‘Malware reads like Chinese, may not be from China’
The Chinese have gained notoriety for cyber hactivism, but not everything that comes with the dragon’s signature may have originated from there.delhi Updated: Aug 27, 2012 23:04 IST
The Chinese have gained notoriety for cyber hactivism, but not everything that comes with the dragon’s signature may have originated from there.
Alok Vijayant, a key official of the National Technical Research Organisation (NTRO), India’s technical intelligence agency, has advised experts against jumping to conclusions while investigating cyber attacks.
“Don’t believe everything you see because we have investigated a couple of malware (malicious software) that had distinct signatures of the Chinese (but found that they were red herrings),” Vijayant told forensic and cyber security experts at a conference held this week.
When researchers dug deeper, they found that the software program in Chinese script was nothing more than gibberish. Stating that the malware continued to work even when that part of the program was removed, Vijayant said it must have been an attempt to deliberately lay the blame at China’s doors.
“You have to be very careful, because you are the people who will eventually have to analyse such malware for government agencies,” he said at the OWASP InfoSec India Conference on Friday.
However, this doesn’t mean that the Chinese are all clean. Given the dubious reputation earned by Chinese software developers, Australian defence minister Stephen Smith and his entourage decided to play safe and leave their mobile phones and laptops behind in Hong Kong before visiting Beijing in June.
Chinese software programmers depend a lot on malware for gaining IT dominance, an Indian intelligence official said, adding that the current Chinese strategy was to collect information from other countries.
A model unveiled by Vijayant at the security conference showed how covert cyber attacks – which leave misleading footprints – could be used to drive a wedge between different countries. “A distinct signature may not be what you actually want to look at,” he told his audience of security experts. “I am not going to write a Tamil script into my malware if I am to push it through … The beauty of the game is to stay anonymous.”