29 January, 2010

「瓜田李下」大家都聽過吧?

Standard

引用:中國網攻Google 證據被掌握

自從Google發佈遭駭客攻擊以來,多家電腦安全公司均表示支持Google認為此舉出自中國政府的說法,不過大都無法提出有效證據,但現在情況已經有改觀;《紐約時報》週三報導,一名美國的電腦安全研究人員,說他已經發現他相信是強有力的證據,證實被用在攻擊Google的軟體程式上,有中國程式設計師的數位指紋

因為我對這則新聞很好奇,所以尋線找到那所謂美國安全研究人員的實驗室網誌,在該篇分析報告發現以下訊息:

There are many different CRC algorithms and implementations of those algorithms, but this is one I had not previously seen in any of my reverse-engineering efforts.

「只此一家,絕無分號」的 CRC 演算法實做。

The full paper was published in simplified Chinese characters, and all existing references and publications of the sample source code seem to be exclusively on Chinese websites.

整篇 Paper 用簡體中文寫作且只在中文網站找得到。

This information strongly indicates the Aurora codebase originated with someone who is comfortable reading simplified Chinese. Although source code itself is not restrained by any particular human language or nationality, most programmers reuse code documented in their native language.

讀中文最輕鬆的首先就懷疑是華語人士吧?

多數人寫程式都會用他們的母語當註解吧?

所以最後的結論是:

(in light of the harsh penalties we have seen handed out in communist China for other computer intrusion offenses), this creates speculation around whether the attacks could be state-sponsored.

在稍早的幾個計算機犯罪事件中,中共當局都是嚴加處置,所以有可能是因為國家資助才造成這次的局面!

題外話:對岸隱藏的策略越來越先進,我還記得之前在分析的樣本發現過下面這種程式片段:

Malware_ZongCan

Google_ZongCan

看來在**單位作程式研發連資料夾的名稱都不能亂取,萬一編譯之後存在 Binary 中,事情就大條了。

2 comments:

Zeke said...

這哪招阿 XDDD

CK said...

這招有點歷史了...