The source of the attacks on Google and other American corporations has been traced to two schools in China, both of which are heavily implied to be covers for the Chinese government and Baidu, the dominant search engine in China and Google's main competitor in that country. If you think that's nuts, keep reading, because it just gets nuttier.
The New York Times is reporting that the attacks, which began in December but were first reported by Google on January 12, have been traced to Shanghai Jiaotong University, which boasts one of China's top computer science programs, and the Lanxiang Vocational School, which was established as essentially a training ground for computer scientists in the military. In addition, Lanxiang's computer network is run a company tied to Baidu, the aforementioned Google competitor. Sources differ on what the findings that the attacks originate at these schools might mean:
Some analysts have privately circulated a document asserting that the vocational school is being used as camouflage for government operations. But other computer industry executives and former government officials said it was possible that the schools were cover for a "false flag" intelligence operation being run by a third country. Some have also speculated that the hacking could be a giant example of criminal industrial espionage, aimed at stealing intellectual property from American technology firms.
Spokesmen from the schools themselves offered differing reactions. One unnamed professor said, "I'm not surprised. Actually students hacking into foreign Web sites is quite normal." Bheyaut others claim the students don't have the required knowledge for such an operation, and several questions were simply rebuffed without comment. But American military experts say that using students would be in keeping with China's pattern of encouraging individual patriotic hackers to "support its policies."
The hackers used some pretty ingenious methods to crack the security of American corporations: instead of spamming, they used an exploit in Internet Explorer to insinuate themselves into multi-response email conversations, sending malicious software attachments that when downloaded allow full access. This strategy, called "man in the mailbox," preys on users' trusting nature: we're much more likely to download an unknown attachment when it arrives in the middle of a conversation with someone we know.
The article doesn't come out and say that the Chinese government, military, and Baidu are behind (or at least sanctioned) the attacks, but the implication is pretty strong—and nothing in these new findings is doing much to dissuade that kind of connection. The National Security Agency and various private organizations are continuing the search for more information.
[Via The New York Times]