Look Who's Not Talking About Chinese Schools and Google Hack
Operation Aurora -- the cyberattack at the root of Google's standoff with China -- may have originated from two Chinese technical schools, according to a recent report. When the attacks were first publicized, many security experts said the break-ins were the work of highly sophisticated hackers. Now they're pretty much silent.
Feb 19, 2010 12:03 PM PT
News that students in two Chinese schools could be behind recent well-publicized online attacks on Google and other major U.S. corporations doing business in China has security experts running for cover.
McAfee, which has dubbed the hacks "Operation Aurora," described the series of attacks as highly sophisticated and a watershed event in cybercrime.
The attacks have led to a standoff between Internet megacompany Google and the government of China over Beijing's censorship of the Internet. Google's stance has won it vocal support from several high-ranking members of the U.S government. The events have also prompted Chinese authorities to crack down on hackers.
Chinese Hackers Do It Better?
The online attacks have been traced to Shanghai Jiaotong University and the Lanxiang Vocational School, according to unnamed sources cited in a New York Times report.
Jiaotong University has one of China's top computer programs. Students from the university won the 2010 ACM International Collegiate Programming Contest earlier this month. Nicknamed "The Battle of the Brains," this competition pits teams from the world's top 103 universities against each other in using open source technology to design software that solves real-world problems. It's organized by IBM.
Lanxiang is a vocational school that was established with Chinese military support and trains some computer scientists for the military, according to the Times.
Like some other countries' military establishments, China's military has long been suspected of conducting cyberprobes of other nations' defenses and of being behind certain attacks on other governments' digital infrastructures.
Is Aurora's Light Dimming?
As evidence emerged about Operation Aurora, many security experts depicted the attacks as being the work of highly experienced hackers.
Announcing the network intrusion in January, Google described the attack as "highly sophisticated" and disclosed that at least 20 other major U.S. companies had been hit.
The level of sophistication used in the attacks totally changed the threat model, Dmitiri Alperovitch, vice president of threat research for McAfee, said shortly after Google's announcement. Other cybersecurity vendors were quick to jump on the bandwagon and herald the cleverness and sophistication of the hackers behind Aurora.
Now, however, security vendors seem to be running for cover.
Alperovitch declined to discuss whether the attacks came from the Chinese schools named in the Times report, whether the school's servers could have been used as a conduit by outside hackers, and how students at Chinese schools could employ attacks of a level of sophistication that professional cybercriminals hadn't used before.
"Mr. Alperovitch says that McAfee will not comment on these questions at this time," Heather Edell, at McAfee's public relations agency Red Consultancy, told TechNewsWorld.
However, he did say that the Kneber botnet, which hit 75,000 computers in about 2,500 companies worldwide, has nothing to do with Operation Aurora.
Kaspersky Lab also declined comment on the latest news about Operation Aurora. "Kaspersky isn't offering broad commentary on these issues at this time," company spokesperson Greg Sabey told TechNewsWorld.
Most significantly, Google, which announced news of the attack to the world, is keeping mum. "We're not going to comment on our ongoing investigation," Google spokesperson Jay Nancarrow told TechNewsWorld.
The Fallout From Aurora
Google's announcement of the attack on its infrastructure and its allegations that hackers in China were behind Operation Aurora exacerbated the bad blood between China and the U.S. over Beijing's censorship of the Internet.
It also forced Microsoft to patch the Internet Explorer zero-day flaw through which the hackers carried out their attack. That IE flaw compelled Germany and France to suggest their citizens discontinue use of IE, at least temporarily.
Google then raised the stakes by reportedly bringing in the National Security Agency to probe the hack, which itself raised concern among privacy advocates in the U.S.
Google's announcement that China was behind Operation Aurora also divided the security community. Some pointed out that foreign cybercriminals from some other country could be merely working through servers located in China, while others believed Chinese hackers were indeed responsible.
The brouhaha also led the Chinese to crack down on hackers. Chinese police shut down the Black Hawk Safety Net, a hacker-centric site, earlier this month.
So what do we know about who's behind Operation Aurora? Nothing, really. Even the latest information about Chinese schools being involved is suspect. "I'm not aware of any briefing to The New York Times," Google's Nancarrow said.