2010年2月22日月曜日

グーグル攻撃 軍関係校が発信か

 NYTimesは、グーグルへのサイバー攻撃をめぐり、グーグルや数十の
米企業への一連の攻撃元は、中国の二つの教育機関にあるコンピュータ
だったと報じた。うち一つは中国人民解放軍と関係が深いという。

NSAの専門家が調査しており、関係者より情報が提供されたらしい。
軍のコンピューター技術者の養成学校からの攻撃のようだ。
中国は内容を否定。

台湾サーバー経由でアクセスがあったと思われるドメイン
上海交通大 sjtu.edu.cn ACM/ICPC優勝
藍翔高級技工学校 lxjx.cn BAIDU検索システム開発

ハッカー被害アカウントは、中国の人権活動家と報道されているが、
表に出てくるのは、中国以外の報道関係者の名前ばかり。
誰か保護しているのだろうか。

Aurora Gmail Attacks
グーグル 中国に抵抗


---グーグル攻撃、中国の教育機関が発信源説を関係者否定---
http://www.nikkei.co.jp/news/kaigai/20100220ATGM2002520022010.html

 【北京=佐藤賢】20日付の中国紙「環球時報」は、米インターネット検索大手グーグルが中国からサイバー攻撃を受けたとされる問題で、人民解放軍と関係の深い職業訓練学校など中国の2つの教育機関が攻撃元だったとの米紙報道について中国の関係者が否定していると報じた。職業訓練学校の責任者は「学生にハッカー攻撃できるはずがない」と述べた。
 英字紙チャイナ・デーリーによると、軍事科学院の少将は「中国政府や軍と攻撃を関連づけるのは無責任だ」と批判した。グーグルへのサイバー攻撃については19日付の米紙ニューヨーク・タイムズ(電子版)が、中国の2つの教育機関が攻撃の発信源だと報じた。(20日 23:14)


---Chinese Schools Deny Role in Google Hack---
Owen Fletcher, IDG News Service
Feb 21, 2010 11:20 am
http://www.pcworld.com/article/189890/chinese_schools_deny_role_in_google_hack.html

Two schools in China where computers were reportedly linked to cyberattacks on Google and other companies have denied involvement in the hack, Chinese state media said Sunday.

Investigators say they have traced the attacks back to computers at Shanghai Jiaotong University, which is one of China's top universities, and Lanxiang Vocational School in eastern Shandong province, The New York Times reported this week. That may not mean the attacks were launched from those computers since their IP (Internet Protocol) addresses could have been used by attackers elsewhere seeking to hide their location.

A spokesperson said the Shanghai university was "shocked and indignant to hear these baseless allegations" and denied any link to students or teachers at the school, the state-run Xinhua news agency said. A representative of the vocational school said investigation of its staff found no trace that the attacks originated there, Xinhua said. The representative also denied any ties between the school and China's military.

The Chinese vocational school has about 20,000 students learning skills such as cooking, car repair and hairdressing, Xinhua said.

Google said last month that it planned to stop censoring results on its China-based search engine, citing cyberattacks apparently launched from China as one reason for the move. Google has said it is in talks with Chinese authorities, but Google.cn is still censoring sensitive political and other search results.


---グーグル:攻撃元は中国の2学校 1つは軍と関係…米紙---
毎日新聞 2010年2月19日 19時20分
http://mainichi.jp/select/world/asia/news/20100220k0000m030052000c.html

 米紙ニューヨーク・タイムズ(電子版)は18日、米インターネット検索大手グーグルへのサイバー攻撃をめぐり、グーグルや数十の米企業への一連の攻撃元は、中国の二つの教育機関にあるコンピューターだったと報じた。うち一つは中国人民解放軍と関係が深いという。この問題の調査にかかわる関係者が情報源としている。
 報道によると、教育機関の一つは上海交通大で、もう一つは山東省にある職業訓練学校。同校は、人民解放軍の支援を得て設立され、軍にコンピューター技術者を輩出しているという。調査で得られた証拠から、同校のウクライナ人の教授が受け持つクラスの特定のコンピューターが強く疑われるという。
 また、このサイバー攻撃は、当初考えられていたより数カ月早い昨年4月から始まったことも判明。企業機密やコンピューターのコード、中国の人権活動家の電子メールを盗む目的で行われたという。
 米国側は、通信傍受機関の米国家安全保障局(NSA)などの専門家がこの問題を調査している。(共同)


---2 China Schools Said to Be Tied to Online Attacks---
By JOHN MARKOFF and DAVID BARBOZA
Published: February 18, 2010
http://www.nytimes.com/2010/02/19/technology/19china.html?scp=1&sq=google%20hack&st=cse

SAN FRANCISCO - A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.

They also said the attacks, aimed at stealing trade secrets and computer codes and capturing e-mail of Chinese human rights activists, may have begun as early as April, months earlier than previously believed. Google announced on Jan. 12 that it and other companies had been subjected to sophisticated attacks that probably came from China.

Computer security experts, including investigators from the National Security Agency, have been working since then to pinpoint the source of the attacks. Until recently, the trail had led only to servers in Taiwan.

If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.

Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.

The revelations were shared by the contractor at a meeting of computer security specialists.

The Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School, according to several people with knowledge of the investigation who asked for anonymity because they were not authorized to discuss the inquiry.

Jiaotong has one of China’s top computer science programs. Just a few weeks ago its students won an international computer programming competition organized by I.B.M. - the “Battle of the Brains” - beating out Stanford and other top-flight universities.

Lanxiang, in east China’s Shandong Province, is a huge vocational school that was established with military support and trains some computer scientists for the military. The school’s computer network is operated by a company with close ties to Baidu, the dominant search engine in China and a competitor of Google.

Within the computer security industry and the Obama administration, analysts differ over how to interpret the finding that the intrusions appear to come from schools instead of Chinese military installations or government agencies. Some analysts have privately circulated a document asserting that the vocational school is being used as camouflage for government operations. But other computer industry executives and former government officials said it was possible that the schools were cover for a “false flag” intelligence operation being run by a third country. Some have also speculated that the hacking could be a giant example of criminal industrial espionage, aimed at stealing intellectual property from American technology firms.

Independent researchers who monitor Chinese information warfare caution that the Chinese have adopted a highly distributed approach to online espionage, making it almost impossible to prove where an attack originated.

“We have to understand that they have a different model for computer network exploit operations,” said James C. Mulvenon, a Chinese military specialist and a director at the Center for Intelligence Research and Analysis in Washington. Rather than tightly compartmentalizing online espionage within agencies as the United States does, he said, the Chinese government often involves volunteer “patriotic hackers” to support its policies.

Spokesmen for the Chinese schools said they had not heard that American investigators had traced the Google attacks to their campuses.

If it is true, “We’ll alert related departments and start our own investigation,” said Liu Yuxiang, head of the propaganda department of the party committee at Jiaotong University in Shanghai.

But when asked about the possibility, a leading professor in Jiaotong’s School of Information Security Engineering said in a telephone interview: “I’m not surprised. Actually students hacking into foreign Web sites is quite normal.” The professor, who teaches Web security, asked not to be named for fear of reprisal.

“I believe there’s two kinds of situations,” the professor continued. “One is it’s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university’s I.P. addresses was hijacked by others, which frequently happens.”

At Lanxiang Vocational, officials said they had not heard about any possible link to the school and declined to say if a Ukrainian professor taught computer science there.

A man named Mr. Shao, who said he was dean of the computer science department at Lanxiang but refused to give his first name, said, “I think it’s impossible for our students to hack Google or other U.S. companies because they are just high school graduates and not at an advanced level. Also, because our school adopts close management, outsiders cannot easily come into our school.”

Mr. Shao acknowledged that every year four or five students from his computer science department were recruited into the military.

Google’s decision to step forward and challenge China over the intrusions has created a highly sensitive issue for the United States government. Shortly after the company went public with its accusations, Secretary of State Hillary Rodham Clinton challenged the Chinese in a speech on Internet censors, suggesting that the country’s efforts to control open access to the Internet were in effect an information-age Berlin Wall.

A report on Chinese online warfare prepared for the U.S.-China Economic Security Review Commission in October 2009 by Northrop Grumman identified six regions in China with military efforts to engage in such attacks. Jinan, site of the vocational school, was one of the regions.

Executives at Google have said little about the intrusions and would not comment for this article. But the company has contacted computer security specialists to confirm what has been reported by other targeted companies: access to the companies’ servers was gained by exploiting a previously unknown flaw in Microsoft’s Internet Explorer Web browser.

Forensic analysis is yielding new details of how the intruders took advantage of the flaw to gain access to internal corporate servers. They did this by using a clever technique - called man-in-the-mailbox - to exploit the natural trust shared by people who work together in organizations.

After taking over one computer, intruders insert into an e-mail conversation a message containing a digital attachment carrying malware that is highly likely to be opened by the second victim. The attached malware makes it possible for the intruders to take over the target computer.

John Markoff reported from San Francisco and David Barboza from Shanghai. Bao Beibei and Chen Xiaoduan in Shanghai contributed research.

0 コメント: