cyber defense blog

Last weekend I related communications I had with The Jester, an individual who has decided to express his outrage at Jihadist organizations by systematically taking down their web sites.  This week we learned that engineers at Google had been engaging in their own form of cyber vigilantism by hacking into a command and control server in Taiwan.   In what is rapidly turning into a game-changing story we are getting reports that 33 or more organizations have succumbed to what many experts are claiming to be very sophisticated attacks against their networks with the intent of stealing intellectual property, and in the case of Google, targeted the identities of outspoken Chinese activists.

Even from the first announcement it was apparent that Google engineers had tapped into a server that was involved with the attacks they had witnessed.  How else would they have discovered the other targets?  This is a familiar story.  It is how Shawn Carpenter got embroiled in Titan Rain in 2004.  It is how  the Israeli police uncovered the Israeli Trojan fiasco.  It is how the SecDev researchers traced the extent of GhostNet.  
I can think of two ways that Google could have hacked into a server in Taiwan without engaging in legally questionable activity.  1. They contacted the owner of the server and asked. Or 2. They were the owners of the server.  Either way there are some un-answered questions in the Google-China affair.

Comments

Add New Search

j35t3r  - Ummmmm....   |93.182.186.xxx |2010-01-16 19:07:27 j35t3r is keeping his mouth shut....for once. http://www.twitter.com/th3j35t3r Much love. ;-) Reply | Quote 0   1

Paul  - Interesting   |208.83.66.xxx |2010-01-17 04:04:57 Interesting stuff! Thanks for the heads up on this, I'd love to see where this ends up going. Reply | Quote 0   1

Nart   |76.64.39.xxx |2010-01-17 07:02:40 Just to be absolutely clear, in the case of GhostNet there was no "hacking" of any control servers. Actually, I simply entered a sting for text from the URL the malware was sending back to the control server into Google and clicked the first result that came back. Clicking on that link took me to the attackers' control panel. Attackers often make mistakes leaving ways to retrieve information from control servers without "hacking". Reply | Quote 1   0

Stiennon  - Thanks for the clarification   |99.67.231.xxx |2010-01-19 16:11:49 Thanks Nart. That is an important clarification. Shawn, on the other hand, had to guess passwords to see the Titan Rain C&C panel. Reply | Quote 1   0

Nart   |76.64.39.xxx |2010-01-22 07:02:56 Here's a few more C&C take overs without hacking: Your Botnet is My Botnet: Analysis of a Botnet Takeover http://www.cs.ucsb.edu/%7Eseclab/projects /torpig/torpig.pdf Infiltrating Pushdo http://blog.fireeye.com/research/2010/01/in filtrating-pushdo-part-1.html Reply | Quote 1   0

Name:
Email:	do not notifynotify
Website:
Title:
UBBCode:	-color-aquablackbluefuchsiagraygreenlimemaroonnavyolivepurpleredsilvertealwhiteyellow -size-tinysmallmediumlargehuge
	Please input the anti-spam code that you can read in the image.

Powered by !JoomlaComment 3.26

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."