神马文学网【双语阅读】对google的攻击来自蓝翔技校与上海交大
来源:百度文库 编辑:神马文学网 时间:2024/04/30 17:46:41
对google的攻击来自蓝翔技校与上海交大
By JOHN MARKOFF and DAVID BARBOZA
Published: February 18, 2010
Susan/译
旧金山——据参与调查的人讲,有两所中国教育机构,被追查到与最近发生的谷歌公司和其他几十个美国公司的被在线攻击有关,其中一所还跟中国军方有密切关系。
他们还表示,这次以窃取商业机密和偷取中国人权活动者的电邮为目的的网络攻击事件,可能最早发生的时间为4月份,比以前认为的要早。谷歌于1月12日宣布其公司和其他美国公司受到可能源自中国的复杂网络攻击。
从那时开始,计算机安全专家,包括美国国家安全局的调查员着手调查攻击的来源。直到最近才探明发起攻击的服务器在台湾。
如果进一步深入调查,更多的问题会付出水面,包括这场源自中国的攻击的主使者可能不是中国政府,甚至中国方面。
攻击源追溯到中国的一所大学和一所职业学校,这对调查来说是项重大突破。由美国军方掌握的证据来看,调查人员怀疑在一堂特殊的计算机科学课上发动了与谷歌类似的攻击,这堂职业学校的课程由一名乌克兰教授任教。
调查结果被相关人员在一次计算机安全专家会议上被公开。
这两所中国学校是上海交通大学和蓝翔职业技术学校,据相关知情人士透露。
上海交通大学拥有中国顶尖的计算机科学项目。就在几周前,该校的学生在IBM公司组织的国际计算机编程竞赛——“脑的战斗”中,打败斯坦福大学和其他一流大学,赢得冠军。
蓝翔职业技术学校,在中国东部的山东省,是一所由军方支持的大型职业学校,为军方培养计算机科学人才。该校的计算机网络由百度控制,该公司是中国最大的搜索引擎公司,谷歌的竞争对手。
对计算机安全行业和奥巴马政府来说,如何解释攻击的来源似乎是来自学校而非中国政府或者是军方机构,说法不一。一些分析人员发表文章,声称职业学校只是政府运作的幌子。但是其他计算机专业人士和前政府官员说,学校“假国旗覆盖”的情报行动可能还由第三个国家操作。另一些人还推测,攻击可能是一些工业间谍所谓,目的是窃取美国技术公司的知识产权。
一些监管中国信息战的独立研究者提醒说,中国采取了高度分散的方式进行在线攻击,使得几乎无法验证攻击来源。
“我们必须明白,他们的网络攻击行动采取了不同的模式,”任中国军事专家,华盛顿情报研究分析董事的James C. Mulvenon说。与美国在线间谍不同的是,中国政府经常召集被称为“爱国黑客”的志愿者来支持其国家政策。
中国学校的发言人说,他们没有听说美国调查人员把这次谷歌的攻击归咎于他们的学校。
如果这是真的,“我们会通知相关部门,开始我们自己的调查,”上海交通大学宣传部负责人刘玉香说。
但是在问及事件的可能性,上海交通大学信息安全工程学院领导人在一次接受电话采访时说:“我一点都不感到惊讶。学生攻击外国网站是很正常的事情。”这位不愿透露姓名的教授,任教的科目为网络安全。
“我相信会有两种原因解释该攻击的发生,”,这位教授说,“一种是它完全是一次非法的个人行为,由学校的一两个怪胎学生发起,只是想把他们从学校学到的黑客技能实践一把,因为学校的网络资源是有限的。另一种可能就是学校的IP地址被他人窃取,这是经常发生的。”
在蓝翔职业技术学校,领导人说他们没有听说这件事情跟学校有任何关系,并拒绝透露是否有一个乌克兰教授在此学校教授计算机科学。
蓝翔学校计算机系主任邵先生说,“我觉得我们的学生攻击谷歌或者其他美国公司是不可能的,因为他们只是高中毕业,没有这么高的水平。并且,因为我们学校采取封闭管理,外来人员也不可能轻易进入我们的学校。”
邵先生承认,每年他们计算机科学系都有四五个学生被军方录用。
谷歌挺身而出,挑战中国政府的决定,给美国政府制造了一个高度敏感的问题。之后不久,该公司公开指控,国务卿希拉里在一次关于网络审查的讲话中表示,中国控制互联网的自由开放,就是制造信息时代的柏林墙。
一份关于中对美网络战的报告指出,由Northrop Grumman公司证实,中国经济安全审查委员会2009年10月在中国六个地区,出于军事目的发起了网络攻击。济南的职业学校,就是这些地区之一。
谷歌公司高管没有对这次攻击发表看法。但是公司已联系计算机安全专家来确认其他受到攻击的公司的报告:攻击是利用了微软IE浏览器的未知漏洞,成功进入公司的服务器。
分析家们带来了更多的细节,以解释入侵者如何利用这个漏洞进入企业内部服务器。他们采用了一种很聪明的手法——通过电子邮箱——利用同一部门工作的人们之间的信任。
在掌控一台电脑之后,入侵者植入一封包含数字攻击附件的电邮,这封电邮很可能由第二个受害者打开。所附的恶意软件有可能使入侵者直接接管目标计算机。
原文链接:
http://www.nytimes.com/2010/02/19/technology/19china.html?scp=1&sq=google%20china&st=cse 2 China Schools Said to Be Tied to Online Attacks
SAN FRANCISCO — A series of online attacks on Google and dozens of other American corporations have been traced to computers at two educational institutions in China, including one with close ties to the Chinese military, say people involved in the investigation.
Skip to next paragraphEnlarge This Image
Daniel Rosenbaum for The New York TimesJames C. Mulvenon said the Chinese government often used volunteer “patriotic hackers” to support its policies.
Related
Evidence Found for Chinese Attack on Google (January 20, 2010)
Google, Citing Attack, Threatens to Exit China (January 13, 2010)
Times Topics: Google Inc. | Computer Security (Cybersecurity)
Room for Debate: Can Google Beat China?They also said the attacks, aimed at stealing trade secrets and computer codes and capturing e-mail of Chinese human rights activists, may have begun as early as April, months earlier than previously believed. Google announced on Jan. 12 that it and other companies had been subjected to sophisticated attacks that probably came from China.
Computer security experts, including investigators from the National Security Agency, have been working since then to pinpoint the source of the attacks. Until recently, the trail had led only to servers in Taiwan.
If supported by further investigation, the findings raise as many questions as they answer, including the possibility that some of the attacks came from China but not necessarily from the Chinese government, or even from Chinese sources.
Tracing the attacks further back, to an elite Chinese university and a vocational school, is a breakthrough in a difficult task. Evidence acquired by a United States military contractor that faced the same attacks as Google has even led investigators to suspect a link to a specific computer science class, taught by a Ukrainian professor at the vocational school.
The revelations were shared by the contractor at a meeting of computer security specialists.
The Chinese schools involved are Shanghai Jiaotong University and the Lanxiang Vocational School, according to several people with knowledge of the investigation who asked for anonymity because they were not authorized to discuss the inquiry.
Jiaotong has one of China’s top computer science programs. Just a few weeks ago its students won an international computer programming competition organized by I.B.M. — the “Battle of the Brains” — beating out Stanford and other top-flight universities.
Lanxiang, in east China’s Shandong Province, is a huge vocational school that was established with military support and trains some computer scientists for the military. The school’s computer network is operated by a company with close ties to Baidu, the dominant search engine in China and a competitor of Google.
Within the computer security industry and the Obama administration, analysts differ over how to interpret the finding that the intrusions appear to come from schools instead of Chinese military installations or government agencies. Some analysts have privately circulated a document asserting that the vocational school is being used as camouflage for government operations. But other computer industry executives and former government officials said it was possible that the schools were cover for a “false flag” intelligence operation being run by a third country. Some have also speculated that the hacking could be a giant example of criminal industrial espionage, aimed at stealing intellectual property from American technology firms.
Independent researchers who monitor Chinese information warfare caution that the Chinese have adopted a highly distributed approach to online espionage, making it almost impossible to prove where an attack originated.
“We have to understand that they have a different model for computer network exploit operations,” said James C. Mulvenon, a Chinese military specialist and a director at the Center for Intelligence Research and Analysis in Washington. Rather than tightly compartmentalizing online espionage within agencies as the United States does, he said, the Chinese government often involves volunteer “patriotic hackers” to support its policies.
Spokesmen for the Chinese schools said they had not heard that American investigators had traced the Google attacks to their campuses.
If it is true, “We’ll alert related departments and start our own investigation,” said Liu Yuxiang, head of the propaganda department of the party committee at Jiaotong University in Shanghai.
But when asked about the possibility, a leading professor in Jiaotong’s School of Information Security Engineering said in a telephone interview: “I’m not surprised. Actually students hacking into foreign Web sites is quite normal.” The professor, who teaches Web security, asked not to be named for fear of reprisal.
“I believe there’s two kinds of situations,” the professor continued. “One is it’s a completely individual act of wrongdoing, done by one or two geek students in the school who are just keen on experimenting with their hacking skills learned from the school, since the sources in the school and network are so limited. Or it could be that one of the university’s I.P. addresses was hijacked by others, which frequently happens.”
At Lanxiang Vocational, officials said they had not heard about any possible link to the school and declined to say if a Ukrainian professor taught computer science there.
A man named Mr. Shao, who said he was dean of the computer science department at Lanxiang but refused to give his first name, said, “I think it’s impossible for our students to hack Google or other U.S. companies because they are just high school graduates and not at an advanced level. Also, because our school adopts close management, outsiders cannot easily come into our school.”
Mr. Shao acknowledged that every year four or five students from his computer science department were recruited into the military.
Google’s decision to step forward and challenge China over the intrusions has created a highly sensitive issue for the United States government. Shortly after the company went public with its accusations, Secretary of State Hillary Rodham Clinton challenged the Chinese in a speech on Internet censors, suggesting that the country’s efforts to control open access to the Internet were in effect an information-age Berlin Wall.
A report on Chinese online warfare prepared for the U.S.-China Economic Security Review Commission in October 2009 by Northrop Grumman identified six regions in China with military efforts to engage in such attacks. Jinan, site of the vocational school, was one of the regions.
Executives at Google have said little about the intrusions and would not comment for this article. But the company has contacted computer security specialists to confirm what has been reported by other targeted companies: access to the companies’ servers was gained by exploiting a previously unknown flaw in Microsoft’s Internet Explorer Web browser.
Forensic analysis is yielding new details of how the intruders took advantage of the flaw to gain access to internal corporate servers. They did this by using a clever technique — called man-in-the-mailbox — to exploit the natural trust shared by people who work together in organizations.
After taking over one computer, intruders insert into an e-mail conversation a message containing a digital attachment carrying malware that is highly likely to be opened by the second victim. The attached malware makes it possible for the intruders to take over the target computer.
John Markoff reported from San Francisco and David Barboza from Shanghai. Bao Beibei and Chen Xiaoduan in Shanghai contributed research.