Saturday, January 16, 2010

The hacker attack on Google cs - Whodunit?

World of WarcraftImage via Wikipedia
In the major upheaval caused by Google's announcement its servers had been attacked and it might for that reason leave China, two major assumptions surprisingly were not challenged. Since I have no inside knowledge of the attack I was waiting for others do poke some holes in superficial articles like this one in Computerworld, B ut nobody did yet, so I give it a shot.
I know it is almost impossible to prove who really did it, with a proof that would stand in any court. I hope the internet security community has more behind their sleeves than they have been showing up to now. It might not be clever to show all cards. When you develop technology to protect yourself against burglars, you do not want to spell out the details in public.
But let's turn the argument of our well-paid internet security experts around. The massive hacker attack must have been a major embarrassment for them. They are being hired to prevent that just that kind of attack, so not surprisingly they have to cover their back.
Not surprisingly, they say the attack was highly sophisticated. Of course, it was. How else could they have missed it? Perhaps they were not as sophisticated as they should be?

Next question: who did it? What do our less-than convincing experts say, liked here in ComputerWorld:
Carrillo is convinced that, given the sophistication of the code, it was produced with support from Chinese authorities. "This wasn't on the level of Metasploit," Carrillo said, referring to the open-source penetration testing framework whose exploits are often used by hackers to craft malware. "This wasn't something that a 16-year-old came up in his spare time."
When asked if the code quality pointed toward Chinese state support, Carrillo answered, "I would say so." He declined to elaborate.
With all due respect to the Chinese government, I would like to reverse the argument. If the attack was as sophisticated as the experts claim, it is a very solid proof the Chinese government was not involved. I do hope Mr. Carrillo can elaborate later a bit more, because today I do not buy his argument. "State support" is of course different from "government involvement", but something must have justified the angry reaction of Google.
The vague innuendo we get now, might backlash into the face of those experts, who are trying to cover themselves against accusations of gross under-performance.
We need names and (IP) numbers to make this case really convincing. As those familiar with China know, "Chinese state support" is just a simplification of anything that has to do with China. Was it the PLA? A group of students at state supported universities? Where it state-owned corporate giants? Or is Alibaba a better candidate?
Now, the number of internet users is nearing the 400 million, so only for statistical reasons the chance of any attack coming from China seems logical. If you look at the internet landscape in China, who would be likely candidates for such an attack?
I would rather look into the huge networks that have been developed in the World of Warcraft and other massive interactive games that have been so popular over the past years in China. Worried parents and authorities have been trying to stop the younger internet users from spending most of their lives behind computer screens. But by intensively participating in those games, China's internet users have learned to make important decisions, to develop team work all around the nation, developed leadership skills and talents traditional education is often not providing. They know probably better than the PLA how to conduct a modern war.
Of course, playing those games online can be fun, but has its limitation. What would be more logical than taking those games into the real world? The Western experts who talk about the 16-year old behind his computer, have no clue how huge, sophisticated and - in the end - dangerous those networks can be.
Apart from the kick itself, there could be a lot of reasons for those networks to take on the real world. Making a buck has always been a driving force for China's citizens, its companies and even government departments.
Where is the money? That question is very important in any issue concerning China and has not yet been addressed.
Reblog this post [with Zemanta]
Post a Comment