bullet Topic

Highly sophisticated and coordinated hack attack

By QnA-Group

Google has decided to stop censoring search results in China, after discovering that someone based in that country had attempted to hack into the e-mail accounts of human rights activists. The company disclosed the move in a startling announcement posted to its blog late Tuesday.

Google said it was prepared to pull its business out of China, if issues around the surveillance and its decision to stop censoring results could not be resolved with the Chinese government.

Although the company did not accuse the Chinese government of being behind the hack attacks, Google said that the attacks, combined with attempts by China over the last year to “further limit free speech on the web” led it to conclude that it needed to “review the feasibility of our business operations in China.”

The company decided it will no longer censor search results on Google.cn, which it had been doing as a concession to the Chinese government since 2006 in order to be able to operate in China. The company didn’t say when it would stop censoring material but stated that it would be discussing with Chinese authorities how it might continue to operate legally in China, if at all, with an unfiltered search engine.

“We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China,” wrote David Drummond, Google’s chief legal officer and senior vice president for corporate development.

A source knowledgeable about the issue told Threat Level that the company is concerned about the repercussions of its decision on its employees in China. The source said the company timed its announcement for late Tuesday in the United States to come after the close of the stock market but also to coincide with early morning in China so that employees there would learn about what was happening before they arrived to work.

Google is “really concerned about their safety and feels that there is a very real possibility that they will be interrogated,” the source said. “They have been [interrogated] numerous times before, and this time they could be arrested and imprisoned.”

The search and advertising giant discovered in December that it was the target of a “highly sophisticated” cyberattack on its corporate infrastructure, which resulted in the theft of intellectual property. However, in investigating the incident, the company wrote on its blog, it soon realized the attack was something more than a simple security breach.

At least 20 other large companies were targeted as well, including other internet and technology companies as well as businesses in the financial, media and chemical sectors.

Google concluded that the primary goal of the attackers who targeted its network was to hack into the Gmail accounts of Chinese human rights activists. The attackers appeared, however, to succeed at obtaining access to only two accounts. That access was limited to basic account information, such as the date the account was created and the subject lines of e-mail, not the content of the correspondence. Google spokesman Gabriel Stricker told Threat Level that the company has already notified the owners of those accounts.

The attackers used nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and obscure their activity, according to Alperovitch.

“The encryption was highly successful in obfuscating the attack and avoiding common detection methods,” he said. “We haven’t seen encryption at this level. It was highly sophisticated.”

The hack attacks, which are said to have targeted at least 34 companies in the technology, financial and defense sectors, have been dubbed “Operation Aurora” by McAfee due to the belief that this is the name the hackers used for their mission.

The name comes from references in the malware to the name of a file folder named “Aurora” that was on the computer of one of the attackers. McAfee researchers say when the hacker compiled the source code for the malware into an executable file, the compiler injected the name of the directory on the attacker’s machine where he worked on the source code.

Minutes after Google announced its intrusion, Adobe acknowledged in a blog post that it discovered Jan. 2 that it had also been the target of a “sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.”

Neither Google nor Adobe provided details about how the hacks occurred.

ref: http://www.wired.com/threatlevel/2010/01/operation-aurora/
6th Jan 20