A freelance security consultant in China wrote the exploit code targeting Internet Explorer 6 that was used in the attacks on Google and others, according to a published report.
The unidentified programmer had posted pieces of the exploit to a hacking forum, and Chinese officials had "special access" to his work, the Financial Times reported on Sunday. The programmer did not launch the attack, the report said, citing an anonymous researcher working for the U.S. government.
Last week, The New York Times reported that researchers had traced the attacks to computers at Shanghai Jiaotong University and Lanxiang Vocational School, which has ties to the Chinese military. However, officials at the schools have denied those claims.
Google announced January 12 that its network had been compromised and e-mail accounts belonging to human rights activists in China had been targeted. As a result, Google said it would stop censoring search results in China and possibly leave the Chinese market altogether. The Chinese government subsequently denied any involvement in the attacks.
Microsoft issued a patch for the IE hole a week after acknowledging the vulnerability, and after exploit code for the hole had been released in the wild.