The Financial Times is reporting (registration required) that U.S. analysts believe they have identified the specific individual who is primarily responsible for authoring the “Aurora” cyberattack launched against Google and other businesses operating in China. The man, described as a security consultant in his 30s, apparently works as a freelancer and did not launch the attack himself, but developed the core technology used in the attack and posted some portions of his programming to a hacking forum, where he described it as something he was “working on.” The Financial Times also quotes sources alleging Chinese officials had “special access” to his code, saying that no one at this programmer’s level of skill is able to work without cooperating with Chinese authorities.
The attack against Google and other businesses operating in China used a previously unknown fault in Internet Explorer to penetrate Google’s internal network, and apparently focused on getting information and credentials for accounts used by Chinese human rights activists. Google disclosed the incident, proclaiming that it was done with complying with Chinese requirements to censor search results and might pull out of China entirely; the incident also has Google pondering a partnership with the National Security Agency, the United States’ largest—and most secretive—intelligence organization.
The incident has also impacted diplomatic relations between the United States and China, with U.S. Secretary of State Hillary Clinton delivering a pointed policy speech that, for the first time, outlined Internet freedoms as a key point of U.S. foreign policy.
The Chinese government has repeatedly insisted it had no role in the attacks against Google or other companies. China furthermore insists that if companies want to do business in China that they must conform to Chinese law—which includes Internet censorship. China further characterizes the United States’ stance on Internet freedoms as little more than 21st-century cultural imperialism.