Google hackers
Shanghai Jiaotong named as a source in Google compromise
Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee.When we last caught up with our old friend Coolswallow/Ericool/Peng Yinan, he was giving a presentation titled, “Hacker in a Nutshell,” at the Chen Ruiqiu building, located on the Jiaotong University campus.
( gao yulongon 19 Feb 2010 at 9:13 pm…..So, now we have a Public Security Bureau information security consultant, who is a senior hacker, credits on his flash animation of Coolswallow )
XXXXXXXXXXXXXXXXXXXXXXXXX
Loyal readers of TDV may remember Heike’s post about Peng Yinan, aka Coolswallow of Javaphile. According to this NY Times article, the school that Yinan has occasionally taught at was discovered to have been involved in the Google compromise revealed last month. At this point, it is only the IP addresses that seem to link the school to the compromise but it is an interesting coincdence that one of the most prolific Chinese hackers has a close connection to the school.)
Investigators looking into Web attacks on Google and dozens of other American companies last year have traced the intrusions to computers at Jiaotong as well as an obscure vocational school (Lanxiang) in eastern China
With its sterling reputation and its scientific bent,Shanghai Jiaotong University has the feel of an Ivy League institution.
The university has alliances with elite American ones like Duke and theUniversity of Michigan. And it is so rich in science and engineering talent that Microsoft and Intel have moved into a research park directly adjacent to the school.
But Jiaotong, whose sprawling campus here has more than 33,000 students, is facing an unpleasant question: is it a base for sophisticated computer hackers?
SOURCE:
Executives at Google have said little about the intrusions and would not comment for this article. But the company has contacted computer security specialists to confirm what has been reported by other targeted companies: access to the companies’ servers was gained by exploiting a previously unknown flaw in Microsoft’s Internet Explorer Web browser.
( this doesn't make any sense, the exploit explained below would work on most any
system, maybe it was used to get by Google's email scanners? )
Forensic analysis is yielding new details of how the intruders took advantage of the flaw to gain access to internal corporate servers. They did this by using a clever technique — called man-in-the-mailbox — to exploit the natural trust shared by people who work together in organizations.
After taking over one computer, intruders insert into an e-mail conversation a message containing a digital attachment carrying malware that is highly likely to be opened by the second victim. The attached malware makes it possible for the intruders to take over the target computer.
SOURCE:
Paradigm Intel:
They walked right past Google's best security and sat there for a prolonged period.
Google never saw them, they only discovered the break in, from the use of
the data by the intruders, which lead Google into some heavy forensics to
discover how, and even then evidence was just incidental.
Google is really pissed, and defenseless, traps have been instituted.
Google is one of the foremost leaders in Internet security.
And "They" walked right through all the propriety security.
Google's programs, and methods are very valuable, and
Google's fear is palatable, enough to call in NSA.
But Google's Cyber forces hacked them right Back.
Gerald
UPDATED:
At least 34 companies, including Adobe, Symantec, Yahoo and Dow Chemical, were attacked, according to industry sources. And Intel,( but who were the other 30 companies? G ) Northrop Grumman and Juniper NetworksRead more: http://www.nydailynews.com/news/world/2010/01/14/2010-01-14_security_experts_china_hacked_google_to_steal_us_defense_secrets.html#ixzz0gQraJ5KQTactical Internet Systems analyst.
xxxxxxxxxxxxxxxxxxxxxxx
Our paradigm Inetl says:
Micro Soft
What other companies, send me a note in comments.
Google's counter hack discovered they were after contents
of Gmail accounts, and didn't see evidence of what they were
after is the cases of the other companies.
Thats real bad news.
It may mean this was just and open back door,
that they may have had open for months.
One doesn't hack Google just for emails.
But one might go back for emails as long
as the door was open.
These 34 companies may have been gutted
of trade secrets.
But how will they exploit so many trade secrets
programing with out giving themselves away.
THEY WILL BE DISCOVERED.
Sophisticated' Hack Hit Intel
News: Nearly 2500 companies hacked! | latest-security-news | GSO ...
Feb 17, 2010 ... News: Nearly 2500 companies hacked! ... 01 December 2009 14:34; GovernmentSecurity Forums gets a new look http://bit.ly/3J5Cn2 Link Saturday ...
www.governmentsecurity.org/.../news-nearly-2500-companies-hacked.html -
www.governmentsecurity.org/.../news-nearly-2500-companies-hacked.html -
Slashdot | Chinese Hack Attacks on DoD Networks Coordinated
Feb 17, 2007 ... Chinese Hack Attacks on DoD Networks Coordinated -- article related to Index, Government, Security, and Politics
IEEE Spectrum: DoD Admits to Being Severely Hacked
Mar 8, 2008 ... DoD Admits to Being Severely Hacked.
IF IT CAN BE PROVED CHINA IS BEHIND THESE ATTACKS.
IF THEY BENEFITED FROM THE HACKS
THATS AN ACT OF WAR.
What happens to bank robbers?
The world needs a workable paradigm
for discovery of STATE theft.
EVEN IF A STATE STEALS FROM INDIVIDUALS.
RIAA MAY ALREADY HAVE A SECRET TREATY
THAT MIGHT ALREADY COVER THIS,
CUT CHINA OFF FROM THE WORLDS WWW
AND FINES.
Gerald
Tactical Internet Systems analyst.
.HOW THEY WILL BE FOUND and Caught:
"What herd of elephants Officer?"
.
Labels: Google hackers
2 Comments:
I really value your insights, but holy crap your blog is hard on the eyes. Have you actually looked at it lately?
Yup, Google blogger doesn't do
color matches very well regarding
background colors.
And I'm stuck with posts bsck to 2001.
And legacy "color" issues limit
my choices of text colors and background colors. Its still a big improvement over what it was.
I use a "control, +" to enlatge the text.
G
Post a Comment
Subscribe to Post Comments [Atom]
<< Home