Chinese University Blamed for Google, IE Zero-Day Attack

Google was one of several companies attacked over the Christmas period in an exploit of an Internet Explorer zero-day flaw that has since been dubbed 'Operation Aurora'.

And now, it seems that the hunt for the individuals responsible for hacking into Google's network in China is heating up. Two educational establishments have denied any connection, but investigators believe they've tracked down the man who wrote the code used in the attack.

Computer Security Schools Under Suspicion

Last week the New York Times quoted sources saying the attacks had been linked to the Lanxiang Vocational School and Shanghai Jiaotong University. The university offers a leading course in computer security and students came tops in an international programming challenge which featured entries from prestigious establishments from Russia, Taiwan and the US.

The Lanxiang school, however, has already denied any involvement in the attacks and tells the state-run news agency Xinhua that it is a vocational school and that the only computer teaching it carries out is for basic skills.

Other reports say the school has had a steep rise in interest from prospective students since the Times article. In both cases, it's possible the school's computers were used by external hackers to cover their tracks. (Source: xinhuanet.com)

Security Freelancer Fingered

Meanwhile, the Financial Times says US government researchers have found evidence that a Chinese security consultant wrote at least some of the program which exploited the Internet Explorer flaw case and had posted the program on an Internet forum.

It's believed the consultant does not necessarily support hacking, but that the government has access to some of the work he carries out and is under pressure not to protest when his code is used for malicious purposes. (Source: ft.com)

Regardless of who actually carried out the attacks, there's still suspicion that Chinese officials were in some way involved, or that the attackers acted independently but out of loyalty to the government. This theory is based on reports that the Google attack was based on accessing Gmail accounts belonging to political dissidents.

Of course, that wouldn't necessarily explain why Operation Aurora appears to have targeted so many other companies.