As more information emerges, digital security experts are saying, though "corporations around the world face millions of cyberattacks a day," this one may be special. It involving a coordinated attack against multiple companies, and exposed deep flaws in popular software. Here's what the experts think we should be worried about:
- Internet Explorer News that Internet Explorer, according to Microsoft, "was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks" is no surprise to Gizmodo's Rosa Golijan or Larry Seltzer at PCMag, the latter pointing out that "there were already ... no end of good reasons not to run IE6 anymore, but now you have one more." But Mashable's Ben Parr bucks the trend of blaming infamously insecure Internet Explorer:
Overall, while Microsoft and IE seem to be partly to blame, the attack was sophisticated and executed on multiple fronts. In fact, Verisign iDefense not only claims that the Chinese government was behind the attacks, but that compromised Adobe PDFs were also to blame ... The hackers knew who they wanted to target and what they wanted and used vulnerabilities never before known to do it.
- This Isn't Just About Google--Operation 'Aurora' Anti-virus giant McAfee's chief technology officer George Kurtz writes
about the emerging picture of an attack called "Aurora" that was not,
in fact, limited to the high-profile Google attacks. It "looks," he
says, "to be a coordinated attack on many high profile
companies targeting their intellectual property. Like an army of mules
withdrawing funds from an ATM, this malware enabled the attackers to
quietly suck the crown jewels out of many companies while people were
off enjoying their December holidays. Without question this attack was
perpetrated during a period of time that would minimize detection."
Bizarre mule analogy aside, the situation, to his mind, is serious:
"All I can say is wow. The world has changed. Everyone's threat model
now needs to be adapted to the new reality of these advanced persistent
- Were the Hackers After Government Information? Looking at reports about the specific areas of Google that were compromised, bmaz at Emptywheel is worried: "This appears to indicate that the state-sponsored Chinese hackers have hacked into the portion of the Google infrastructure that deals with government warrants, intercepts, national security letters and other modalities pertinent to the Terrorist Surveillance Program."
- Or Was It Perhaps Something Else? In the same MacWorld article bmaz cites, though, intelligence expert James Mulvenon is quoted by reporter Robert McMillan
as saying this could be more about "jump start[ing] IT innovation in
China." In other words, "if you're having trouble [innovating] or you
want to prime the pump, the best way is to go out and steal
cutting-edge [material]."Meanwhile, Shanghai-based Mara Hvistendahl, an observer of Chinese hackers, points out in an interview that
Many cyber-battles are fought by independent hackers scattered across China. They number at least 400,000, according to one conservative estimate--enough to hold a conference in Beijing every October. They have a nationalistic zeal that misfit Americans hackers lack. And their relationship with the Chinese government is fluid.