back to article Cyber sleuth sees China's fingerprints on 'Aurora' attacks

A security researcher who reverse engineered code used to attack Google and other large companies has said he found what he believes are the fingerprints of Chinese hackers. The telltale sign, according to Joe Stewart, director of SecureWorks' Counter Threat unit, is is an error-checking algorithm in the software that …


This topic is closed for new posts.
  1. Neil Stansbury
    Thumb Down

    Thank you Miss Marple

    [...]If it's that good, it's plausible that attackers not aligned with the People's Republic of China might have heard of it.[...]

    Right and if it's only documented in Chinese, the person doing the translating must have been able to speak... Welsh? Cornish? Gaelic? Oh ok I give up.

    [...]What's more, binary code used in Hydraq was either compiled on an English-language system or was edited after the fact to conceal its Chinese-language roots.[...]

    The corollary of that point being that the alledged [Chinese] hackers didn't want everyone to know they were Chinese?

    Rather like saying that the Pope wants to make sure that he doesn't conceal he's Catholic?

    Nice one El' Reg Columbo would be proud of you.

  2. Ed 13


    It's a more memory efficient implementation of the CCITT CRC than a 256 element lookup table, but still not the most. A quick search will reveal a five line algorithm that requires no look up and no loop (finding it has been left as an exercise for the reader).

  3. Anonymous Coward

    Surely the clue is...

    the attack was not on random people, but seemingly human right's protesters - ones which would appear to be enemies of the PRC. I see Columbo is hovering by the swing doors here at the institution, but that looks like a pretty big fingerprint.

    Also, why are you not reporting more on the recent clarification of their SMS censorship intentions (blocking access, requiring permits to re-instate your account and so on?). Avatar wasn't that good, and this storey has been baked dry.

    1. Anonymous Coward

      That still does not mean they wrote it and executed it

      Chinese know how to outsource too ya know. They knew it even before we taught them a few refresher lessons recently. In fact they are probably the last ones to write something a-new if it is already available out there. It is much easier to pinch it.

      Similarly, if the attack is traced to its origin it is much easier to deny involvement if it is executed by someone outside China.

      And out of all countries out there there is only one which is in the habit of calling subversive stuff Aurora. Finding which one is left as an exercise to the reader. Hint - it is also a country where you can buy spearphishing as a service at a reasonable price.

      So on the balance of things I would not be so sure whodunnit. Who ordered it is clear, but whodunnit - not really. Can be either China or that other country... The Aurora one.

  4. Lost in a maze of twisty messages, all alike.

    By 'eck

    That's a neat little CRC algorithm.

  5. Anonymous Coward


    Quite clearly the security researcher has not been subjected to the cruel and unusual punishment of learning all the verses of "Cruiser Aurora" and having to sing it.

    Guess not... Cough... Cough...

  6. MinionZero

    Thin evidence == PR opportunity for his company...

    Oh so after googling for it, he found one, which is proof its from the chinese. *shakes head*

    When programmers want interesting code, they ask other programmers. So anyone could ask any Chinese programmer about it. So anyone could have access to this code. Its not as if its secret just because its written in Chinese! ... there happens to be more than a few Chinese coders we could all ask, all around the world.

    So while its very likely the Chinese were hacking the US (as spying has been going on for centuries between all powerful countries (they all play the same spying games)), his own evidence is so thin its meaningless. This guy sounds much more likely he is using the hacking story to get himself some attention for his company. To him, its a PR opportunity.

  7. Anonymous Coward

    Cascading Miracles

    The problem with twisting the circumstantial evidence to point away from the Chinese government suffers from the cascading miracle problem. One rare event in a chain common events (steps) may be plausible, but if to get from point A to point B you require multiple rare events (cascading miracles), then you are in a lot of trouble.

  8. Anonymous Coward
    Paris Hilton

    The Chinese did it!

    The internet told me they did, so there!

    Paris. The internet told me what she did, too.

  9. ADarkGerm

    The question one should ask is why is this happening?

    If i wanted to frame someone then i would also leave clues.

    Sounds like a House script, LOL.

    This is so stupid as they first state the attack was clever then they say it was Chinese!

    If they are so clever then how did they leave this simple clue?

    First rule of software engineering, don't reinvent the wheel!

    This is another set-up.

    Once again this is what they want the public to believe.

    Our Governments are really the stupid one's.

    Wake the hell up.

    One step forwards, two backwards, cool.


    PS Looking forwards to the death of the free world.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021