The entire world has been talking about Google’s decision to not censor its China search engine after it became the victim of Chinese cyberattack. And while we’ve talked a great deal about its global implications and the censorship in China, we haven’t talked a lot about exactly how Chinese hackers actually broke through Google’s security measures.

A recently published analysis by antivirus/computer security firm McAffee seems to have some of the answers.

They have launched an investigation into the attack has turned up some interesting results, including the likely codename of the operation as well as a key vulnerability in Microsoft’s Internet Explorer that may have helped the hackers succeed.

The Logistics of the Attack

McAffee begins by stating that it discovered a previously unknown vulnerability in Internet Explorer that was exploited by the malware used in the attack. Microsoft has been informed of the exploit and responded, saying they’re developing an update to counter the vulnerability.

Here’s McAffee’s explanation of the vulnerability:

“As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.

Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.”

The attack targeted a few key individuals to install malware and rip open a hole through security via Internet Explorer. McAffee made sure to note that the IE flaw was just one way the hackers infiltrated the networks of Google and 20+ other companies.

As for why McAffee believes that the attackers called the operation “Aurora,” here’s their explanation as well:

“Based on our analysis, “Aurora” was part of the filepath on the attacker’s machine that was included in two of the malware binaries that we have confirmed are associated with the attack. That filepath is typically inserted by code compilers to indicate where debug symbols and source code are located on the machine of the developer.”

Overall, while Microsoft and IE seem to be partly to blame, the attack was sophisticated and executed on multiple fronts. In fact, Verisign iDefense not only claims that the Chinese government was behind the attacks, but that compromised Adobe PDFs were also to blame. However, Adobe disputes this notion.

The hackers knew who they wanted to target and what they wanted and used vulnerabilities never before known to do it. The nature of the attack likely played a big role in Google’s decision.

Image courtesy of iStockphoto, bunhill

Tags: attack, china, Google, internet explorer, McAffe, trending

Go to Source