SAN FRANCISCO--An American computer security researcher has found what he says he believes is strong evidence of the digital fingerprints of Chinese authors in the software programs used in attacks against Google.
The search engine giant announced last Tuesday that it had suffered a series of Internet break-ins
In the week since the announcement, several private computer security companies have made claims supporting Google's suspicions, but the evidence has remained circumstantial.
Now, by analyzing the software used in the break-ins against Google and dozens of other companies, Joe Stewart, a malware specialist with SecureWorks, a computer security company based in Atlanta, said he determined the main program used in the attack contained a module based on an unusual algorithm from a Chinese-authored technical paper that has been published exclusively on Chinese-language Web sites.
The malware at the heart of Google attack is described by researchers as a "Trojan horse" that is intended to open a back door to a computer on the Internet.
Stewart describes himself as a "reverse engineer," one of a relatively small group of software engineers who disassemble malware codes in an effort to better understand the nature of the attacks that have been introduced by the computer underground, and now possibly by governments as well.
"If you look at the code in a debugger you see patterns that jump out at you," he said. In this case he discovered software code that represented an unusual algorithm, or formula, intended for error-checking transmitted data.
He acknowledged that he could not completely rule out the possibility that the clue had been placed in the program intentionally by programmers from another government intent on framing the Chinese, but said that this was unlikely.
"Occam's Razor suggests that the simplest explanation is probably the best one," he said.
Entire contents, Copyright © 2010 The New York Times. All rights reserved.