News: 中國駭客入侵 Google 密碼系統

〔自由時報 2010/04/21 記者魏國金 編譯 綜合報導〕

Google 自一月間揭露中國駭客入侵其電腦竊取資料後，對於遭竊的程度與實際被竊資料，皆秘而不宣。紐約時報與華爾街日報十九日引述調查該案的知情人士說法，披露更多內幕，據悉當時中國駭客竊取的是控制全球數百萬 Google 用戶得以登入其所有網路服務的密碼管理系統「蓋亞」（Gaia）。

消息人士指出，以希臘大地女神為名的蓋亞程式，去年十二月遭到閃電攻擊，Google 對這套軟體相當低調，僅在四年前某次科技會議上公開過一次。蓋亞系統可讓用戶只需以密碼登入一次，即可使用其多項服務，除電子郵件外，還包含對企業、政府機關與學校的線上服務。目前 Google 仍繼續使用此「單一登入」系統。

Google 坦承，今年一月宣布系統遭到駭客攻擊時，蓋亞已經遭竊，但該公司發言人強調，駭客並沒有從 Google 系統中竊取任何個人資料。專家認為，中國駭客應該沒有盜取 Gmail 用戶的密碼，Google 在發現遭駭後，也立即大幅變更其網路安全功能，但本案顯示駭客有可能找到連 Google 自己都沒覺察到的安全漏洞。

此外，這起事件也暴露出類似 Google 集中化數百萬個資的大型電算系統的安全性與隱私性問題，因為龐大的數位資料儲存在稱為「雲端運算」的電腦群組中，然而一個缺口就有導致災難性損失之虞。

紐時報導，整起事件起於 Google 一名中國員工在微軟即時通上收到一封訊息，結果順勢連上一個「中毒」網站，而駭客透過該疏失進入其電腦，然後長驅直入至 Google 加州總部軟體開發人員的電腦，最後控制該團隊使用的軟體儲存庫。

Google 對於這起軟體遭竊案的細節一直保密，直至一月十二日才在官網上首度揭露此事，表示該公司在中國駭客竊取其「智慧財產」，並危及兩名中國維權人士的電郵帳號後，將改變其中國政策。這項指控導致美中關係趨緊，美國國務卿希拉蕊要求中方對該起攻擊進行「透明化」調查。三月間，Google 在與中國當局談判觸礁後，宣布把中國搜尋服務轉移至香港。

華爾街日報二十日報導，包括加拿大等十國發函要求 Google 加強隱私保護措施，顯示國際社會對 Google 的網路安全維護感到憂心。
　

News: 中國攻擊 Google 駭客 來自解放軍創設學校

〔自由時報記者 張沛元編譯 紐約時報十九日報導 原始新聞連結〕

調查人員表示，Google 與數十家美商企業日前所遭遇的網路攻擊，經循線追蹤指向中國兩所大專院校的電腦，分別是上海交通大學與山東藍翔高級技工學校，其中山東藍翔也為解放軍培養電腦人才。

山東藍翔被指掩護特務

調查人員表示，這一連串以竊取商業機密、電腦密碼及中國維權人士電郵為目的的駭客攻擊，可能始於去年四月，意即攻擊時間起點比原本認定的還要早。Google 在今年一月表示遭到中國駭客攻擊後，包括來自美國國家安全局的電腦安全專家，便展開調查盼能揪出攻擊源頭。

隨著調查工作深入推展，從一家也遭遇類似攻擊的美軍承包商所取得的證據，讓調查人員對山東藍翔技校由一名烏克蘭教授講授的特殊電腦課程起疑。

上海交大在電腦科學的學術表現向來優異，該校學生數週前才在一場由 IBM 主辦的國際性電腦程式競賽中，擊敗來自美國史丹福等頂尖名校菁英奪冠。

至於藍翔技校是在解放軍的協助下創設，該校的電腦網路由一家與中國主要搜尋引擎「百度」有關的公司負責管理，而百度是 Google 在中國市場的競爭對手之一。

上海交通大學也遭點名

對於入侵 Google 等美商企業的駭客顯然來自學校而非中國軍方或政府單位，電腦安全界與歐巴馬政府的分析師有不同見解。部份分析師認為，山東藍翔本就是中國政府特務的掩護機構，但其他電腦業高層與前政府官員卻說，山東藍翔有可能是掩護第三國情報任務的「假旗幟機構」。

上海交大表示，沒聽說美國調查人員循線追蹤到該校電腦；倘若調查結果屬實，會通知相關單位並展開自行調查。上海交大資訊安全工程學院的一名不願曝光的知名教授透露，倘若該校確實涉案，他也不意外，因為學生上網駭入外國網站是很平常的事。

山東藍翔也沒聽說過該校電腦與駭客攻擊有關，同時不願說明該校是否有開設電腦課程的烏克蘭教授。藍翔計算機系不願透露全名的邵姓（譯音）系主任表示，該校學生程度沒有好到能當駭客。但邵主任也坦承，計算機系每年有四或五名學生獲軍方延攬加入解放軍。
　

News: Two Chinese Schools Said to Be Tied to Online Attacks

James C. Mulvenon said the Chinese government often used volunteer “patriotic hackers” to support its policies.

By JOHN MARKOFF and DAVID BARBOZA
Published: February 18, 2010
Original Link

SAN FRANCISCO — A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.

They also said the attacks, aimed at stealing trade secrets and computer codes and capturing e-mail of Chinese human rights activists, may have begun as early as April, months earlier than previously believed. Google announced on Jan. 12 that it and other companies had been subjected to sophisticated attacks that probably came from China.

Computer security experts, including investigators from the National Security Agency, have been working since then to pinpoint the source of the attacks. Until recently, the trail had led only to servers in Taiwan.

If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.

Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.

The revelations were shared by the contractor at a meeting of computer security specialists.

The Chinese schools involved are Shanghai Jiaotong University (上海交通大學) and the Lanxiang Vocational School (山東藍翔高級技工學校) , according to several people with knowledge of the investigation who asked for anonymity because they were not authorized to discuss the inquiry.

Jiaotong has one of China’s top computer science programs. Just a few weeks ago its students won an international computer programming competition organized by I.B.M. — the “Battle of the Brains” — beating out Stanford and other top-flight universities.

Lanxiang, in east China’s Shandong Province, is a huge vocational school that was established with military support and trains some computer scientists for the military. The school’s computer network is operated by a company with close ties to Baidu, the dominant search engine in China and a competitor of Google.

Within the computer security industry and the Obama administration, analysts differ over how to interpret the finding that the intrusions appear to come from schools instead of Chinese military installations or government agencies. Some analysts have privately circulated a document asserting that the vocational school is being used as camouflage for government operations. But other computer industry executives and former government officials said it was possible that the schools were cover for a “false flag” intelligence operation being run by a third country. Some have also speculated that the hacking could be a giant example of criminal industrial espionage, aimed at stealing intellectual property from American technology firms.

Independent researchers who monitor Chinese information warfare caution that the Chinese have adopted a highly distributed approach to online espionage, making it almost impossible to prove where an attack originated.

“We have to understand that they have a different model for computer network exploit operations,” said James C. Mulvenon, a Chinese military specialist and a director at the Center for Intelligence Research and Analysis in Washington. Rather than tightly compartmentalizing online espionage within agencies as the United States does, he said, the Chinese government often involves volunteer “patriotic hackers” to support its policies.

Spokesmen for the Chinese schools said they had not heard that American investigators had traced the Google attacks to their campuses.

If it is true, “We’ll alert related departments and start our own investigation,” said Liu Yuxiang, head of the propaganda department of the party committee at Jiaotong University in Shanghai.

But when asked about the possibility, a leading professor in Jiaotong’s School of Information Security Engineering said in a telephone interview: “I’m not surprised. Actually students hacking into foreign Web sites is quite normal.” The professor, who teaches Web security, asked not to be named for fear of reprisal.

“I believe there’s two kinds of situations,” the professor continued. “One is it’s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university’s I.P. addresses was hijacked by others, which frequently happens.”

At Lanxiang Vocational, officials said they had not heard about any possible link to the school and declined to say if a Ukrainian professor taught computer science there.

A man named Mr. Shao, who said he was dean of the computer science department at Lanxiang but refused to give his first name, said, “I think it’s impossible for our students to hack Google or other U.S. companies because they are just high school graduates and not at an advanced level. Also, because our school adopts close management, outsiders cannot easily come into our school.”

Mr. Shao acknowledged that every year four or five students from his computer science department were recruited into the military.

Google’s decision to step forward and challenge China over the intrusions has created a highly sensitive issue for the United States government. Shortly after the company went public with its accusations, Secretary of State Hillary Rodham Clinton challenged the Chinese in a speech on Internet censors, suggesting that the country’s efforts to control open access to the Internet were in effect an information-age Berlin Wall.

A report on Chinese online warfare prepared for the U.S.-China Economic Security Review Commission in October 2009 by Northrop Grumman identified six regions in China with military efforts to engage in such attacks. Jinan, site of the vocational school, was one of the regions.

Executives at Google have said little about the intrusions and would not comment for this article. But the company has contacted computer security specialists to confirm what has been reported by other targeted companies: access to the companies’ servers was gained by exploiting a previously unknown flaw in Microsoft’s Internet Explorer Web browser.

Forensic analysis is yielding new details of how the intruders took advantage of the flaw to gain access to internal corporate servers. They did this by using a clever technique — called man-in-the-mailbox — to exploit the natural trust shared by people who work together in organizations.

After taking over one computer, intruders insert into an e-mail conversation a message containing a digital attachment carrying malware that is highly likely to be opened by the second victim. The attached malware makes it possible for the intruders to take over the target computer.

John Markoff reported from San Francisco and David Barboza from Shanghai. Bao Beibei and Chen Xiaoduan in Shanghai contributed research.