Security firm outlines how attack against Google was pulled off

January 17, 2010 By Pete Carey

A Silicon Valley Internet security firm has described for the first time how hackers from China were able to crack Google's defenses, saying the attackers took advantage of a flaw in Microsoft's Web browser to probe deeply into the company's network.

The new description of the attack raises questions about the security of Google's increasingly popular computing "cloud," a term that refers to the clusters of servers it uses to store user's information. , however, insisted that the cloud is safe, and it will continue to use it for its business operations.

The , which Google said emanated from China and in part targeted Chinese dissidents, led the search giant to reassess its operations in that country and threaten to pull out because of mounting frustrations over censorship and other issues.

According to the Associated Press, a Chinese official Thursday endorsed the country's current rules governing , giving little indication it's willing to loosen controls over the Web.

"China's Internet is open," said Jiang Yu, a foreign ministry spokeswoman, according to the AP. "China welcomes international Internet enterprises to conduct business in China according to law."

Microsoft confirmed the nature of the attack and said it is working to patch the flaw, which affects some versions of its Internet Explorer browser.

The intruders gained access to Google by targeting a few key individuals at the company who had access to intellectual property, McAfee said in a corporate blog. Once they clicked on a malicious link, they were taken to a Web site where was downloaded onto their computer through the flaw in their browsers.

The software established "complete control" over the target's computer, said George Kurtz, McAfee's worldwide , and let them potentially gain "access to sensitive intellectual property and to move that property to another location outside of that network and company."

The software used in the attack "looks very sophisticated," Kurtz said. "There's multiple layers of encryption. The whole purpose is to attack and burrow into a company's network and go undetected as long as possible."

Google discovered the attack in mid-December.

Google spokesman Scott Rubin said, "This not about cloud computing. This is about hacking." Since the attack, the company has taken "additional steps to protect our users," Rubin said. "We believe that Google services are safe to use. That's why we use them all day every day."

In addition to the Google network, the high-profile intrusion also targeted Gmail accounts in the United States and other countries. This may prompt users to demand better security for electronic mail and other personal data that's stored on Internet clouds, some advocates say.

"The problem up until now is that people like Google have emphasized speed and efficiency and ease of use," said John M. Simpson, an advocate with Consumer Watchdog. "In too many cases they have let security and privacy become a secondary issue. This situation is a wakeup call for everybody."

Tuesday night, just after announcing the widespread security breach from China on its official blog, Google announced that it would allow Gmail users to always encrypt their mail as it travels between a user's Web browser and Google's servers. While such encryption would not have prevented the malware or phishing intrusion of human rights activists' Gmail accounts, Google said the feature would help protect data from being snooped by others in places such as public wifi hotspots.

Mark Shavlik, CEO of Shavlik Technologies, which helps companies with cloud computing initiatives, said, the penetration of Google "is not unique for cloud computing, as attacks can occur anywhere on the Internet. However, if you do use you should make sure your provider is using industry standard processes and solutions to automate and secure their (and your) environment."

"I don't think this is an event that will dissuade people from leveraging the cloud," added Kurtz of McAfee, "but it will shed light on the fact that companies and organizations need to make sure their cloud providers have adequate security measures in place."

Explore further: Microsoft's browser flaw exposed Google to hackers


Related Stories

Microsoft, HP fail to back Google's China move: FT

January 14, 2010

The chief executives of Microsoft and Hewlett-Packard have declined to back Google's threat to pull out of China over censorship and cyberattacks, the Financial Times reported on Thursday.

Google to end China censorship after e-mail breach (Update)

January 12, 2010

(AP) -- Google Inc. will stop censoring its search results in China and may pull out of the country completely after discovering that computer hackers had tricked human-rights activists into exposing their e-mail accounts ...

Recommended for you

'Astrocomb' opens new horizons for planet-hunting telescope

February 19, 2019

The hunt for Earth-like planets, and perhaps extraterrestrial life, just got more precise, thanks to record-setting starlight measurements made possible by a National Institute of Standards and Technology (NIST) "astrocomb."


Adjust slider to filter visible comments by rank

Display comments: newest first

4 / 5 (1) Jan 17, 2010
Google employees with access to proprietary intellectual information there should be using Chrome, not IE -- and certainly not IE 6.
1 / 5 (1) Jan 17, 2010
I'm apparently in 'the cloud' secondary to my gmail account .. and i dont WANTto be there! Why is it not possible for me to store all MY emails etc, on MY computer!??

The cloud can burn in hell ...
1 / 5 (1) Jan 18, 2010
May be another type of Industrial Espionage simiilar to Wold Bank.
Why World Bank said "we will not allow in our premises and later took soothing action.
Attorney Kate Patchen in USDoJ in year 2006 & Fbi said they are seeing into the Satyam World Bank issue and have issued a watch list during 2006 similar to Satyam & World Bank issue,BUT ARE NOT EFFECTIVE IN CATCHING other CULPRITS
Software companies are doing (bid-hacking and espionage to steal data) this by having a separate department, till now Wipro and other companies have haacckeed 1000's of companies doing industrial espionage.

5 / 5 (1) Jan 18, 2010
@tkjtkj - Google probably employs industry standard and state of the art internet protection systems. In all senses, their secutiry standards would be much more sophisticated than your single stand alone PC. If Google crumbled, trust me your PC wouldn't stand a chance...
not rated yet Jan 18, 2010
'Listening' into personal emails is not restricted to China. The US illegally did it for some years ... then, when caught at it, they legalized the process.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.