How Did Chinese Hackers Attack Google?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://science.opposingviews.com/did-chinese-hackers-attack-google-3066.html

In 2009, Chinese hackers successfully executed the first wide scale
penetration of Google's company servers. During the course of the
attack, the hackers compromised private company data and stole the
source code for some of Google's online services. The sophisticated
attack began by tricking a Google employee to compromise his computer,
through which the hackers penetrated deep into Google's internal
networks.

Phishing is a hacking technique that involves sending out an instant
message or email with a link to many different users. When someone
opens the link in the spammed email or message, the webpage tries to
infect the visitor's computer with malware. Spear phishing is a more
sophisticated type of phishing in which the hacker pretends to be
someone the user knows and then sends an instant message or email with
a link to a webpage loaded with malware. In the 2009 attack against
Google, the hackers sent an instant message to an employee in Google's
China office. The user opened the link in the message, which lead to a
website that infected his company computer with a Trojan horse.

The Trojan horse virus exploited a vulnerability in Microsoft's
Internet Explorer to establish a backdoor into Google's networks. The
virus then downloaded more malware onto the company's network. By
attacking and compromising a computer within the network, the
attackers were able to transfer the malware directly and bypass
Google's exterior network security measures.

Once the hacker's malware was on Google's internal network, it spread
from the Chinese office to the company's headquarters in Mountain
View, California, giving the hackers access to the corporate offices.
According to a April 2010 report from John Markoff for the New York
Times, the hackers proceeded to gain access to a number of Google's
source code repositories. Among these was the code for Google's
sign-in system for its array of Web services, including Gmail.

As the hackers attacked Google, they were conducting a similar attack
on the hosting service Rackspace. In the course of this attack, they
quietly took control of server space at the hosting company. The
hackers then copied the data they were stealing from Google's servers
to their stolen server space at Rackspace. Investigators are uncertain
where the data went from the Rackspace servers, but were concerned
that hackers could use the stolen source code for Google's login
system to engineer more attacks against Google in the future.

Google used its investigation of this attack, which laid all of
Google's data bare for the hackers to access, to improve its internal
security measures. However, hackers continue to try to attack Google
users directly through spear phishing attacks. Google announced one
such high profile attack in 2011 by Chinese hackers who would send
targeted individuals emails, disguised to look like routine
correspondence from coworkers, with links to a malware script. The
script would steal the user's Gmail credentials from the user's
computer. While this attack would not penetrate into Google's internal
servers, the authentication credentials would allow the hackers to
monitor and control the victim's Google account. These incidents draw
attention to the importance of scrutinizing links in emails or instant
messages before you open them, and following Google's suggestion of
implementing its two-tiered authentication system. This makes it more
difficult for hackers to compromise a Google account, even if they
succeed in stealing the user's credentials.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.