Summary: It is not Google’s fault but Microsoft’s fault that China managed to compromise accounts not just of Google but of over 20 other companies, by Microsoft’s own admission
YESTERDAY we mentioned Google’s reaction to attacks from China, which are now confirmed to be targeting different companies. It was not something against Google as Google is one among several victims and some people doubt there will be an exit from the largest Internet market.
How would leaving the Chinese market actually prevent Chinese crackers from connecting to Google servers? It would not.
Hacking Risks Persist Even If Companies Withdraw From China
Google and other enterprises still face a bleak computer security landscape that makes their companies vulnerable to hackers, whether they do business in China or not, analysts say.
Perhaps the most interesting revelation, which was found buried deep inside reports, is the role of Windows in these attacks on Google. Check this one out for example: (the emphasis in red is ours)
More sources are now claiming the Chinese government is behind the recent cyberattacks against Google and 33 other Silicon Valley companies, reports security firm Verisign iDefense. The attacks, revealed yesterday via a posting on Google’s official blog, were hacking attempts on the technology infrastructure of Google and other major corporations in sectors that included finance, technology, media and chemical, said Dave Girouard, president of Google Enterprise.
While July’s attacks were detected early and were largely uneventful, December’s attacks did find some success. In addition, these same sources claim that the files in both cases share similar characteristics. For example, both attacks used a backdoor Trojan in the form of a Windows DLL, and both share two similar hosts for the command-and-control (C&C) communication. In layman’s terms, if the cyberattack was a ground assault during a war, the C&C would be the general barking out the orders. Also in both incidents, the IP addresses used for C&C are in the same subnet and only six addresses apart from each other. That means both attacks are likely to have been instigated by the same entity and may imply that the recent victims’ technology infrastructure has been compromised since July.
As the name suggests, the carefully crafted assaults differ from the net-cast-wide malware most often seen. A targeted attack specifically selects its victim and generally sends an e-mail using that person’s name and perhaps business title. The body of the message might reference an attached list of business contacts, or describe it as an invoice, or use any other hook that would allay suspicion and convince the victim to double-click the attachment.
Real activists do not use Windows and should use GNU/Linux. A few moments ago, our reader Jose added information that confirms the above. It’s an AP article titled “Microsoft’s browser flaw exposed Google to hackers” and it says (in the opening): “Microsoft says a security flaw in its Internet Explorer browser played a role in the recent computer attacks against Google and at least 20 other companies.”
In other news, a bank server has just been compromised and Baidu got hit by the same group that exploited Windows botnets to take down Twitter [1, 2, 3, 4, 5, 6]. We mentioned this story here and there’s more from The Register:
The same group that used a DNS attack to hijack Twitter last month has defaced the home page of Chinese search engine Baidu.
Surfers visiting Baidu site on Monday night were confronted by the message “This site has been hacked by Iranian Cyber Army”, together with an image of the Iranian flag. Early speculation suggests the attack involved changing Baidu’s DNS records rather than a direct attack on the site itself, but this remains unconfirmed.
Baidu — unlike Google — was not a victim of customers who use Windows. Google should tell customers that it’s not Google that’s vulnerable; it’s Windows. Customers should therefore rethink their platform preferences. The same already goes for banks, for similar reasons. █