February 22, 2010

Chinese hackers used same back door as US govt 'wiretaps' + Cyberwar Hype

Following up on Clouds over Google in China? is this, via bldgblog -- Bruce Schneier's editorial on CNN, U.S. enables Chinese hacking of Google:

"In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.

Google's system isn't unique. Democratic governments around the world -- in Sweden, Canada and the UK, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell.

Many are also passing data retention laws, forcing companies to retain information on their customers. In the U.S., the 1994 Communications Assistance for Law Enforcement Act required phone companies to facilitate FBI eavesdropping, and since 2001, the National Security Agency has built substantial eavesdropping systems with the help of those phone companies.

Systems like these invite misuse: criminal appropriation, government abuse and stretching by everyone possible to apply to situations that are applicable only by the most tortuous logic. The FBI illegally wiretapped the phones of Americans, often falsely invoking terrorism emergencies, 3,500 times between 2002 and 2006 without a warrant. Internet surveillance and control will be no different."


Update: there's more from Wired in 2 articles. First see Cyberwar Hype Intended to Destroy the Open Internet for a reminder about claims from self-interested government contractors like The Carlyle Group.

Then there's ‘Google’ Hackers Had Ability to Alter Source Code,

"A white paper released by security firm McAfee during this week’s RSA security conference in San Francisco provides a couple of new details about the Operation Aurora attacks (.pdf) that affected 34 U.S. companies, including Google and Adobe, beginning last July. McAfee helped Adobe investigate the attack on its system and provided information to Google about malware used in the attacks. [...]

As previously reported, the attackers gained initial access by conducting a spear-phishing attack against specific targets within the company. The targets received an e-mail or instant message that appeared to come from someone they knew and trusted. The communication contained a link to a website hosted in Taiwan that downloaded and executed a malicious JavaScript, with a zero-day exploit that attacked a vulnerability in the user’s Internet Explorer browser.

A binary disguised as a JPEG file then downloaded to the user’s system and opened a backdoor onto the computer and set up a connection to the attackers’ command-and-control servers, also hosted in Taiwan.

From that initial access point, the attackers obtained access to the source-code management system or burrowed deeper into the corporate network to gain a persistent hold."

No comments: