gmail234

Google Turns To NSA For China Hack Help

Send in the spooks! Google is reportedly working with the NSA to analyse the Chinese cyber-attack and to help prevent such attacks in the future

According to media reports Google has turned to the National Security Agency (NSA) to help it analyse the controversial China hack in December, and to improve its security measures.

According to the Washington Post, the NSA is working on an agreement with Google to help analyse the attack so the company can improve its defences against future security threats. The NSA did not respond to an eWEEK request for comment, and Google declined to make a statement. Google has already said however that it is working with “the relevant US authorities.”

The Post said that the agreement is being designed to allow the organisations to share information without violating any laws or Google policies regarding online privacy, and does not mean the NSA will view users’ searches or email accounts.

Reports of the deal follow weeks of controversy about the attack. Google stated the attack originated in China, and threatened to shut down its Chinese operations due to the attack and concerns about censorship.

Evidence of Chinese involvement in the attacks on Google and more than 30 other companies has been the subject of dispute, as security researchers at McAfee, for example, have identified systems in both the United States and Taiwan that were involved in the attack. Last month, Joe Stewart, director of Malware Research for SecureWorks’ Counter Threat Unit, said he found a cyclic redundancy check (CRC) algorithm in a Trojan used in the attacks that was released as part of a Chinese-language paper on optimising CRC algorithms for use in microcontrollers. However, critics argue the code has circulated outside China for years.

“The thing is, the origin of the code doesn’t really matter – it’s the prevalence,” Stewart countered. “This algorithm was posted on thousands of Chinese websites for years, but only a handful of Western sites seem to have ever seen it before the Aurora news broke, and none of those were 32-bit Windows programming sites, they were all dedicated to embedded programming.”

chinawall234.jpg

For its part, the Chinese government has denied any involvement in the cyber-attacks. In a hearing with the Senate Select Committee on Intelligence 2 February, Director of National Intelligence Dennis C. Blair called the Google attacks a “wake-up call.”

“Malicious cyber-activity is growing at an unprecedented rate, assuming extraordinary scale and sophistication,” he said. “In the dynamic of cyber-space, the technology balance right now favours malicious actors… and it is likely to continue that way for quite some time.”

Brian Ahern, CEO of Industrial Defender, told eWEEK that Blair’s comments underscore the importance of dealing with cyber-threats to the United States.

“Our operational infrastructure – the very systems at the heart of the electric grid, controlling processing operations in chemical plants and oil refineries, controlling access to our water supplies and our transportation systems – are equally at risk, and a cyber-attack to this infrastructure can cause significant threats to public safety… (and) the public and private sectors both need to acknowledge these threats of crippling attack from increasingly sophisticated enemies and take swift steps to assure that our nation’s critical infrastructure is secured,” Ahern said.

Techweekeurope for mobile devices
Android-App Google Currents App for iOS

Last comment




0 replies to Google Turns To NSA For China Hack Help

  • On February 7, 2010 at 7:56 pm by ChasL

    Mr. Stewart’s “China code” claim seems to have some problem:

    1) A follow-up published by The Register on 1/26 contradicted the claim the CRC algorithm was not known outside China. The 4-bit CRC code has been around for over a decade in the device application arena. Once this fact is public, several code samples outside China have been located by bloggers discussing this issue.

    2) Mr. Stewart seems to have neglected the fact variable names are stripped out during code compilation when he alluded to a variable name in the Aurora machine code. There is absolutely no link between the “crc_ta[16]” variable he identified as Chinese, and the machine code in Aurora.

    Google “crc_table[16]” turns up many code examples ouside China, what does that prove?

    3) Upon closer examination of Mr. Stewart’s citations, the alleged Chinese white paper containing the algorithm, and code snip found by Googling the identified variable name, both turned up different code than what’s in Aurora.

    Specifically, the Aurora code contains a 12-bit shift optimization (found as early as 1988 according to The Register article):

    t = crc16 12

    however the code passed around in Chinese sites is unoptimized code using two divisions:

    da=((uchar)(crc/256))/16

Leave a Reply

  • Required fields are marked *,
    Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>