Can we *prove* China is behind Operation Aurora?

Filed Under: Google, Law & order, Malware, Video, Vulnerability

Is it possible to prove that the recent hacks against Google, Adobe, and others were sponsored by the Chinese government?

It's not that easy.

You see, although there's unlikely to be anyone with a better motive for cracking into the email accounts of Chinese human rights activists, there's a lot of difference between a good motive and a "smoking gun" of actual hard evidence.

Learn more in this video I just made:

(Enjoy this video? You can check out more on the SophosLabs YouTube channel and subscribe if you like)

Even if a computer involved in the attacks was found to be located inside a Chinese military base that doesn't necessarily mean that it was an attack done with the knowledge of the Chinese authorities.

It could have been compromised by hackers in other countries. After all, think of all the spam you receive every day - that's not sent by computers belonging to the spammers. Instead they're from PCs that cybercriminals have comandeered and turned into a botnet for their own purposes.

As Chet has discussed over on his blog, some research has been published examining an algorithm used in the attacks, which does link it to a published Chinese research paper - but again, that doesn't make it a hard fact that the People's Liberation Army or Beijing government gave their blessing to the hack. All it tells us is that the hackers were probably comfortable reading Chinese.

So, yes, I do believe it's more likely than not that China is involved in Operation Aurora. But I think we all need to be very careful before pointing fingers and stating it as fact.

You should take that as a warning to clean-up the botnet computers in your own back yard, or it could be your country which is accused of launching an attack next.

, , , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.