Sign in with
Sign up | Sign in

Security Consultant Wrote Code for Google Hack

By - Source: Tom's Hardware US | B 32 comments
Tags :

The net is closing on China's Google hacker.

The Financial Times says investigators are closing in on the person responsible for the highly controversial "Google hacking" that affected top search engine, Google, as well as many other companies.

Last week news reports said the hackings had been traced to two schools in China, one of which has close ties to the Chinese military. Now, the Financial Times says a freelance security consultant wrote the part of the program. Citing a researcher working for the US government, FT reports that this consultant (believed to be in his 30's) posted pieces of the program to a hacking forum, describing it as something he was "working on" and that Chinese officials had special access to the work.

According to the US team who uncovered his role, the man who wrote the code, which takes advantage of a previously unknown flaw in IE, is not a full-time government worker, did not launch the attack, and "would prefer not be used in such offensive efforts"

Read more on the Financial Times.

Display 32 Comments.
This thread is closed for comments
Top Comments
  • 12 Hide
    JMcEntegart , February 23, 2010 1:01 PM
    Curnel_DEh. Jane, you're usually a ton better about this too. If the guy only wrote part of the code, and someone else took advantage or had 'special access' to that code, he's quite obviously NOT the 'google hacker'.


    Have rejigged things. It's not exactly a well written headline but hopefully you'll find it's a little more accurate.
  • 10 Hide
    curnel_D , February 23, 2010 12:46 PM
    buckinbottomsits fixed now, so whats the point? Maybe its a challenge for security officials to find the hackers?

    It comes down to the fact that if the 'People's Republic' is the attacker, it was a major breach in national security, orchestrated by another world super-power. If the Chinese Gov is responsible, they need to be held accountable. And since their entire economy is based on exporting all their crap to the US, we have quite a bit of power to do so.
Other Comments
  • -8 Hide
    ncr7002 , February 23, 2010 12:01 PM
    so?
  • -6 Hide
    mdu net , February 23, 2010 12:32 PM
    ok the vulnerability is in IE .... don't Google use Chrome?
  • -4 Hide
    buckinbottoms , February 23, 2010 12:41 PM
    its fixed now, so whats the point? Maybe its a challenge for security officials to find the hackers?
  • 9 Hide
    curnel_D , February 23, 2010 12:43 PM
    Eh. Jane, you're usually a ton better about this too. If the guy only wrote part of the code, and someone else took advantage or had 'special access' to that code, he's quite obviously NOT the 'google hacker'.
  • 10 Hide
    curnel_D , February 23, 2010 12:46 PM
    buckinbottomsits fixed now, so whats the point? Maybe its a challenge for security officials to find the hackers?

    It comes down to the fact that if the 'People's Republic' is the attacker, it was a major breach in national security, orchestrated by another world super-power. If the Chinese Gov is responsible, they need to be held accountable. And since their entire economy is based on exporting all their crap to the US, we have quite a bit of power to do so.
  • -5 Hide
    noodlegts , February 23, 2010 12:50 PM
    What I don't understand is that given the cost that all of these companies incur trying to fight hacking.. can't they just PAY hackers to not hack?

    How do hackers make money? WHy do they hack? Just to be dicks? I'm sure if Mircosoft said "from now on any vulnerabilities you find are worth $10,000" it would go a long way in curbing down hacking/malware etc. Would probably boost their sales too.
  • 3 Hide
    joebob2000 , February 23, 2010 12:53 PM
    Curnel_DIt comes down to the fact that if the 'People's Republic' is the attacker, it was a major breach in national security, orchestrated by another world super-power. If the Chinese Gov is responsible, they need to be held accountable. And since their entire economy is based on exporting all their crap to the US, we have quite a bit of power to do so.


    "Death spiral: A tragedy in two parts"

    China sells goods to the US. China then uses economic power to buy treasury bonds (maintaining the value of the dollar).

    The US is addicted to Chinese goods. It's economy simply would not work if it didn't have access to cheap tools, from laptops to networking devices to construction equipment. Not to mention the entertainment industry's reliance on cheap production/distribution equipment.

    Go after China full force and drag both countries down? Ignore it for diplomacy's sake? Prosecute it via civil means as an empty show of distaste? Decisions... Decisions...
  • 9 Hide
    JMcEntegart , February 23, 2010 12:56 PM
    Curnel_DEh. Jane, you're usually a ton better about this too. If the guy only wrote part of the code, and someone else took advantage or had 'special access' to that code, he's quite obviously NOT the 'google hacker'.


    Wasn't intentional. Just trying to find an appropriate title that's within our very tight character restriction for headlines. "Author of code for Google China Hack" won't fit but I'll see what I can figure out.
  • 12 Hide
    JMcEntegart , February 23, 2010 1:01 PM
    Curnel_DEh. Jane, you're usually a ton better about this too. If the guy only wrote part of the code, and someone else took advantage or had 'special access' to that code, he's quite obviously NOT the 'google hacker'.


    Have rejigged things. It's not exactly a well written headline but hopefully you'll find it's a little more accurate.
  • 9 Hide
    curnel_D , February 23, 2010 1:02 PM
    JMcEntegartWasn't intentional. Just trying to find an appropriate title that's within our very tight character restriction for headlines. "Author of code for Google China Hack" won't fit but I'll see what I can figure out.

    That's why you're the only one who holds credibility around here. :)  Thanks.
  • 2 Hide
    noodlegts , February 23, 2010 1:05 PM
    You could always make it interesting by saying:

    Guess who wrote the Google hack code?

    Then we'd all click on it and you'd get better viewership numbers :) 
  • -2 Hide
    buckinbottoms , February 23, 2010 1:09 PM
    Curnel_DIt comes down to the fact that if the 'People's Republic' is the attacker, it was a major breach in national security, orchestrated by another world super-power. If the Chinese Gov is responsible, they need to be held accountable. And since their entire economy is based on exporting all their crap to the US, we have quite a bit of power to do so.

    lol, so its a national security issue to hack IE6? don't make me laugh buddy cause in that case we've had a few thousand "national security issues" since IE6 was released.
  • 4 Hide
    curnel_D , February 23, 2010 1:10 PM
    JMcEntegartHave rejigged things. It's not exactly a well written headline but hopefully you'll find it's a little more accurate.

    Nah, it's fine. We'd much rather it be accurate over slick and flashy.
  • 4 Hide
    curnel_D , February 23, 2010 1:14 PM
    buckinbottomslol, so its a national security issue to hack IE6? don't make me laugh buddy cause in that case we've had a few thousand "national security issues" since IE6 was released.

    No matter what browser/os/punchcard they use to hack, if a world super power is hacking on US soil, it is a "national security issue". National security isn't just about warheads and airplanes. Economy is aurguably a more imporant factor
  • 2 Hide
    annymmo , February 23, 2010 1:22 PM
    Quote:
    FT reports that this consultant (believed to be in his 30's) posted pieces of the program to a hacking forum, describing it as something he was "working on" and that Chinese officials had special access to the work.


    It's so the Chinese Government, mark my words!
    (Hopefully this won't start World War 3)
  • 0 Hide
    jfd10 , February 23, 2010 1:26 PM
    Curnel_DNah, it's fine. We'd much rather it be accurate over slick and flashy.

    seriously, this comment needs to be +20!!!!!
  • -3 Hide
    buckinbottoms , February 23, 2010 1:30 PM
    Curnel_DNo matter what browser/os/punchcard they use to hack, if a world super power is hacking on US soil, it is a "national security issue". National security isn't just about warheads and airplanes. Economy is aurguably a more imporant factor

    Blah blah blah, stuff has been hacked since computers were invented. Where it comes from is irrelevant, not to mention slightly retarded. China hacking a country it has a massive amount of money tied up in... Thats a lot like shooting yourself in the foot isn't it?

    Fix the vulnerability, restore from backups, and move on. If it were ever a true National Attack you block the host country IP range on your core routers and its over and done with. If you are so worried about China, then become a hacker yourself and do something about it.

    In the end, every attack leads to better software. This vulnerability has been fixed. Coders learn, the software gets better, and hackers have to work that much harder to get in. The system is always correcting itself. The attacks teach us more about our own vulnerabilities than they have done harm.
  • 0 Hide
    curnel_D , February 23, 2010 1:54 PM
    buckinbottomsBlah blah blah, stuff has been hacked since computers were invented. Where it comes from is irrelevant, not to mention slightly retarded. China hacking a country it has a massive amount of money tied up in... Thats a lot like shooting yourself in the foot isn't it?Fix the vulnerability, restore from backups, and move on. If it were ever a true National Attack you block the host country IP range on your core routers and its over and done with. If you are so worried about China, then become a hacker yourself and do something about it.In the end, every attack leads to better software. This vulnerability has been fixed. Coders learn, the software gets better, and hackers have to work that much harder to get in. The system is always correcting itself. The attacks teach us more about our own vulnerabilities than they have done harm.

    You're looking at it from a purely technical perspective. And if that was the only perspective, I'd agree with you 100%. But it's not. And that's the primary reason our gov has been involved with this investigation. If it was as simple as you say, they wouldn't be wasting their time.
  • 0 Hide
    buckinbottoms , February 23, 2010 2:02 PM
    Curnel_DAnd that's the primary reason our gov has been involved with this investigation.

    They did? I thought they just asked China to investigate and China through a pie back at Hillary's face!

    Build a better program, learn from your mistakes, and this isn't a problem no matter where it comes from.
  • -3 Hide
    curnel_D , February 23, 2010 2:15 PM
    buckinbottomsThey did? I thought they just asked China to investigate and China through a pie back at Hillary's face!Build a better program, learn from your mistakes, and this isn't a problem no matter where it comes from.

    http://www.allheadlinenews.com/articles/7017511426?Congress%20to%20Investigate%20Google%20Charges%20Of%20Chinese%20Internet%20Spying
    Hillary, Obama, and the US Congress.
Display more comments