Google Reveals That It Has Been The Victim Of A Cyber-Attack Originating In China

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis.

In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said.

At least 34 companies -- including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical -- were attacked, according to congressional and industry sources. Google, which disclosed on Tuesday that hackers had penetrated the Gmail accounts of Chinese human rights advocates in the United States, Europe and China, threatened to shutter its operations in the country as a result.

VeriSign's iDefense security lab has published a report with technical details about the recent cyberattack that hit Google and over 30 other companies. The iDefense researchers traced the attack back to its origin and also identified the command-and-control servers that were used to manage the malware.

The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator.

Hackers who breached Google and other companies in January targeted source-code management systems, security firm McAfee asserted Wednesday. They manipulated a little-known trove of security flaws that would allow easy unauthorized access to the intellectual property the system is meant to protect.

The software-management systems, widely used at businesses unaware that the holes exist, were exploited by the Aurora hackers in a way that would have enabled them to siphon source code, as well as modify it to make customers of the software vulnerable to attack. It’s akin to making yourself a set of keys in advance for locks that are going to be sold far and wide.