But as Jeremy Scahill tweeted last evening, read this piece by WaPo’s Barton Gellman on malicious code insertion. This news explains recent changes by Google to YouTube once it had been disclosed to the company that exploits could be embedded in video content as CitizenLab.org explains:
“… the appliance exploits YouTube users by injecting malicious HTML-FLASH into the video stream. …”
“… the user (watching a cute cat video) is represented by the laptop, and YouTube is represented by the server farm full of digital cats. You can observe our attacker using a network injection appliance and subverting the beloved pastime of watching cute animal videos on YouTube. …”
The questions this piece shake loose are Legion, but as just as numerous are the holes. Why holes? Because the answers are ugly and complex enough that one might struggle with them. Gellman’s done the best he can with nebulous material.
An interesting datapoint in the first graf of the story is timing — fall 2009.
You’ll recall that Google revealed the existence of a cyber attack code named Operation Aurora in January 2010, which Google said began in mid-December 2009.
You may also recall news of a large batch of cyber attacks in July of 2009 on South Korean targets.
The U.S. military had already experienced a massive uptick in cyber attacks in 1H2009, more than double the rate of the entire previous year.
And neatly sandwiched between these waves and events is a visit by a defense contractor CloudShield Technologies engineer from California, to Munich, Germany with British-owned Gamma Group. Read more