BreachExchange mailing list archives
How Did Chinese Hackers Attack Google?
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Tue, 10 Sep 2013 22:34:37 -0600
http://science.opposingviews.com/did-chinese-hackers-attack-google-3066.html In 2009, Chinese hackers successfully executed the first wide scale penetration of Google's company servers. During the course of the attack, the hackers compromised private company data and stole the source code for some of Google's online services. The sophisticated attack began by tricking a Google employee to compromise his computer, through which the hackers penetrated deep into Google's internal networks. Phishing is a hacking technique that involves sending out an instant message or email with a link to many different users. When someone opens the link in the spammed email or message, the webpage tries to infect the visitor's computer with malware. Spear phishing is a more sophisticated type of phishing in which the hacker pretends to be someone the user knows and then sends an instant message or email with a link to a webpage loaded with malware. In the 2009 attack against Google, the hackers sent an instant message to an employee in Google's China office. The user opened the link in the message, which lead to a website that infected his company computer with a Trojan horse. The Trojan horse virus exploited a vulnerability in Microsoft's Internet Explorer to establish a backdoor into Google's networks. The virus then downloaded more malware onto the company's network. By attacking and compromising a computer within the network, the attackers were able to transfer the malware directly and bypass Google's exterior network security measures. Once the hacker's malware was on Google's internal network, it spread from the Chinese office to the company's headquarters in Mountain View, California, giving the hackers access to the corporate offices. According to a April 2010 report from John Markoff for the New York Times, the hackers proceeded to gain access to a number of Google's source code repositories. Among these was the code for Google's sign-in system for its array of Web services, including Gmail. As the hackers attacked Google, they were conducting a similar attack on the hosting service Rackspace. In the course of this attack, they quietly took control of server space at the hosting company. The hackers then copied the data they were stealing from Google's servers to their stolen server space at Rackspace. Investigators are uncertain where the data went from the Rackspace servers, but were concerned that hackers could use the stolen source code for Google's login system to engineer more attacks against Google in the future. Google used its investigation of this attack, which laid all of Google's data bare for the hackers to access, to improve its internal security measures. However, hackers continue to try to attack Google users directly through spear phishing attacks. Google announced one such high profile attack in 2011 by Chinese hackers who would send targeted individuals emails, disguised to look like routine correspondence from coworkers, with links to a malware script. The script would steal the user's Gmail credentials from the user's computer. While this attack would not penetrate into Google's internal servers, the authentication credentials would allow the hackers to monitor and control the victim's Google account. These incidents draw attention to the importance of scrutinizing links in emails or instant messages before you open them, and following Google's suggestion of implementing its two-tiered authentication system. This makes it more difficult for hackers to compromise a Google account, even if they succeed in stealing the user's credentials. _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- How Did Chinese Hackers Attack Google? Audrey McNeil (Sep 11)