China syndromeWhat the Chinese attacks on Google mean for enterprise security
Chinese government intelligence operatives exploited vulnerabilities in Internet Explorer 6 and higher to launch sustained cyber attacks against 32 Western companies operating in China; the hacking of the Gmail accounts of political dissidents were but a tiny part of the attacks; rather, the attacks were part of a coordinated campaign that targeted the intellectual property of a wide swath of the U.S. industrial base, including Dow Chemical, Symantec, Yahoo!, Northrop Grumman, and Juniper Networks; wide-ranging industrial espionage is a central element in the Chinese government’s effort to hasten the rise of China to a position of global economic hegemony
We have written several stories about the Chinese government’s cyber attacks on Google and thirty-one other large Western companies. What is the meaning of these attacks? Computerworld’s Andrew Jaquith helps explain.
First, the background:
The Who and What: Google detected a coordinated attempt by Chinese entities to compromise the accounts of Chinese dissidents. David Drummond, Google’s chief counsel, said, “A primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.” According to George Kurtz at McAfee, the attacks were part of a large-scale, well-organized operation called Aurora.. As a result, Google has stopped censoring its search results in China, and has considered pulling out of the country entirely.
The How: as this story has played out, a second wave of stories emerged about the attack vectors. Microsoft has released a bulletin stating that a zero-day exploit in Internet Explorer 6 and higher was the attack vector. McAfee’s George Kurtz confirms that IE 7 and 8 vulnerabilities were used. iDefense speculated that PDF-phishing may have been a vector too. But it has not been shown definitively to be an attack vector yet.
The attacks were not just about dissidents. The attacks appeared to be part of a coordinated campaign that targeted the intellectual property of a wide swath of the U.S. industrial base, including Dow Chemical, Symantec, Yahoo!, Northrop Grumman, and Juniper Networks.
Many affected parties are collaborating on the investigation and post-mortem analysis. Google, Adobe, Microsoft, McAfee, and others are all sharing information about the attack. No doubt the FBI and agencies are in the mix, too.
Jaquith writes that there are many things we still do not know, and many details are still emerging. The identities of the balance of the 30+ companies that were attacked, for example, remain a mystery. Still, we know enough to form some conclusions. Here is Jaquith’s “What It Means” for enterprises:
The threat landscape has not changed; but our perception of it has. Mikko Hypponen gets it right when he says that “This wasn’t in my opinion ground-breaking as an attack. We see this fairly regularly.” Targeted zero-day attacks are routine, particularly against government agencies and in the aerospace and defense sectors. What is new is that we are now seeing headlines about it. Companies were spilling credit card numbers and SSNs long before it became headline fodder. And so it is with this class of attack,
