funsec mailing list archives
Re: E-Mail Leak Has Google Threatening to Leave China
From: phester <funsec () armorfirewall com>
Date: Wed, 13 Jan 2010 13:33:16 -0500 (EST)
On Tue, 12 Jan 2010, Paul Ferguson wrote:
On Tue, Jan 12, 2010 at 9:09 PM, rick wesson <rick () support-intelligence com> wrote:I'm hearing that its like 30 companies involved. What I'm wondering is how they attributed it to the Chinese. With so many compromised systems in china isn't that the perfect joe-job?
There's an advantage to wearing hats of varying shades of gray. When my systems are attacked, I attack back. Your point on compromised systems is valid, but it also presents an opportunity to an investigator - the attacking machines are usually not hard to own. Once you own the box, finding the source of a bounced attack is easy. Changing the default route when you're done also usually deprives the attacker of that asset.
If I was Chinese and working to penetrate a bunch of us companies why would i do the deed from my own countries network. Rarely does a cyber criminal use networks within their own country to control asses, why do the Chinese?
Probably because their outbound connections are watched very closely when entering any other country. Wouldn't say, Romania be very helpful to the attacked party in sending logs of the inbound connection from China to the attacking proxy?
If I was from another nation I would look at the Chinese systems as a easy proxy, and throw off my trail by attempted crompromise of "freedom fighter" accounts. One thing I have learned is that attribution is very hard to do.
True. But it's also worth noting that many institutions which have had intellectual property stolen soon see their product appear in China.
Hi Rick, Those are great points -- but of course there are a lot of details missing right now.
Yup. Hopefully Google will be more forthcoming, at least to the security field.
Having said that, I know some really bright security folks at Google, so I have to initially believe they have good reason to suspect in-country perpetrators.
Yeah, I doubt they'd go public without some pretty solid evidence.
But then again, we all know that things are not always as they appear. :-)
If this was the fedgov, I wouldn't be surprised if they were wrong (or flat-out lying). But this is Google, where there is some degree of competence and accountability. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- E-Mail Leak Has Google Threatening to Leave China Paul Ferguson (Jan 12)
- Re: E-Mail Leak Has Google Threatening to Leave China Burian, Matthew J. (Jan 12)
- Re: E-Mail Leak Has Google Threatening to Leave China Burian, Matthew J. (Jan 12)
- Re: E-Mail Leak Has Google Threatening to Leave China Paul Ferguson (Jan 12)
- Re: E-Mail Leak Has Google Threatening to Leave China rick wesson (Jan 12)
- Re: E-Mail Leak Has Google Threatening to Leave China Paul Ferguson (Jan 12)
- Re: E-Mail Leak Has Google Threatening to Leave China phester (Jan 13)
- Re: E-Mail Leak Has Google Threatening to Leave China Burian, Matthew J. (Jan 12)