

Attacks on Google may have been work of amateurs  - ilamont
http://www.computerworld.com/s/article/9165518/Update_Attacks_on_Google_may_have_been_work_of_amateurs_

======
megaduck
The whole story is based on the word of Damballa, Inc. who has a vested
interest in pushing this story out to the media. Strike one.

Secondly, Google specifically denies Damballa having any first-hand knowledge
of the attacks or the resulting investigation. Strike two.

Third, Damballa's conclusions are completely unfounded. The fact that the
attacks were 'unsophisticated' in nature doesn't exonerate the Chinese
government. In fact, it seems quite in character. Strike three.

Until Damballa or Google publishes something more conclusive, I think we can
safely ignore this story. As it stands, this smells like a grab for media
attention by a new security vendor.

~~~
rtperson
I had exactly the same feeling reading this. The only thing I'd add is that
this is exactly the sort of clumsy FUD that the Chinese government might throw
out there to cover their tracks, especially given what a diplomatic cluster-
you-know-what this has become for them.

------
dirtbox
"...carried out by relatively unsophisticated attackers using outdated botnet
tools..."

Sounds exactly like a government launched attack to me. "Amateurs" are more
likely than anyone to be using the cutting edge of botnet tools.

------
rm-rf
I have no idea what the submitters intent was, but I upvoted this and am
commenting on it because I think that it's interesting.

If the anti-botnet vendor's assertion is true, that the botnet was
ordinary/amateur, then the much of what the media called 'advanced persistent
threats' and 'state sponsored' attacks would be incorrect. If major
corporations got beaten by amateurs, the state of corporate desktop security
is far worse than I imagined.

The assertion originated from a security tool vendor though, so one must
assume that they are severely biased toward selling security tools.

~~~
iuguy
We don't sell security tools but do deal with this type of stuff. You'd be
surprised at the state of corporate desktop security and how easy it is to get
hit.

To be honest the line between APT, the more advanced criminal stuff and the
run of the mill botnets are more blurred than most vendors would be happy to
say, especially when information is bought and sold anyway (so in theory the
chinese government wouldn't even need to attack people).

~~~
rm-rf
That's interesting. I thought I was the only one with fifty thousand unsecured
desktops on my network. It's nice to know I have company.

Not really.

