主题：【关注跟踪1】GOOG这事终于有点影了 -- pxpxpx

今天（Jan 21）,美国国务卿希拉里就网络自由这个问题做了一个长篇的讲话，路透社对讲话进行了一个概括，下面就是路透社总结的七个要点：

INTERNET FREEDOM GOOD FOR BUSINESS

CHINA SHOULD OPENLY INVESTIGATE CYBER ATTACKS ON GOOGLE

NO COMPANY SHOULD ACCEPT CENSORSHIP

TECHNOLOGY A MIXED BLESSING

CHINA, OTHERS FAULTED FOR INTERNET CENSORSHIP

FIGHTING ILLS NO EXCUSE FOR REPRESSION

SAUDI ARABIA, VIETNAM, CHINA RAPPED ON RELIGIOUS FREEDOM

美国国务院的网站上已经把讲话的全文以及答记者问登了出来，全文连接如下：

Remarks on Internet Freedom

值得注意的是，希拉里已经表示要将推动网络自由作为今后美国外交政策的第一要务。

另据美国务院透露，尽管希拉里在讲话中要求中方对GOOG受攻击事件进行公开调查，但美方至今尚未就此事向中方提出正式的抗议。

在同一天的早些时候，中国外交部副部长何亚非就GOOG事件表态，这也是至今中方最高级别的官员对此事发表意见，具体内容如下：

新华网北京1月21日电(记者 廖雷)外交部副部长何亚非21日表示,中国政府欢迎外国互联网企业来华发展,但其应遵守中国法律法规,各界不应过度解读“谷歌事件”。

何亚非在接受记者采访时表示,谷歌等外国企业在中国遇到问题,应通过中国法律进行解决,中国政府也愿意帮助它们解决有关问题。“谷歌事件”不应与两国政府和两国关系挂钩,否则就是过度解读。

关于网络监管问题,何亚非表示,网络监管事关国家安全,许多国家都有相应监管措施,中国也不例外。如果外国企业对此有不同看法,也应该通过法律途径加以解决。

---------------------------------------------------

看来，无论是对内还是对外，至少是希拉里的手上是又多了一张牌。这牌要用多久，就看好处到底有多大了。

当然，从前到后，GOOG也没有吃亏，甚至可能还会因此受益，尤其是在海外市场和中国企业竞争的时候（如果中国同类企业真的有那个雄心的话）。而且听何亚非的口气，GOOG甚至在国内也还有机会。

而从GOOG与希拉里到目前的互动上来看，很难说是＂狗摇尾＂还是＂尾摇狗＂，也许二者都有吧。

总之还需要继续观察。

wired 杂志今天有一篇文章，叫

Google Hack Attack Was Ultra Sophisticated, New Details Show

http://www.wired.com/threatlevel/#ixzz0cfgCmv32

这是我目前看到的对攻击手段最具体的描写，虽然很多地方根本看不明白，但是相信在技术分析这个层面上，很快就会有文章通俗的把手段问题讲透，也许还会另外有对攻击途径的报道。

文章里提到这次攻击可能叫＂极光行动＂，看来这件事情还真不简单。

By Kim Zetter January 14, 2010 | 8:01 pm | Categories: Breaches, Cybersecurity, Hacks and Cracks

Hackers seeking source code from Google, Adobe and dozens of other high-profile companies used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Internet Explorer, according to new details released by researchers at anti-virus firm McAfee.

“We have never ever, outside of the defense industry, seen commercial industrial companies come under that level of sophisticated attack,” says Dmitri Alperovitch, vice president of threat research for McAfee. “It’s totally changing the threat model.”

In the wake of Threat Level’s story disclosing that a zero-day vulnerability in Internet Explorer was exploited by the hackers to gain access to Google and other companies, Microsoft has published an advisory about the flaw that it already had in the works. McAfee has also added protection to its products to detect the malware that was used in the attacks and has now gone public with a number of new details about the hacks.

Google announced Tuesday that it had been the target of a “highly sophisticated” and coordinated hack attack against its corporate network. It said the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists. The attack had originated from China, the company said.

Minutes later, Adobe acknowledged in a blog post that it discovered Jan. 2 that it also had been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

Neither Google nor Adobe provided details about how the hacks occurred.

The hack attacks, which are said to have targeted at least 34 companies in the technology, financial and defense sectors, have been dubbed “Operation Aurora” by McAfee due to the belief that this is the name the hackers used for their mission.

The name comes from references in the malware to the name of a file folder named “Aurora” that was on the computer of one of the attackers. McAfee researchers say when the hacker compiled the source code for the malware into an executable file, the compiler injected the name of the directory on the attacker’s machine where he worked on the source code.

According to Alperovitch, the attackers used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity.

“The encryption was highly successful in obfuscating the attack and avoiding common detection methods,” he said. “We haven’t seen encryption at this level. It was highly sophisticated.”

Although the initial attack occurred when company employees visited a malicious web site, Alperovitch said researchers are still trying to determine if this occurred via a URL sent to employees via e-mail or instant messaging or some other method, such as Facebook or other social networking sites.

Once the user visited the malicious site, their Internet Explorer browser was exploited to download an array of malware to their computer automatically and transparently. The programs unloaded seamlessly and silently onto the system, like Russian nesting dolls, flowing one after the other.

“The initial piece of code was shell code encrypted three times and that activated the exploit,” Alperovitch said. “Then it executed downloads from an external machine that dropped the first piece of binary on the host. That download was also encrypted. The encrypted binary packed itself into a couple of executables that were also encrypted.”

One of the malicious programs opened a remote backdoor to the computer, establishing an encrypted covert channel that masqueraded as an SSL connection to avoid detection. This allowed the attackers ongoing access to the computer and to use it as a “beachhead” into other parts of the network, Alperovitch said, to search for login credentials, intellectual property and whatever else they were seeking.

McAfee obtained copies of malware used in the attack, and “quietly” added protection to its products a number of days ago, Alperovitch said, after its researchers were first brought in by hacked companies to help investigate the breaches.

Although security firm iDefense told Threat Level on Tuesday that the Trojan used in some of the attacks was the Trojan.Hydraq, Alperovitch says the malware he examined was not previously known by any anti-virus vendors.

iDefense also said that a vulnerability in Adobe’s Reader and Acrobat applications was used to gain access to some of the 34 breached companies. The hackers sent e-mail to targets that carried malicious PDF attachments.

Alperovitch said that none of the companies he examined were breached with a malicious PDF but he said there were likely many methods used to attack the various companies, not just the IE vulnerability.

Once the hackers were in systems, they siphoned off data to command-and-control servers in Illinois, Texas and Taiwan. Alperovitch wouldn’t identify the systems in the U.S. that were involved in the attack, though reports indicate that Rackspace, a hosting firm in Texas, was used by the hackers. Rackspace disclosed on its blog this week that it inadvertently played “a very small part” in the hack.

The company wrote that “a server at Rackspace was compromised, disabled, and we actively assisted in the investigation of the cyber attack, fully cooperating with all affected parties.”

Alperovitch wouldn’t say what the attackers might have found once they were on company networks, other than to indicate that the high-value targets that were hit “were places of important intellectual property.”

iDefense, however, told Threat Level that the attackers were targeting source code repositories of many of the companies and succeeded in reaching their target in many cases.

Alperovitch says the attacks appeared to have begun Dec. 15, but may have started earlier. They appear to have ceased on Jan. 4, when command-and-control servers that were being used to communicate with the malware and siphon data shut down.

“We don’t know if the attackers shut them down, or if some other organizations were able to shut them down,” he said. “But the attacks stopped from that point.”

Google announced on Tuesday that it discovered in mid-December that it had been breached. Adobe disclosed that it discovered its breach on Jan. 2.

Aperovitch says the attack was well-timed to occur during the holiday season when company operation centers and response teams would be thinly staffed.

The sophistication of the attack was remarkable and was something that researchers have seen before in attacks on the defense industry, but never in the commercial sector. Generally, Alperovitch said, in attacks on commercial entities, the focus is on obtaining financial data, and the attackers typically use common methods for breaching the network, such as SQL-injection attacks through a company’s web site or through unsecured wireless networks.

“Cyber criminals are good . . . but they cut corners. They don’t spend a lot of time tweaking things and making sure that every aspect of the attack is obfuscated,” he said.

Alperovitch said that McAfee has more information about the hacks that it’s not prepared to disclose at present but hopes to be able to discuss them in the future. Their primary goal, he said, was to get as much information public now to allow people to protect themselves.

He said the company has been working with law enforcement and has been talking with “all levels of the government” about the issue, particularly in the executive branch. He couldn’t say whether there were plans by Congress to hold hearings on the matter.

Read More http://www.wired.com/threatlevel/#ixzz0cfhtJNrg

这作者是含沙射影，还是真有什么内幕消息？

过一段时间再看吧。 不过我看多半象以前一样。大声骂完。下面呢？ 下面没有了。 慢慢玩是肯定，有影是未必。

这写这么多字，一点实在的没有。 自己写的就没胆子，全是没证据，不确定之类。"being unable to firmly establish the source of the attacks"

不要负责的引用就全成了言之凿凿的指控了。“it only took a few seconds to determine that the real origin was on the mainland.” “Everything we are learning is that in this case the Chinese government got caught with its hand in the cookie jar,” 要是有证据就摆出来，啐土共好了。 要没证据， 不诬陷人自己会死么？

最后表个态。省得时间一长，不了了之：

要真是咱娃干的，被抓着了。 只能安慰说："咱娃倒是想帮家里倒腾点东西，就是手脚笨了点， 后院练着去吧。 自己练点本事比偷艺强”

要不是咱娃干的， 倒有心让人买根棒棒糖压压惊。 就怕欺负娃的主到时候缩头不吱声了。

证据都是推断出来的， 全源于有个藏独被黑了。 靠这个就扯上政府也太牵强了吧。

再不济， 咱也可以来个表态：是过时的骇客程序被误运行了一下。

大家心知肚明， 哪个国家的情报机构都不是纯洁的天使。 要是个天使， 纳税人养着情报机构干啥呀？

这种事要是就导致它要退出中国， 那全世界的公司都不要开门了。

为何这次它就要跳出来和公众高调一下呢？老百姓别太好糊弄啊。

cry babies.

没有证据的虚弱指控和交涉还是不要出来逼我们外交上打脸，抓个正着才叫英雄。

另外，能被发现踪迹的攻击怎么能叫 Sophisticated 呢。

就是中国政府正在向美国发动新型的网络战争。

网络攻击时刻都有，股沟的退出也就是几个小毛孩在耍耍性子而已，看看微软就知道谁是大人了。

可以看出来，毫无证据。只是说，就是你，就是你，不是你也是你