I mean, who makes up this sensationalist tripe? Evidently her name is Kim Zetter, interviewing some guy named Alpo. The result is pure dogfood, I mean doggerel:
...The programs unloaded seamlessly and silently onto the system, like Russian nesting dolls, flowing one after the other.
“The initial piece of code was shell code encrypted three times and that activated the exploit,” Alperovitch said. “Then it executed downloads from an external machine that dropped the first piece of binary on the host. That download was also encrypted. The encrypted binary packed itself into a couple of executables that were also encrypted.”[From Google Hack Attack Was Ultra Sophisticated, New Details Show | Threat Level | Wired.com]
I'm sorry, but Kim-Kim, you're trying way too hard to channel William Gibson. Please stop. If I hear the magic word 'encrypted' one more time I think I shall cry into my beer.
I mean really. This is as breathless as those tired old stories of Kevin Mitnick bringing down NORAD with a rotary phone. From his prison cell. With a dog whistle. In bed!
It gets better / worse in yet another article about Google from Kim-Kim:
The anti-virus researcher doesn’t know the specifics about how Adobe was attacked but says the Hydraq trojan is the same malware that Adobe found on its systems, ...
He said Adobe employees were likely targeted in a spear-phishing attack. This occurs when hackers send targeted e-mails to recipients that contain links to malicious websites that exploit a browser vulnerability.[From Hack of Google, Adobe Conducted Through Zero-Day IE Flaw | Threat Level | Wired.com]
In other words, just like Alpo, this bloke is pitching more unsubstantiated dogfood for the masses.
Or did everyone totally skip that 'doesn't know the specifics' line?
These guys seem to be better at branding than finding out what really happened. I mean COME ON. 'Spear Phishing'. Whoa, dude, you're clever.
It's as I twot earlier today, kids. In any media bullshit.storm two there are: A mastur and a bator. I'll let you figure out which is which.
Once again, out comes the techno-babble for what, essentially is a HUMAN problem at Google.CN: that when you hire staff in the PRC you'll find that they are Communists FIRST and your staff SECOND.
And that "hacking" is hella EASY when you give Chicoms a badge into your offices and user access to the internal corporate LAN: Files, sourcesafe, etc etc etc.
Right, Google? But nooooo, it's easier to obscure this REAL problem with techobabble.
Do I also need to mention that Microsoft & Adobe also have 'research offices' in China? That those folks are PRC cadre first and offshore slaves second?
[Here's a real story of crypto, espionage, and all that. Guess how much HUMINT figured in it?]