New evidence in Google attack points East

Researcher supports claim that sophisticated attack may have originated in China

The fallout from the recent cyberattacks against Google and other companies, which occurred in December and were revealed by Google last week, continues to spread.

A security researcher for SecureWorks says he has found evidence to support Google’s claim that last month’s attacks on the company’s systems originated in China, while another security expert called the attacks the largest and most sophisticated in years specifically aimed at businesses.

The attacks, which used the Hydraq Trojan to open a back door into infected systems, affected Google and 33 other companies, including at least several prominent defense contractors. In addition to concerns over possible stolen information, the event has raised discussions about free speech and censorship in China.

Joe Stewart, SecureWorks’ director of malware research, said he analyzed the software used in the attacks and found that it contained an algorithm from a Chinese technical paper that has been published only on Chinese-language Web sites, according to a report in the New York Times.

Google officials, in announcing the attack in a Jan. 12 blog post, have said they suspected that the attack had originated in China, saying that the Gmail accounts of human rights activists in China had been monitored or hacked. The Gmail accounts of foreign journalists also have reportedly been hacked. The company is threatening to pull its operations out of the country. 

Other companies reported to have been affected include Microsoft, Juniper Networks, Northrup Grumman, Symantec, Yahoo and Dow Chemical.

The security company McAfee said the attacks had exploited a vulnerability in Internet Explorer. Microsoft reported that the vulnerability exists in IE 6, but is recommending that users of IE 6 and IE 7 upgrade to IE 8 as soon as possible.

The attacks are similar to a July 2009 attack that involved about 100 companies, according to VeriSign iDefense.

In a blog post, McAfee Chief Technology Officer George Kurtz, dubbing recent the attacks “Operation Aurora,” called it “the largest and most sophisticated cyberattack we have seen in years targeted at specific corporations.”

“While the malware was sophisticated, we see lots of attacks that use complex malware combined with zero day exploits,” Kurtz wrote. “What really makes this is a watershed moment in cybersecurity is the targeted and coordinated nature of the attack with the main goal appearing to be to steal core intellectual property.”

Meanwhile, Google is investigating whether some of its employees in China might have helped the attackers. Reuters reported that some employees in China had been placed on leave or transferred.

 

About the Author

Kevin McCaney is editor of Defense Systems. Follow him on Twitter: @KevinMcCaney.

Reader Comments

Tue, Apr 20, 2010

These attacks are not "mischief"!; they are practice. If threats can be clearly identified/linked to a perpetrator, decisive reponse should be directed to completely disable any subsequent attacks. PERIOD!

Wed, Jan 27, 2010 optional near the beltway

Wonder if the response should be kinetic (small-scale) just to drive the point home?

Thu, Jan 21, 2010 M Reston, VA

We are at war with China. They have attacked our infrastructure just as surely as The Allies bombed the Axis in World War II. That's the bad news. The good news is that despite the fact that they have committed massive resource to making mischief, they don;t seem to be all that damaging from a big picture perspective. My question is at what point do we stop watching and pattern-finding, and launch devastating counterattacks to teach these cyber Vandals and Visagoths a lesson and disrupt their ability to make their mischief?

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above