Evidence Found for Chinese Attack on Google

An American computer security researcher has found what he says he believes is strong evidence of the digital fingerprints of Chinese authors in the software programs used in attacks against Google.

The search engine giant announced last Tuesday that it had experienced a series of Internet break-ins it believed were of Chinese origin. The company's executives did not, however, detail the evidence leading them to the conclusion that the Chinese government was behind the attacks, beyond stating that e-mail accounts of several Chinese human rights activists had been compromised. In the week since the announcement, several computer security companies have made claims supporting Google's suspicions, but the evidence has remained circumstantial. Now, by analyzing the software used in the break-ins against Google and dozens of other companies, Joe Stewart, a malware specialist with SecureWorks, a computer security company based in Atlanta, said he determined the main program used in the attack contained a module based on an unusual algorithm from a Chinese technical paper that has been published exclusively on Chinese-language Web sites. The malware at the heart of Google attack is described by researchers as a "Trojan horse" that is intended to open a back door to a computer on the Internet. The program, called Hydraq by the computer security research community and intended to subvert computers that run different versions of the Windows operating system, was first noticed earlier this year.