Security Consultant Wrote Code for Google Hack

News
By Jane McEntegart
published

The net is closing on China's Google hacker.

The Financial Times says investigators are closing in on the person responsible for the highly controversial "Google hacking" that affected top search engine, Google, as well as many other companies.

Last week news reports said the hackings had been traced to two schools in China, one of which has close ties to the Chinese military. Now, the Financial Times says a freelance security consultant wrote the part of the program. Citing a researcher working for the US government, FT reports that this consultant (believed to be in his 30's) posted pieces of the program to a hacking forum, describing it as something he was "working on" and that Chinese officials had special access to the work.

According to the US team who uncovered his role, the man who wrote the code, which takes advantage of a previously unknown flaw in IE, is not a full-time government worker, did not launch the attack, and "would prefer not be used in such offensive efforts"

Read more on the Financial Times.

Jane McEntegart
32 Comments Comment from the forums
  • ncr7002
    so?
    Reply
  • mdu net
    ok the vulnerability is in IE .... don't Google use Chrome?
    Reply
  • buckinbottoms
    its fixed now, so whats the point? Maybe its a challenge for security officials to find the hackers?
    Reply
  • curnel_D
    Eh. Jane, you're usually a ton better about this too. If the guy only wrote part of the code, and someone else took advantage or had 'special access' to that code, he's quite obviously NOT the 'google hacker'.
    Reply
  • curnel_D
    buckinbottomsits fixed now, so whats the point? Maybe its a challenge for security officials to find the hackers?It comes down to the fact that if the 'People's Republic' is the attacker, it was a major breach in national security, orchestrated by another world super-power. If the Chinese Gov is responsible, they need to be held accountable. And since their entire economy is based on exporting all their crap to the US, we have quite a bit of power to do so.
    Reply
  • noodlegts
    What I don't understand is that given the cost that all of these companies incur trying to fight hacking.. can't they just PAY hackers to not hack?

    How do hackers make money? WHy do they hack? Just to be dicks? I'm sure if Mircosoft said "from now on any vulnerabilities you find are worth $10,000" it would go a long way in curbing down hacking/malware etc. Would probably boost their sales too.
    Reply
  • joebob2000
    Curnel_DIt comes down to the fact that if the 'People's Republic' is the attacker, it was a major breach in national security, orchestrated by another world super-power. If the Chinese Gov is responsible, they need to be held accountable. And since their entire economy is based on exporting all their crap to the US, we have quite a bit of power to do so.
    "Death spiral: A tragedy in two parts"
    China sells goods to the US. China then uses economic power to buy treasury bonds (maintaining the value of the dollar).

    The US is addicted to Chinese goods. It's economy simply would not work if it didn't have access to cheap tools, from laptops to networking devices to construction equipment. Not to mention the entertainment industry's reliance on cheap production/distribution equipment.

    Go after China full force and drag both countries down? Ignore it for diplomacy's sake? Prosecute it via civil means as an empty show of distaste? Decisions... Decisions...
    Reply
  • JMcEntegart
    Curnel_DEh. Jane, you're usually a ton better about this too. If the guy only wrote part of the code, and someone else took advantage or had 'special access' to that code, he's quite obviously NOT the 'google hacker'.
    Wasn't intentional. Just trying to find an appropriate title that's within our very tight character restriction for headlines. "Author of code for Google China Hack" won't fit but I'll see what I can figure out.
    Reply
  • JMcEntegart
    Curnel_DEh. Jane, you're usually a ton better about this too. If the guy only wrote part of the code, and someone else took advantage or had 'special access' to that code, he's quite obviously NOT the 'google hacker'.
    Have rejigged things. It's not exactly a well written headline but hopefully you'll find it's a little more accurate.
    Reply
  • curnel_D
    JMcEntegartWasn't intentional. Just trying to find an appropriate title that's within our very tight character restriction for headlines. "Author of code for Google China Hack" won't fit but I'll see what I can figure out.That's why you're the only one who holds credibility around here. :) Thanks.
    Reply