Feral Jundi

   Interesting deal between Google and China.  Although the real winner here will be China’s search engine called Baidu.  You can bet that any telecom stuff that Google was planning on doing in China, will probably suffer as well.

   The real story though, is the whole concept of a mega corporation like Google, taking on a super power like China?  Thomas Ricks was pretty intrigued by the concept as well.  Time to break out the pre-Westphalia rule book, and start implementing cyber privateer hacking to go after these state sponsored hackers. –Matt

—————————————————————–

Security specialist ‘has evidence of Chinese attack on Google’

A US computer expert says he has found the ‘digital fingerprints’ of Chinese authors on the tools used to launch recent attacks against Google

By Claudine Beaumont, Technology Editor20 Jan 2010

Joe Stewart, a security specialist with SecureWorks in the US, told the New York Times that he had analysed the software used to attack Google, and found that the main program used by the hackers contained a module based on an algorithm that appeared in a Chinese technical document that has been published exclusively on Chinese-language websites.

Google last week announced that the accounts of human rights activists and political dissidents had been hacked, and that it believed the attacks had originated from China. However, details about the precise nature of the attacks were not revealed, although security experts broadly agreed that Google was probably correct in its suspicions.

It is thought that a Trojan virus, known as Hydraq, was responsible for opening a “back door” in to compromised computers, which could then be used by hackers to access and take control of a machine without the owner’s permission or knowledge.

Stewart uses a method known as a “reverse engineering” to unravel malicious software, viruses and Trojans to identify how and where they originated. He looks for patterns in the code, and for unusual algorithms used by hackers to error-check transmitted data.

However, Stewart said that he could not rule out the possibility that the programmers behind the Google hack had laid a false trail that pointed to Chinese involvement in order to disguise the fact they originated from another country or government.

“But Occam’s Razor suggests that the simplest explanation is probably the best one,” he told the New York Times.

Story here.

——————————————————————

Hackers create opportunity for military firms

Attacks on Google boost the market for cyber-security just as government weapons spending is expected to slow. Military firms are retooling for rising demand by corporations as well as government.

By W.J. Hennigan

January 19, 2010

For U.S. military firms, the latest revelations of highly sophisticated hacker attacks on Google Inc. are highlighting a new reality, and a potentially lucrative business: The battlefield is shifting to cyberspace.

Google’s admission last week that it and other large companies were infiltrated by cyber-spies is bolstering prospects for major military contractors that in recent years have been intensifying their focus from developing weapons to defending computer systems and networks.

“Cyber-security is shaping up to be a major growth opportunity for the defense industry,” said Loren Thompson, a military policy analyst for the Lexington Institute, a think tank in Arlington, Va. “We’ve spent the last 20 years putting all of our information onto computers. Now, we don’t have any choice but to defend ourselves against foreign intrusion.”

As the threat becomes more coordinated and complex, military firms say that demand for sophisticated cyber-security will rise. The attacks on Google alarmed security analysts because it appeared that a new battle was being waged in which corporate computers and the valuable intellectual property they hold had become a target of a foreign government. In the past such intricate attacks were primarily aimed at military and state secrets.

The military industry, having already done extensive work protecting federal government computers, may be in a good position in the emerging market that could exceed $100 billion in revenue within the next decade, analysts said.

It may have little choice. Pentagon spending on weapons is expected to slow, leaving military firms scrambling for new business.

“Each of these companies recognizes that growing demand for cyber skills could help cover any shortfall in revenues,” Thompson said.

The federal government is expected to set aside $8.3 billion this year for protecting its computers from hackers, up 60% from just four years ago. In a speech last year, Deputy Secretary of Defense William J. Lynn said that at the Pentagon alone, there were an “estimated 90,000 people engaged in administering, monitoring and defending 15,000 networks connecting 7 million computers.”

With attacks increasing more than 200% since 2006, federal spending on cyber-security is expected to grow 8.1% annually over the next four years, according to Input, a Reston, Va., government contracting research firm.

“That’s significant growth, given the budget pressure that the government is under,” said John Slye, principal analyst at Input.

Exactly how much private firms are spending to protect themselves from hackers is unknown, because many do not like to admit that their computers have been breached.

“In today’s current state, there’s a good chance that you’ve already been compromised,” said Timothy McKnight, vice president of Northrop Grumman Corp.’s intelligence systems division. “We want to stay ahead of this problem. We’re doing everything to stay on the cutting edge.”

To bolster their staffs, military firms have been hiring former top government officials, partnering with universities for young talent and swallowing up smaller cyber-boutiques.

Century City-based Northrop, maker of the B-2 stealth bomber and nuclear submarines, in 2007 acquired Essex Corp., which specializes in encryption technology used by U.S. intelligence agencies that could be applied to protecting valuable data.

Northrop last year consolidated its cyber-security business, scattered among various divisions across the country, into one unit.

And in December, Northrop created a cyber-security research consortium with Carnegie Mellon University, the Massachusetts Institute of Technology and Purdue University as a way to tap new technologies and recruit emerging talent.

Defense rival Lockheed Martin Corp. took a different route assembling a cyber-security alliance with tech companies, including Microsoft Corp, Cisco Systems Inc. and Dell Inc., to collaborate on developing measures against hackers.

In November, the nation’s largest military contractor finished a 5,000-square-foot facility in Gaithersburg, Md., that’s dedicated to cyber-security research. Lockheed has also recruited Lee Holcomb, former chief technology officer for the Department of Homeland Security, to head the company’s cyber-security initiatives.

Another military firm, General Dynamics Corp., has built a lucrative business protecting companies from cyber attacks. In 2007, the company helped the parent of discount retailers T.J. Maxx and Marshalls patch a security breach in which hackers had gained access to computers that had information on 50 million customers’ credit and debit cards.

“Nobody is building aircraft carriers anymore,” said James Mulvenon, director of the Center for Intelligence Research and Analysis at Defense Group Inc., a national-security firm. “It looks like, from now on, the big money is in cyber space.”

Story here.