The malware used in the cyber attacks against Google and other companies was so sophisticated that the security and forensics expert called in by Google to examine it believes that it was designed and launched with the support of Chinese authorities.
Carlos Carrillo, a principal consultant for Mandiant, a Washington-based security incident response and forensics firm that was called in by Google to examine the malware after the attacks, spoke with Computerworld and said that the malware had "unique characteristics." From the ComputerWorld post:
Carrillo is convinced that, given the sophistication of the code, it was produced with support from Chinese authorities. "This wasn't on the level of Metasploit," Carrillo said, referring to the open-source penetration testing framework whose exploits are often used by hackers to craft malware. "This wasn't something that a 16-year-old came up in his spare time."
When asked if the code quality pointed toward Chinese state support, Carrillo answered, "I would say so." He declined to elaborate.
McAfee, which yesterday pointed to the a hole in Microsoft's Internet Explorer browser as being one avenue for the attack, also referred to the attack code as being "very sophisticated."
Carrillo didn't offer specifics about what led him to draw such conclusions. But he did offer say that the vulnerability in the IE browser was not the only vector used in the attack and that the number of companies hit by the attacks could be as high as 34, or as low as 20, the number that Google announced.
He also said that the techniques of the attackers allowed them to masquerade as legitimate users "so traditional means of, for example, intrusion detection or antivirus security are for the most part ineffective."