In the ongoing saga of the Google hacker attack from China, VeriSign’s iDefense group, according to Ars Technica, has issued a report from their security lab pinpointing the Chinese government as the culprit in the attacks. The report, which steps beyond Google’s careful non-naming of suspects and the U.S. State Department’s tip-toe politics, cites sources in the defense and intelligence communities that specifically name the Chinese government to have been behind the hacking.
This explosive information has taken center stage, dwarfing the announcement from Microsoft regarding a critical Zero-Day flaw in Internet Explorer, which was also likely used in the compromising attack on Google’s Gmail and other services in China. Erik Larkin at PC World explains that these Zero Day attacks were part of the campaign against Google and others in targeting human rights activists in China.
Meanwhile, McAfee Labs have been hard at work doing their share of investigation, naming the effort Aurora and naming various companies that were targeted in the attack. They point that the attack vector on the IE exploit was targeted specifically at Internet Explorer 6, still popular in some parts of Asia using older machines, though no longer supported by Microsoft. Their name “Aurora” for the attacks comes from the file path used on the hacker’s machine, which was included on two unscrubbed binaries left behind.
McAfee goes on to highlight the fact that in today’s cyber warrior battlefield, the Advanced Persistent Threat (APT) is the deadliest form of attack and is the one most feared by defenders. Using this strategy of pinpoint, targeted attacks that are swift and often unnoticed, the hackers compromised several high profile companies including Google, Adobe and Yahoo! (among others), as we reported yesterday.
The story continues to unfold and it will be interesting to see the political response to this latest information.