China Google cyberattack part of spying campaign: experts

Click to follow
The Independent Online

The cyberattacks that prompted Google into defying Chinese censors appear to have been part of an ongoing campaign to steal precious source codes and track human rights activists, experts said on Wednesday.

"It's a complete pattern of attacks," said Jeff Moss, founder of the Black Hat and DefCon computer security conferences and a member of the US Homeland Security Advisory Council.

"You can see what is going on... China's strategy is to suck up all the information of interest to the country," Moss said. "It doesn't surprise me they want to get at people who use Google."

Google vowed Tuesday to stop bowing to Chinese Internet censors and risk banishment from the lucrative market to protest "highly sophisticated" cyberattacks aimed at Chinese human rights activists.

"Google has brought to light a lot of the stuff security people have been saying for years behind the scenes," Moss said. "These attacks are well written; it's not just a group of hackers that got together."

China-based cyber spies struck the Internet giant and reportedly more than 30 other unidentified firms in an apparent bid for computer source codes, intellectual property, and information about activists around the world.

Adobe came forward on Wednesday to say that four days earlier it had a "computer security incident involving a sophisticated, coordinated attack against corporate networks systems" managed by them and other firms.

"We are currently in contact with other companies and are investigating the incident," Pooja Prasad of Adobe said in a blog post. "At this time, we have no evidence to indicate that any sensitive information has been compromised."

Adobe told AFP the attacks could be related to the Google incidents given the timing.

Adobe and other technology firms that make text, video, or Web-surfing software used in most of the world's computers are prime targets for cyber spies who could turn software secrets to their advantage, according to Moss.

"Nowadays you go after the browsers, Flash, Acrobat, Office and personal anti-virus software," Moss said.

In the attack on Google, cyber spies were evidently out to swipe computer code as well as to mine email messages of China human rights activists who use the California Internet giant's free online Gmail service.

Google on Wednesday changed the default settings for Gmail users to automatically encrypt messages.

Security specialists weighing in on the situation noted similarities between the recent cyber assault and attacks on about 100 US companies in the middle of last year.

"We sent information about the source IP addressed to some defense contractors who see attacks like this all the time from China," said Eli Jellenc, manager of International Cyber Intelligence at Verisign-iDefense.

"Sure enough, the IP and M.O. of this set of attacks resemble some we see going back well into last year. This group has been doing this already; they are just doing more of it and more tightly coordinated."

The scope of the recent cyberattacks was unprecedented, with variants of malicious software tailored for different victims, according to Jellenc, who called it "a significant leap in the amount of planning and strategy."

"The attackers were after the companies' most valuable intellectual property. In one they were after software, another after engineering schematics, another after corporate strategy plans," Jellenc said.

Tactics included tricking computer users with ruses in ploys referred to as "social engineering."

Cyber spies evidently selectively targeted workers with email crafted to appear as though they came from bosses or colleagues. Messages included attached files booby-trapped with malicious software, according to Jellenc.

When bogus messages were opened, computers were infected with hidden programs which could swipe information, seize control of machines, or create "back doors" for unauthorized access to files.

Google said its investigation revealed that accounts of China human rights activists who use Gmail in Europe, China or the United States have been "routinely accessed" using malware sneaked onto their computers.

Google believes the attack on its network was mostly blocked and that only minor information was stolen from two accounts.

The Internet giant did not specifically accuse the Chinese government of being behind the cyberattacks.

But China is being eyed as the probable culprit due to the sophistication of the attacks, the targets, and the fact the assaults originated in that region.

Comments