Developping for the translation industry RSS 2.0



 Tuesday, 23 February 2010

China-us-flagsThe big news over the past few months were the Aurora attacks and how they seemed to originate from China, last month Microsoft took the unusual step and released an Out-Of-Band patch for the IE6 0-Day vulnerability used in the attacks.

It was always thought the exploit originated from China due to parts of the code only being discovered on Chinese language sites, the latest news is that the actual origin of the code has been discovered by US investigators.

US investigators have pinpointed the author of a key piece of code used in the alleged cyber attacks on Google and at least 33 other companies last year, according to a new report.

Citing a researcher working for the US government, The Financial Times reports that a Chinese freelance security consultant in his 30s wrote the code that exploited a hole in Microsoft’s Internet Explorer browser. The report also says that Chinese authorities had “special access” to this consultant’s work and that he posted at least a portion of the code to a hacking forum.

According to The Financial Times report, the unnamed security consultant who wrote the exploit code is not a full-time government worker and did not launch the attacks himself. In fact, the FT says, he “would prefer not to be used in such offensive efforts.”

The reports says that when he posted the code to the hacking forum, he described it as something he was “working on.”

With a January blog post, Google announced that attacks originating from China had pilfered unspecified intellectual property from the company, and Microsoft later said the attack had exploited a hole in its Internet Explorer 6 browser. According to security researchers, at least 33 other companies were targeted by similar attacks.

Put simply, this means that the “consultant” who created the code posted a proof of concept for this exploit on a hacking forum. Then someone took this proof of concept, turned it into a working exploit and attacked 33 US based companies.

It will be interesting to watch how this story will unfold after this and if it’s going to increase the tension between the US and China governments. The whole cyberwar has been going on for quite a while now with both sides trying to secretly steal information from each other.

So far the author of the code has not been named and his real identity or purpose is still a little vague.

Source: The Register

 

Other posts:

Google Will Pay 500$ Bounty For Each Chrome Browser Bugs You Find

Google Translator Hacked

Password aren't a good defense?

In the news: Google negotiating cooperation with the NSA

Some tips to enhance your SQL Server security

How To: Create an Outlook 2003 addin using VSTO SE and Visual Studio 2005

Tuesday, 23 February 2010 10:33:37 (Eastern Standard Time, UTC-05:00)  #    Comments [0] -
News | Security

Navigation
Advertisement
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2017
Stanislas Biron
Sign In
Statistics
Total Posts: 135
This Year: 0
This Month: 0
This Week: 0
Comments: 1
All Content © 2017, Stanislas Biron