Wednesday, 13 January 2010 18:47
Yesterday’s revelation by Google that they had been hacked by China is an important event in two dimensions.
First the moral dimension. When you play nice with totalitarian states you are going to get burned. Google has long maintained that by providing their search, hosted blogging, and email services to the people of China they were supporting access to information and community that would be a long term benefit . A benefit that outweighed the evil of blocking or redirecting searches on “Tibet” and “Falun Gong” and “democracy” at the behest of the Chinese Communist rulers. Well that is wrong. Can you imagine Google blocking search terms on making bombs or jihadist recruiting sites in the US? Well why not? It is pretty transparent that Google has been motivated by the potential for business in a country that has the largest population of Internet users. Google should pull out of China until they are allowed to operate there with no government interference.
Now the attack dimension. According to Google’s official statements the attacks against them followed a very familiar MO, one that is indeed associated with other attacks from China that were probably used to compromise email servers at Whitehall in the UK, the Chancellery in Germany, and the US Pentagon. Custom Trojans are attached to emails and sent to particular email addresses within the target. This is the exact technique used by China to compromise the Office of the Dalai Lama as uncovered by SecDev and published in the ground breaking GhostNet report by InfoWarMonitor.
While vulnerabilities in Adobe’s PDF reader may be associated with the attack it is important to note that a zero-day vulnerability is not needed to get a custom Trojan installed; any old un-patched vulnerability will do. The “customization” is there to avoid detection by AV products.
As Google discovered they have been caught up in a massive espionage effort that goes well beyond their operations. Every enterprise should learn from this incident. If Google can succumb to this simple method of attack what can your organization do to protect its information and IT assets? Read this blog and I will tell you as I research my next book: Cyber Defense: Countering Targeted Attacks.