
Just google them (Score:2)
1. Some Script Kiddie
2. Wannabe h4xx0r
Boy I can't wait! (Score:5, Insightful)
As soon as the United States identifies the culprits in China...wow are they in trouble.
Re: (Score:2)
China has a tendancy to execute criminals who cause international incidents.
/That's in addition to the numerous other reasons they normally execute people for.
Re: (Score:1)
Re: (Score:2)
China has a tendancy to execute criminals who cause international incidents.
You mean the Chinese government kills the people it gets to do it's dirty work? Man, communism really IS inefficient!
Re: (Score:1, Insightful)
All intelligence agencies do that.
If you don't know who is going to be the fall guy, it's going to be you.
Re: (Score:1)
Will they still do that even now? Or rather send them to be "re-educated" ?
Re: (Score:2)
More like they choose one guy as a scapegoat and execute him, even when the incident (or group of incidents) was obviously caused by many people.
It is the same as if the RIAA hunted down one person who they thought was infringing their copyrights, and shot him/her. Then they declare the problem of "piracy" solved.
The real world doesn't work that way. Even if many of the offenders were scared into submission, plenty of others would say: "they just went after one guy when so many of us were doing it? Whoo
Re: (Score:1, Funny)
He has dark hair and is of Asian appearance
Shouldn't be long before they catch him...
Re: (Score:2)
And they found all this out by analyzing the firewall logs!
Re: (Score:1)
Re: (Score:2)
Just block all connections between China and the rest or the world for a week or so. Let's see if China feels the economic impact. If it doesn't stop America and others should simply default on all loans from China. The saving on interest payments will more than allow them to balance their books.
Seriously, any person or company that deals with China any more than they have to gets what they deserve. Why are we dealing with them anyway. Oh yeah, there is so much POTENTIAL for trade with them. Oh wait I forgo
Re: (Score:2)
Two words: Extraordinary. Rendition.
Nuff said.
Not Surprising (Score:3, Insightful)
Re: (Score:2)
Don't you watch movies?
Re: (Score:1)
"Why did they even put this press release out?"
I thought the reason to put it out was obvious. I know, who on Slashdot would RTFA, but I thought it was obvious from the money shot at the end of the article:
"Companies are waking up to the fact that they've under-invested in the area of security around surveillance and monitoring and forensics to get to the bottom of what happened."
* Buy our Services! Buy Now! Help us spread FUD so your associates buy our services!!! *
Or maybe I'm just being cynical...
Re: (Score:1)
"Getting closer to identifying the authors" means "we have no fucking clue where to start looking". If they were really closing in, the last thing they'd want is a press release.
Re: (Score:1)
It means they now know which internet cafe, with no security cameras, was used to access TOR to release their code...
After Tracing the Chinese Noodles... (Score:1)
Gotta be a Chinese military virus. (Score:4, Funny)
Probably a Kuang Grade Mark Eleven. Big mother.
Re:Gotta be a Chinese military virus. (Score:5, Interesting)
For a long time it looked like William Gibson had the wrong view of the future with the Sprawl series. But now we have duelling Russian botnets which fight for exploited systems and AI captcha crackers. Major corporations base their income on the reduction and on-sale of found information. Infrastructure is increasingly dependent on information technology, and likely to be connected to the Internet.
Science fiction writers tend to over estimate short term progress and under estimate long term progress. I think Neuromancer is coming back.
The charge? Conspiracy to augment an artificial intelligence..
Re: (Score:3, Interesting)
The interesting bits... (Score:4, Insightful)
About 80 percent of APT attacks use custom malware, Mandia says. "We recently took over 1,800 programs we've collected since 2008 that are all part of APT ... and ran it through AV, and only 24 percent of the malware triggered antivirus," he says. "Over a year ago, none of it was triggering AV."
Signature-based anti-virus scanning isn't going to help. That model is broken and only useful for the "AOL mindset" of the general public. That is, the people who go "ohhhh, SHINY. [click]" and get infected by year-old malware.
Serious pressure on software vendors to make sure their app doesn't need admin rights to run on a Windows box would be a nice step.
I tried securing my Win2k Program Files folder (Score:2, Interesting)
Well that didn't last long. Nothing worked anymore.
To get my box back, I had to both make my Program Files folder writable, and I had to give my "Mike" account administrative priveliges.
That's just plain wrong.
Re: (Score:2)
Re: (Score:2)
The problem is though, that very few apps should need admin privs to run. The only ones I know of that actually need admin privs are AV scanners and system tools/utils such as registry tools and defraggers and yes I do know what I'm talking about. As an example, I have two games that absolutely will not run w/o admin privs (not just install) and both apps require at least XP to even run. Why? How about bad coding practices - especially in light of MS having recommended for years that Admin Privs not be used
Re: (Score:2)
Sorry I really did mean Read and Execute (Score:3, Informative)
Re: (Score:2)
Serious pressure on software vendors to make sure their app doesn't need admin rights to run on a Windows box would be a nice step.
Serious pressure is not going to cut it. We need real, authentic pressure on top executives of software companies. That means looking up their names and addresses, and finding out if they have a pet or not. A poodle or some such. Then a team of open-source ninja's should capture the poodle of the executive and put a video on 4chan, clearly stating what we want from them. "No admin rights or the poodle gets it".
Re: (Score:1)
Shouldn't the open-source ninjas be demanding an open-source version rather than better Windows support?
Re: (Score:2)
Serious pressure on software vendors to make sure their app doesn't need admin rights to run on a Windows box would be a nice step.
Normal users can't install a service but they can set up an application to run on a scheduled basis. They can also have some tasks run when they log in.
Normal users can see data. Sometimes it's confidential data.
Normal users can usually somehow connect to the outside world - even if it's only by email.
So I don't see how this would really solve anything in the long term.
They would already have him (Score:2)
But these damn Chinese names all sound the same to a westener's ear.
Ya know that old joke, how do you choose the name for your Chinese child? Drop a silver spoon on a piece of Jade and the sound created is the name.
not sure its a good idea to say this (Score:3, Interesting)
In retaliation to the investigations and accusations, BAE Uk got a massive attack wave this weekend, much larger than anything Google saw. All the attacks came from proxys, but deeper probes showed all the traffic was from china.
BAE had all their systems crippled and apprently had shut the whole network down(we are talking about thousand upon thousands of machines), reset all passwords and wipe a lot of boxes. You wont hear this in the news though. It would be seriously bad for business if the US and Uk governments got wind of it.
China* wont go down without a fight.
*whoever is organising it.
Re:not sure its a good idea to say this (Score:4, Interesting)
In China... (Score:1)
Simple, really (Score:2)
I can only imagine two outcomes to this: the perpetrators are found, and are found to be _not_ (in the pockets of) the Chinese government, and they are found precisely because of this: I mean, we're talking about *Google*, the *US* and *China* man ! To hell with ordinary malware creators and spamhouses that no law enforcement ever seems to be able to nail, this is important !
Or, they are (suspected to be) still of the Chinese government, in which case it likely dead-end somewhere.
Both outcomes would make m
Chinese "Echelon" (Score:4, Informative)
Some states do use secret "Echelon" system to break into private and other states' communication systems. Yes, supposedly and by a self-proclamation these are the "good guys".
Is it a feasible international framework that if one feels himself to be a "good guy" he can eavesdrop on electronic systems? But if he looks like a bad guy, speaks in some exotic ethnic language, then it is a condemnable behavior.
But to Chinese and other Asian people we look like strange exotic humans. There is even a word for European-like people in Asia - "long-noses". And when one lives there it feels exactly this: being a "long nose" among normal people.
So they know that good guys eavesdrop on them with an "Echelon" and keep silence philosophically, but when they try to get some info via eavesdropping a commercial company "Google", it causes a global panic. Or do I get it wrongly?
Maybe it makes sense to lead by an example?
Re: (Score:2)
I think the big difference is that China uses the information to murder human rights activists and in the US Jon Stewarts gets to rail against the establishment every night on national TV.
Re: (Score:2)
Echelon, to my knowledge, does not involve the active breaching of private systems. That's the difference. If you have evidence that US government supported entities have actively breached private companies in China, I'd like to hear it.
Re: (Score:2)
Yes, I realize that in China people get killed by the state for things which we consider our rights. I am strongly against it too. But we are "white" or "honorably white" in broad sense of the word.
Our civilization do kill tribal uneducated "non-white people sometimes it seems for no reason. And they take notice of it and feel insecure because of it, because they are developing land.
But it seems to me that there should be some balanced international biding agreement not to eavesdrop and not to break into ea
Re: (Score:2)
Only way that happens is to eliminate nationalism and every government except the UN. And you can imagine how that would work.
Translation: (Score:2)
Security experts now say they are getting closer to identifying the author or authors of the malware
Translated: They now have narrowed the list down to a hand full of people, and will soon decide who will be the best scapegoat. ;)
Re: (Score:2)
This kind of reminds me of stories of 1960s sub warfare between the US and the Soviets. US subs would trail the soviets using only passive sonar to tell when rudder was applied or engine or trim adjusted. Soon each watch's OOD would feel like he could read the mind of his counterpart on the Soviet boat, whether he was going to turn left or right, or pull a "crazy Ivan", a dangerous figure eight maneuver designed to flush out enemy subs. All this was done blind, and US subs were almost totally silent.
So I'
authors (Score:1, Interesting)
forget the authors, who paid them?
The villians must be found! (Score:3, Insightful)
We have to find the villains who did this nefarious thing. Otherwise, we'd lack scapegoats and would have it admit to ourselves that:
- Adobe didn't learn a single damn lesson from Microsoft's Word Macro Virus debacles as to why allowing code to be embedded in what most users consider to be a static, non-code executing document is such a bad thing.
- A business that supposedly hires the Best And The Brightest and discards applicants due to bad SAT scores 15 years ago got pwned.
- Businesses were too dumb and shortsighted to update their browsers to something less obsolete and pay for a standard's compliant redesign of their web applications.
- That most of these massive attacks are caused by script kiddies in China trying to impress girls by exploiting corporate stupidity, as opposed to Neo's elite evil twin.
Re:Propaganda (Score:5, Informative)
Re: (Score:1, Troll)
You guys are chasing a red herring. Everyone knows that google is a propaganda machine. It's the only thing they sell.
If I want to invent a cologne that smells like hippos and spend a bunch of money on a propaganda campaign to make you all think it will get you a promotion and a girlfriend who looks like a supermodel, the folks at google won't tell me that propaganda is evil and they don't do that sort of thing. They will refer me to the sales department.
Of course google are doing propaganda for the US g
Re: (Score:1, Funny)
f I want to invent a cologne that smells like hippos and spend a bunch of money on a propaganda campaign to make you all think it will get you a promotion and a girlfriend who looks like a supermodel, the folks at google won't tell me that propaganda is evil and they don't do that sort of thing. They will refer me to the sales department.
Quick - snailmail me some of that shit! You can't possibly have smoked it all.
You sir/madam/it, are the King/Queen/What-e-ver Of Arseclowns!
Re: (Score:2)
You can call anyone a "propaganda machine" if you get to define "propaganda" to suit your case.
Re: (Score:2)
You're right. Lets look at the wikipedia entry:
Propaganda
From Wikipedia, the free encyclopedia
For other uses, see Propaganda (disambiguation).
Propaganda is a form of communication aimed at influencing the attitude of a community toward some cause or position. As opposed to impartially providing information, propaganda in its most basic sense, presents information primarily to influence an audience. Prop
Re: (Score:2)
Propaganda is a form of communication aimed at influencing the attitude of a community toward some cause or position
OK, if we define propaganda that way, that includes influencing the community towards a position it is in their interest to take using entirely truthful and honest means.
It is intellectually dishonest to try to trick somebody into condemning something by using an emotionally loaded term in an emotionally neutral sense. You should make clear that your version of propaganda includes MLK's "I have a dream" speech, and the surgeon general's report linking cigarettes with cancer. You ought to make it clear that
Re: (Score:2)
It is intellectually dishonest to try to trick somebody into condemning something by using an emotionally loaded term in an emotionally neutral sense. You should make clear that your version of propaganda includes MLK's "I have a dream" speech, and the surgeon general's report linking cigarettes with cancer. You ought to make it clear th
Re: (Score:2)
So let's be clear: Thomas Paine's "The Rights of Man" was in your view reprehensible. Or the Federalist Papers. Or "Atlas Shrugged" if you prefe. All of them reprehensible.
By the way, recognizing that human language is full of ambiguous constructs like metonymy and polysemy isn't double-think. That's just an unfortunate fact of life. Cynically exploiting those bugs in language to make an emotionally loaded argument *is*.
Re: (Score:2)
Yes, all of them are reprehensible.
Your position is really quite ironic. You accuse me of cynically exploiting bugs in language to make an emotionally loaded argument. Yet you have attempted to re-define words during this dialogue in an effort to avoid conceding that you were mistaken. You pull out propaganda pieces as examples. I will go out on a limb and presume that you like these particular propaganda pieces. They are definitely very popular in certain regions.
On a personal note, I would be more em
Re: (Score:2)
On a personal note, I would be more emotionally moved if you had referred to Thomas Spence's "The Real Rights of Man", or Peter Kropotkin's "The Conquest of Bread".
How is that not double-think?
Re: (Score:2)
It is not doublethink. I am no less vulnerable to propaganda than anyone else.
Every time someone comes up to me all excited about something and I say to them "Thrill a Bite" in the exact same tone as those old commercials, and the image of that fat dude with the hot sauce pops into my head while some guy is cooking bacon naked or some shit, I think to myself, I cut the cable almost half a decade ago, will this inane shit ever stop polluting my head space? And the answer is, no, it won't. It's no differen
Re: (Score:2)
But by your definition "propaganda" is not necessarily some thing one is vulnerable to.
I can try to persuade you to a position using entirely rational and supported arguments, motivated by the identification of some mutual, shared interest we have in your taking that position. If we use propaganda the way you propose to use it, that would be propaganda, so long as my attempt at rational persuasion wasn't targeted at one individual.
Why would that be reprehensible?
Dictionaries -- at least cheap ones -- aren'
Re: (Score:2)
Re: (Score:2)
Re:Propaganda (Score:5, Informative)
Apparently you're too stupid to read the article YOU linked. They are not permitted to allow countries like Syria and Iran to download their apps to comply with US law. Given that they're a US based company, what the fuck do you expect them to do?
You need to work a lot harder than that to prove propaganda.
Re: (Score:2)
Re: (Score:1, Interesting)
So shouldn't they go get the Exemption [internetnews.com] Firefox got, or replace their crypto code with Firefox's code?
Or (since Chrome is Windows-only)... use the CSPs in Windows for crypto operations, instead of shipping crypto code with their browser..
Sorry, the US Law excuse doesn't really hold water here.
Re:Propaganda (Score:5, Insightful)
Why should they bother with the hassle of getting an exemption? More importantly, how does the fact that they do not have an exemption make them part of some government propaganda machine?
Oh, and Chrome runs on Linux and OS-X. Not sure where you get the notion that it's Windows only.
The only thing that doesn't hold water here is your argument.
Re:Propaganda (Score:5, Informative)
*Chromium* runs on Linux. Chrome doesn't exist for Linux.
http://www.google.com/chrome?platform=linux [google.com] Seems official Chrome to me (at least is what the package says).
Re: (Score:1)
Re: (Score:1, Informative)
Are you by any chance accessing the site using Windows? Hmm maybe Google did this little thing called a user agent lookup and perhaps to make it easier for their users, they have it automatically hit the site compatible with the accessing OS. You sir are a moron.
Re: (Score:2)
Firefox exceptions apply because their (source) code is freely available for download (and so impossible to control). Google doesn't have this excuse especially for their services or even software which are generally used with an ongoing connection to their servers (where they can easily use geo-location to pick on particular Iranian IP addresses). The situation is not comparable.
The crypto code from FireFox would probably be sufficient to make google's software a controlled item if it was integrated to
Re: (Score:3, Interesting)
Just to be a little clearer about the grandparent's points about chrome. Google could probably get a similar exception for Chromium to the firefox one and still have to export control Chrome. The use of Windows crypto functions also won't help since software which uses crypt functions is just as much controlled as software which implements them.
Controls on use of crypt (as well as implementations) actually kind of make sense. a) it's very easy to mess up a use and use a secure crypto function insecurel
Re: (Score:1)
Google is just as unable to control export as Firefox is.
IP-based "Geolocation" is completely ineffective. Anyone from a "banned" country can simply establish communications through a VPN service, proxy system, or onion router system such as TOR
And banned persons are impossible to detect without requiring every downloader somehow prove their identity, which is impossible without using strong encryption...
Re: (Score:2)
Google is just as unable to control export as Firefox is.
almost.
And banned persons are impossible to detect without requiring every downloader somehow prove their identity, which is impossible without using strong encryption...
But in this case google has no reason to believe and no way to discover that they are dealing with a banned person so they are pretty much in the clear. You can get done for deliberately dealing with a banned person. You can get done for not taking care to avoid dealing with banned people. You can't get done for dealing with a banned person when you believed and had some reason to believe that you were not dealing with a banned person.
I'd even say that this example is almost reasonable. A priva
Re:Propaganda (Score:5, Funny)
The US media, however, is eager to twist the story.
It would seem not, as you linked to PBS, a news outlet funded by the U.S. Government. LOL
Re: (Score:2, Insightful)
Re: (Score:3, Funny)
Ah, I'm worng. Again.
And again as well. ;P
Just ain't your day is it?
Re:Propaganda (Score:4, Informative)
Re: (Score:1, Troll)
Re: (Score:2)
i don't know if it was your intention or not to insinuate that if a media outlet weren't proud of a funding source, that the funding source wouldn't influence the media outlet's reporting. but in any case i would have to disagree. for every story, the reporter would have to consider whether a source of funds will get upset by the story and wi
Re: (Score:2)
Re: (Score:2)
Yes, not outright offering Syrians and Iranians their browser, while leaving plenty ways they can still get chrome, and citing sanctions against those countries as the reason is CLEARLY a "propaganda partnership." I mean google has so much to gain by playing along with this massive international conspiracy. So very much. After all, if a resident of Syria were able to use google chrome, the Combine would be unable to stop Gordon Freeman, which is also Google's sworn enemy.
Matter of fact, -I- haven't offer
Apology (Score:3, Funny)
Re: (Score:3, Funny)
Take your incorrect post like a man. Accept you made a mistake, acknowledge it, and move on. And make sure your research is sound before posting again.
Re:Apology (Score:4, Funny)
You really must be new here.
Re: (Score:2)
I failed to do enough research. Is there a way I can delete the parent post?
slashcode has a secret delete function that lets you hide your shame.
You have to reply to your post you want to delete with:
Dear aunt, let's set so double the killer delete select all.
Re: (Score:1)
Dear aunt, let's set so double the killer delete select all.
Windows Vista voice recognition issues?
You must mean: reply at top level with subject "first post" body "pls kill first post", to try and get the editors'/moderators' attention. You may need to send e-mail to persuade. I hear some people like viagra, send editors some links to some web sites, and they'll probably be happy to delete.
J/K. (Slashdot posts are more or less set in stone, unless you can get the RIAA et al., Google, or perh
Re: (Score:1)
I thought it was some obfuscated SQL injection.
Re: (Score:2)
I failed to do enough research. Is there a way I can delete the parent post?
Perhaps you should have done some more research on that second subject before you posted it as a question. If we answer now, you'll never learn.
Re: (Score:2)
Where "enough research" would be just skimming through the article you decided to use as evidence for your ridiculous assertion?
That's a mighty low bar you've set there.
Re:Apology (Score:4, Interesting)
I failed to do enough research. Is there a way I can delete the parent post?
Join the Scientologists. Claim your post is part of their dogma. Threaten legal action.
http://slashdot.org/yro/01/03/16/1256226.shtml [slashdot.org]
That Depends (Score:1, Funny)
Is there a way (to) delete (a Slashdot) post?
That depends. Is your name Xenu?
Re: (Score:2)
Re: (Score:2)
There is only one Cdr Taco. If your'e lucky, you will hear from him.
Re: (Score:2)
Yes, obeying US export restrictions is propaganda.
They should just ignore them and go to prison so you feel better in your paranoid world.
Re: (Score:2)
Syria is not being looked at on this forum. Google is doing some funky stuff that even makes me feel wierd.
We look at different things.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1, Redundant)
Re: (Score:2)
Re: (Score:1, Funny)