By Scott M. Fulton, III, Betanews
On Tuesday, Google described an alleged series of attacks on its servers and others’ as an apparent effort by an unknown China-based source to gain access to private information about human rights activists in that country. No less than Secretary of State Hillary Clinton acknowledged her staff being briefed by Google on the matter — this after almost five years of apparent silence toward government officials from Google regarding its business arrangement with the government of China.
But in a blog post today which officially dubbed the alleged attack “Operation Aurora,” McAfee CTO George Kurtz, in revealing his company worked with Google in investigating the attack, suggested a completely different motive. Specifically, Kurtz alleged that a new and heretofore unseen malware turned up during his investigation, appeared to be designed to search for a specific type of company intellectual property.
“As with most targeted attacks, the intruders gained access to an organization by sending a tailored attack to one or a few targeted individuals,” Kurtz wrote. “We suspect these individuals were targeted because they likely had access to valuable intellectual property. These attacks will look like they come from a trusted source, leading the target to fall for the trap and clicking a link or file. That’s when the exploitation takes place, using the vulnerability in Microsoft’s Internet Explorer.”
The malware’s payload opens a back door, Kurtz went on, enabling the attacker to determine whether the door leads to anyplace important, and then “start to siphon off valuable data from the company.” That would fit the profile of an attacker looking to steal business documents, not search for the whereabouts of Chinese human rights activists as Google suggested.
But then Kurtz deepened the mystery even further, stating that although all versions of Windows including Windows 7 are vulnerable to this new exploit (which McAfee states it did report to Microsoft), the malware was crafted specifically for Internet Explorer version 6. Not IE7, not IE8, but IE6.
One may reasonably ask, just who at Google — the maker of Chrome, its own Web browser — would be a potential target who also would happen to be running IE6 on Windows 7 — a system which, by default, installs IE8? And just what intellectual property would the attacker be searching for that would fulfill the goal McAfee’s Kurtz outlined of stealing valuable company IP, that would also be capable of ferreting out human rights workers’ addresses?
“All I can say is wow. The world has changed,” Kurtz closed his post. “Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”
9:45 pm EST January 14, 2010
Related posts:
