Google Cracks Door to Secrets
Google's bombshell announcement that it might pull up stakes in China because of cyberattacks and censorship points up a concern long overdue for higher scrutiny, security experts say.
For more than a decade, China and other nations have been ramping up state-sponsored cyberintrusions of commercial and military targets. Public outrage has been muted mainly because victimized organizations have disclosed as little as possible.
"Google's great gift is, it is helping us realize the breadth and depth of these attacks, something other companies have been trying to keep secret," says Alan Paller, managing director of the Sans Institute security think tank.
The search giant on Tuesday revealed details of systematic probes of its databases, as well as those of 20 other companies. On Thursday, security firm McAfee disclosed that it has isolated a sample of the attackers in action.
Meanwhile, a Los Angeles law firm has disclosed that it has come under attack a week after filing a $2.2 billion lawsuit against China on behalf of a California-based software company called Cybersitter. The lawsuit accused China of pirating computer code created by the company and using it in a state-sponsored child-protection censorship service.
On Monday, partners at Gipson Hoffman&Pancione began receiving personalized e-mail ruses routed through Internet addresses located in China that were poised to deliver data-stealing programs, says Gregory Fayer, an attorney at the firm.
Attackers used a very similar attack against Google and the 20 companies. They began by sending e-mails or instant messages addressed to senior technical managers, enticing them to click on a Web page link, says George Kurtz, McAfee's chief technical officer. Doing so activated a newly discovered flaw in Microsoft's Internet Explorer Web browser.
The attackers used the browser flaw to take control of the PC and "began probing the network for high-value intellectual property," Kurtz says. Extracted data were sent to servers hosted by Rackspace, a San Antonio Web-hosting company, then transferred again.
Microsoft said Thursday that it is working on a patch, and advised setting IE's "security zone" feature on "high." The type of attacks against Cybersitter's attorneys and Google are nothing new; in the latter, the execution was top notch. "This wasn't a 13-year-old kid pounding out a quick Trojan (data stealer)," Kurtz says.
China's foreign ministry issued a statement on Thursday saying the Internet in China is open, and companies that follow China's laws are welcomed.
China has made no secret about its desire for a homegrown tech industry, says James Lewis, program director at the Center for Strategic and International Studies.
"One of the ways they've been pursuing that goal is through illicit technology transfer," Lewis says.