0 Members and 1 Guest are viewing this topic.
A new approach to China1/12/2010 03:00:00 PMLike many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers
These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
I think we must turn on the SSL in Gmail as our default settings
Google flips default switch for always-on Gmail crypto
Analysts say hackers around the world, especially from China, frequently attack Taiwan companies' computers by installing software through Trojan horses and backdoors. The attacked computers are referred to as "zombie computers" or victims of a "botnet," which let hackers control them remotely. Taiwan's robust Internet network has also made it appealing to international hackers. "Taiwan's internet infrastructure is well established, and computers are highly popular, which means [hackers] can easily find problematic computers to attack," said Steven Tsai, senior engineer of Taiwan's National Center for High Performance Computing
People familiar with the attacks say the hackers tried to mask their identity by routing their efforts through six Internet addresses located in Taiwan, a common tactic used by Chinese hackers.Five of the six addresses were owned by Era Digital Media Co., a company that provides television programs and movies through the Internet. Era Digital, which has some 800,000 daily viewers, said it wasn't aware of the attack and declined to comment further. The sixth address is owned by Qi Wei Technology Co., a financial software provider. Qi Wei said it had stopped using the relevant address in June.Lee Hsiang-chen, director of Taiwan National Police Agency's High-tech Criminal Center, said the two companies were likely victims themselves. "The two companies were probably attacked," he said, adding that Chinese hackers prefer to infiltrate Taiwan Web sites because they use the same language
Ballmer: Microsoft Will Stay in China
Operation “Aurora” Hit Google, Others...McAfee Labs has been working around the clock, diving deep into the attack we are now calling Aurora that hit multiple companies and was publicly disclosed by Google on Tuesday. We are working with multiple organizations that were impacted by this attack as well as the government and law enforcement. As part of our investigation, we analyzed several pieces of malicious code that we have confirmed were used in attempts to penetrate several of the targeted organizations.New Internet Explorer Zero DayIn our investigation we discovered that one of the malware samples involved in this broad attack exploits a new, not publicly known vulnerability in Microsoft Internet Explorer. We informed Microsoft about this vulnerability and Microsoft published an advisory and a blog post on the matter on Thursday afternoon.
