Categories: MarketingSecurity

Google Turns To NSA For China Hack Help

According to media reports Google has turned to the National Security Agency (NSA) to help it analyse the controversial China hack in December, and to improve its security measures.

According to the Washington Post, the NSA is working on an agreement with Google to help analyse the attack so the company can improve its defences against future security threats. The NSA did not respond to an eWEEK request for comment, and Google declined to make a statement. Google has already said however that it is working with “the relevant US authorities.”

The Post said that the agreement is being designed to allow the organisations to share information without violating any laws or Google policies regarding online privacy, and does not mean the NSA will view users’ searches or email accounts.

Reports of the deal follow weeks of controversy about the attack. Google stated the attack originated in China, and threatened to shut down its Chinese operations due to the attack and concerns about censorship.

Evidence of Chinese involvement in the attacks on Google and more than 30 other companies has been the subject of dispute, as security researchers at McAfee, for example, have identified systems in both the United States and Taiwan that were involved in the attack. Last month, Joe Stewart, director of Malware Research for SecureWorks’ Counter Threat Unit, said he found a cyclic redundancy check (CRC) algorithm in a Trojan used in the attacks that was released as part of a Chinese-language paper on optimising CRC algorithms for use in microcontrollers. However, critics argue the code has circulated outside China for years.

“The thing is, the origin of the code doesn’t really matter – it’s the prevalence,” Stewart countered. “This algorithm was posted on thousands of Chinese websites for years, but only a handful of Western sites seem to have ever seen it before the Aurora news broke, and none of those were 32-bit Windows programming sites, they were all dedicated to embedded programming.”

For its part, the Chinese government has denied any involvement in the cyber-attacks. In a hearing with the Senate Select Committee on Intelligence 2 February, Director of National Intelligence Dennis C. Blair called the Google attacks a “wake-up call.”

“Malicious cyber-activity is growing at an unprecedented rate, assuming extraordinary scale and sophistication,” he said. “In the dynamic of cyber-space, the technology balance right now favours malicious actors… and it is likely to continue that way for quite some time.”

Brian Ahern, CEO of Industrial Defender, told eWEEK that Blair’s comments underscore the importance of dealing with cyber-threats to the United States.

“Our operational infrastructure – the very systems at the heart of the electric grid, controlling processing operations in chemical plants and oil refineries, controlling access to our water supplies and our transportation systems – are equally at risk, and a cyber-attack to this infrastructure can cause significant threats to public safety… (and) the public and private sectors both need to acknowledge these threats of crippling attack from increasingly sophisticated enemies and take swift steps to assure that our nation’s critical infrastructure is secured,” Ahern said.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

View Comments

  • Mr. Stewart's "China code" claim seems to have some problem:

    1) A follow-up published by The Register on 1/26 contradicted the claim the CRC algorithm was not known outside China. The 4-bit CRC code has been around for over a decade in the device application arena. Once this fact is public, several code samples outside China have been located by bloggers discussing this issue.

    2) Mr. Stewart seems to have neglected the fact variable names are stripped out during code compilation when he alluded to a variable name in the Aurora machine code. There is absolutely no link between the "crc_ta[16]" variable he identified as Chinese, and the machine code in Aurora.

    Google "crc_table[16]" turns up many code examples ouside China, what does that prove?

    3) Upon closer examination of Mr. Stewart's citations, the alleged Chinese white paper containing the algorithm, and code snip found by Googling the identified variable name, both turned up different code than what's in Aurora.

    Specifically, the Aurora code contains a 12-bit shift optimization (found as early as 1988 according to The Register article):

    t = crc16 12

    however the code passed around in Chinese sites is unoptimized code using two divisions:

    da=((uchar)(crc/256))/16

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago