In the last week at least four major newspapers have each run stories about the hacking that led Google to threaten that it might stop censoring results in China (which it hasn’t, yet). All of the stories were based on anonymous sourcing from security researchers and intelligence officials, but they don’t exactly paint a cohesive picture of what happened. Here are the key (sometimes conflicting) details that have emerged:
New York Times, Feb. 18: The online attacks, which used malware sent through email attachments, were traced to Shanghai Jiaotong University and the Lanxiang Vocational School. The latter is closely tied to the Chinese military. Before this information came to light, the investigation had implicated servers in Taiwan.
Washington Post, Feb. 20: Investigators have narrowed an exploit of an Internet Explorer 6 vulnerability down to six potential hackers, including contractors based at Chinese and U.S. tech companies in China. The code used in the attacks “was developed by a diverse group of Chinese hackers” and used Chinese servers.
Financial Times, Feb. 21: “A freelance security consultant in his 30s wrote the part of the program that used a previously unknown security hole in the Internet Explorer web browser to break into computers and insert the spyware.” Further, Chinese officials have privileged access to this researcher’s work, which he had also posted in part to a “hacking forum.”
Wall Street Journal, Feb. 22: A “prominent Asian hacking group,” with a tendency to “use the same type of attack code to pilfer data in every scheme it executes” is implicated. Investigators aren’t necessarily likely to pinpoint an individual, according to the report. The group is known to surgically attack a small set of machines rather than collecting massive amounts of data.
The Chinese government, meanwhile, has denied any involvement in the hacking attacks on Google and others, suggesting that Google is a pawn in U.S. diplomatic strategy and that the concept of “Internet freedom” that Google and the U.S. say they want to protect is a fallacy.
Related from GigaOM Pro (sub req’d):
Image by Flickr user googlisti.