Chinese Government Traced to Google Cyber Attack
January 15, 2010
(ChatahBox)–Not that this news comes as a surprise; the VeriSign iDefense Internet security lab has traced the recent cyber attacks waged within China against Google and dozens of other U.S. companies, to the Chinese government. The security company released a lengthy and detailed technical report linking the cyber warfare to a “single foreign entity” within China and the report links China to previous cyber assaults against U.S. firms in Silicon Valley. Putting aside for a moment, the technical fingerprinting uncovered by VeriSign iDefense, the findings are shocking, although not surprising. What this all means, is that the Chinese government has been systematically waging an Internet campaign of industrial espionage against U.S. companies for quite some time.
Google made a startling announcement on Tuesday on its company blog, saying that the search engine firm was prepared to leave China due to ongoing censorship issues with the government, as well as the discovery that Chinese hackers breached multiple Gmail accounts and stole propriety information from Google. The search engine giant uncovered evidence that the Chinese hackers targeted email accounts of human rights activists and Chinese dissidents. During Google’s investigation of the breach, the company learned that at least 20 additional U.S. companies had also been targeted.
Google informed several congressional lawmakers of the attacks and the White House and Secretary of State Hillary Clinton were also briefed on the cyber espionage.
The iDefense report concluded, without a doubt, that the the Chinese government was behind the cyber attacks. The report also points to malicious code buried in PDF files that were used to exploit a vulnerability in Adobe’s software. However, Adobe has denied that a weakness in the firm’s software was used for the attacks. The security firm McAfee believes that a vulnerability in Microsoft’s browser, Internet Explorer was used to wage the cyber assaults against Google and other U.S. companies.
The iDefense researchers traced the attack back to its point of origin and also identified the command-and-control servers that were used to manage the malware. “The source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof,” the report says.
The report also raises questions about recent Internet security breaches discovered in July at a number of U.S. companies based in Silicon Valley. VeriSign iDefense believes that the same Chinese entity that attacked Google also waged an assault on the Silicon Valley firms.
Sounding an ominous note the report concludes: “Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July.”