RELATED ARTICLES |
The search engine giant announced lastweek that it had experienced a series of Internet break-ins that it believed were of Chinese origin. The company’s executives did not, however, detail the evidence that had led them to the conclusion that the Chinese government was behind the attacks, beyond stating that email accounts of several Chinese human rights activists had been compromised.
In the days since the announcement, several computer security companies have made claims supporting Google’s suspicions, but the evidence has remained circumstantial.
Now, by analyzing the software used in the break-ins against Google and dozens of other companies, Joe Stewart, a malware specialist with SecureWorks, a computer security company based in Atlanta, said he had determined that the main program used in the attack containedamodule based on an unusual algorithm from a Chinese technical paper that has been published exclusively on Chinese-language Web sites.
The malware at the heart of the Google attack is described by researchers as a ‘‘Trojan horse’’ that is intended to open a back door to a computer on the Internet. The program is called Hydraq by the computer security research community and is intended to subvert computers that run different versions of the Windows operating system.
Mr. Stewart acknowledged that he could not completely rule out the possibility that the clue had been placed in the program intentionally by programmers from another government intent on framing the Chinese, but he said that was unlikely. ‘‘Occam’s Razor suggests that the simplest explanation is probably the best one.’’
