It is interesting to read the developments in the recent attack against Google a.k.a. “Aurora”
What I find as perplexing is the fact that even after a recent formal protest by the US State Department to the Chinese authorities, many concede that there is little or nothing the US government can do to retaliate. Apparently, this is not the first time. According to State Department spokes person, Phillip Crowley, …”Similar concerns have been raised in the past on numerous occasions”.
So what can we really do?
This is an example of the complexities the world faces with the proliferation of the internet. While the political ramifications are many and complex, and outside the realm of the technological debate, the question that we need to pose is – “What can we do technologically ? ”
Technologically corporations need to become self reliant in matters of information security which includes everything we have been doing all these years and much more.We need to accept that “zero days” can undo the best work we have done and put the organization at risk. How do corporations balance budgets, corporate responsibility, shareholder value and yet manage this risk effectively when there are known underground sites that openly “trade” in zero days in the name of research!
We need to avoid making security a mere ‘checklist” requirement but rather we need to realize that information security is tied to business and negating one means risking the other. We need to educate knowledge workers, we need to take a proactive stance for matters relating to cyber security and we need to avoid the “EQSM mentality – EQuipment based Security Mentality” that I have been advocating for years.
In addition to that, C level executives need to understand the risks that are involved and cannot expect a major incident to occur before they pay attention what many Infosec professionals have been trying to tell them for years.
In most of my global speaking engagements, one question seems to come up over and over again – “How do I convince the C level executives in my organization about the risks we face so that they will pay attention to the changes I would like to propose ?”
A panacea to this disease could be education based proactive action over and above what we are doing now and we learn painfully that equating the strength of an organization’s security posture to their IT Security budget is nothing but a placebo.
Unfortunately it is incidents like these that remind us of of the fragile state we are in and the vast amount of work that lies ahead of us.
Source code was stolen from some of the more than 30 Silicon Valley companies targeted in the attack, sources said. Adobe has confirmed that it was targeted by an attack, and sources have said Yahoo, Symantec, Juniper Networks, Northrop Grumman, and Dow Chemical also were targets.
The German government recommended people avoid using Internet Explorer until Microsoft Corp. provides a patch to fix a “critical” security flaw that allowed a cyber attack against Google Inc.
McAfee says references in the IE-related attack code it analyzed indicate that the attackers called the operation “Aurora” and that the attack was extremely sophisticated.
There is a lot of news coming out about the attack on Google and everyone involved is trying to figure out exactly what happened. Lot of the evidence has started pointing to the Chinese government as being behind it.
VeriSign confirms Chinese government was behind cyberattack on Google.
How were systems compromised?
What was the payload of the exploit?
Once a system was successfully compromised, the exploit was designed to download and run an executable from a site, which has since been taken offline. That executable installed a remote access Trojan to load at startup. This Trojan also contacted a remote server. This allowed remote attackers to view, create, and modify information on the compromised system.
Microsoft says it best in their security blog:
“We have determined that Internet Explorer was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks.”
Here is the posting from McAfee Blog – http://siblog.mcafee.com/cto/operation-“aurora”-hit-google-others/
As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals. We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.
Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company.
Google has decided to deploy https by default for Gmail users. The decision follows revelations of efforts by attackers to improperly access the Gmail accounts of Chinese human rights activists.
Well done Google. You have really taken a stand against China’s censorship policies. Very well done indeed.
IBM earned the most U.S. patents of any company in the world, grabbing 4,914 patents in 2009. Second place Samsung took home 3,611 patents, while Microsoft batted third with 2,906 patents.
IBM has 30,000 patents under its belt. Wow!
EC-Council has launched Whitepapers portal at HackerJournals. You will be able to download tons of PDF documents on various categories from Hacking, Forensics, PenTest, Cryptography to Operating System. Have a look at http://whitepapers.hackerjournals.com
This year CES was full of vaporware promises and lots of noise. The two products that looks promising are 3D televisions and Slate computer.
Microsoft demonstration of their slate offering was pretty bad. It was nothing but Windows 7 OS running on tablet computer. I expected more from Steve Ballmer. What a disappointment!
Let’s hope Apple does not fail us with their iSlate product (I guess).
Kickstart 2010 with exciting new products from EC-Council. CEHv7, CHFIv4, ECSA/LPT v5 and ECDR / ECVT.
Keep watching this channel for more updates.