The recent events surrounding a targeted intrusion at Google have intrigued many and sparked many recent debates on a variety of issues. While Shadowserver is familiar with several of the events surrounding this compromise, we are not getting up to the minute updates or fully clued into everything that happened. With that said there are a number of things we would like to say and do not need much more information about this specific event in order to say them. A few items here will come as no surprise to a few but should continue to open the eyes of others.
In a recent CBS 60 Minutes segment Jim Lewis, a Director at the Center for Strategic and International Studies (CSIS), described a major attack or “digital Pearl Harbor” that occurred in 2007 against the U.S. where massive amounts of data were stolen by foreign entities. These were neither the first attacks nor were they the last attacks against the U.S. would see. These attacks have continued daily and are leading to what Lewis has called “the death of a thousand cuts.” Little by little organizations of all types are being broken into and having intellectual property and other information stolen.
Unfortunately we can tell you these scenarios are playing out day in and day out on a massive scale, whether we recognize it or not.
Cyber Espionage Intrusions Run Rampant: Google Compromise is *NOT* atypical
Targeted cyber intrusions are occurring daily at a very staggering level. Industries in the United States are heavily targeted but this truly is a global problem that is facing nearly every nation. These are not your run of the mill cyber attacks. They may have varying levels of sophistication, however, the attacks are often much more advanced than what most users have and will likely ever see. The next closest thing, perhaps on a parallel playing field, is those that are stealing vast amounts of money from banking systems that require two-factor authentication and/or dual approvers to transact. In these cases the attacks often start off extremely broad and are narrowed down.
These attacks seek to exfiltrate information from the targets or use them to further attack their infrastructure or other trusted parties. We should not be surprised as there are several stories dating back to at least 2005 which start tell the same tale. In 2005 a Time magazine article introduced us to Titan Rain and gave us a very interesting look into cyber attacks apparently coming from China. In early 2008 we saw a detailed BusinessWeek report on cyber espionage attacks affecting various governments, defense contractors, and corporate entities. Nearly a year later we saw the Gh0stnet Report telling a similar tale affecting the Tibetan community. Even more recently we learned of targeted attacks against Solid Oak Software in which source code was stolen and ultimately introduced into a product produced by two Chinese companies. Even the law firm representing Solid Oak Software has come under attack in the last week. Here we are in early 2010 being surprised by the same thing all over again.
The reality is that these attacks have not slowed down at all. In fact they may be in overdrive. You might start to see a theme arise in this post around that idea. Google has stirred up some real attention what many do not realize is a very widespread problem.
Be sure to read the full blog entry...SS isn't in the business of spreading FUD, just the truth.
This has been happening for many years (remember Titan Rain?)....and will likely continue. The recent Google (Aurora) attack has just focused attention on the issue, which is long overdue IMO.
For more details on the malware (Trojan.Hydraq), check out the new post by Symantec.On a more lighter but still serious note, be sure to check out blog posts by Rik Ferguson & Rafal Los.