Bonum Certa Men Certa

Chinese Google 'Attack' Involves Microsoft Windows Flaws

China satellite image



Summary: It is not Google's fault but Microsoft's fault that China managed to compromise accounts not just of Google but of over 20 other companies, by Microsoft's own admission

YESTERDAY we mentioned Google's reaction to attacks from China, which are now confirmed to be targeting different companies. It was not something against Google as Google is one among several victims and some people doubt there will be an exit from the largest Internet market.



How would leaving the Chinese market actually prevent Chinese crackers from connecting to Google servers? It would not.

Hacking Risks Persist Even If Companies Withdraw From China



Google and other enterprises still face a bleak computer security landscape that makes their companies vulnerable to hackers, whether they do business in China or not, analysts say.


Perhaps the most interesting revelation, which was found buried deep inside reports, is the role of Windows in these attacks on Google. Check this one out for example: (the emphasis in red is ours)

More sources are now claiming the Chinese government is behind the recent cyberattacks against Google and 33 other Silicon Valley companies, reports security firm Verisign iDefense. The attacks, revealed yesterday via a posting on Google's official blog, were hacking attempts on the technology infrastructure of Google and other major corporations in sectors that included finance, technology, media and chemical, said Dave Girouard, president of Google Enterprise.

[...]

While July's attacks were detected early and were largely uneventful, December's attacks did find some success. In addition, these same sources claim that the files in both cases share similar characteristics. For example, both attacks used a backdoor Trojan in the form of a Windows DLL, and both share two similar hosts for the command-and-control (C&C) communication. In layman's terms, if the cyberattack was a ground assault during a war, the C&C would be the general barking out the orders. Also in both incidents, the IP addresses used for C&C are in the same subnet and only six addresses apart from each other. That means both attacks are likely to have been instigated by the same entity and may imply that the recent victims' technology infrastructure has been compromised since July.


When one in two Windows PCs is said to be a zombie PC, the above should not be surprising. This was a targeted attack which must have relied on China activists' use of Microsoft Windows.

As the name suggests, the carefully crafted assaults differ from the net-cast-wide malware most often seen. A targeted attack specifically selects its victim and generally sends an e-mail using that person's name and perhaps business title. The body of the message might reference an attached list of business contacts, or describe it as an invoice, or use any other hook that would allay suspicion and convince the victim to double-click the attachment.


Real activists do not use Windows and should use GNU/Linux. A few moments ago, our reader Jose added information that confirms the above. It's an AP article titled "Microsoft's browser flaw exposed Google to hackers" and it says (in the opening): "Microsoft says a security flaw in its Internet Explorer browser played a role in the recent computer attacks against Google and at least 20 other companies."

In other news, a bank server has just been compromised and Baidu got hit by the same group that exploited Windows botnets to take down Twitter [1, 2, 3, 4, 5, 6]. We mentioned this story here and there's more from The Register:

The same group that used a DNS attack to hijack Twitter last month has defaced the home page of Chinese search engine Baidu.

Surfers visiting Baidu site on Monday night were confronted by the message "This site has been hacked by Iranian Cyber Army", together with an image of the Iranian flag. Early speculation suggests the attack involved changing Baidu's DNS records rather than a direct attack on the site itself, but this remains unconfirmed.


Baidu -- unlike Google -- was not a victim of customers who use Windows. Google should tell customers that it's not Google that's vulnerable; it's Windows. Customers should therefore rethink their platform preferences. The same already goes for banks, for similar reasons.

Comments

Recent Techrights' Posts

[Meme] Debian's 'Cannon Fodder' Economics
Conflicts of interest don't matter
According to Microsoft, It's Not a Code of Conduct Violation to Troll Your Victims Whose Files You Are Purging
The group of vandals from Microsoft think it's "funny" (and for a "nominal fee") to troll Microsoft critics
Microsoft Inside Debian is Sabotaging Debian and Its Many Hundreds of Derivatives With SystemD (Microsoft/GitHub Slopware With Catastrophic Bugs is Hardly a New Problem)
What is the moral of the story about The Scorpion and the Frog?
[Meme/Photography] Photos From the Tux Machines Parties
took nearly a fortnight
 
Links 23/06/2024: Twitter/X Wants Your Money, Google Reports a Billion DMCA Takedowns in Four Months
Links for the day
Digital Restrictions (Like DRM) Don't Have Brands, We Need to Teach People to Hate the Underlying Restrictions, Not Companies That Typically Come and Go
Conceptually, the hens should fear humans, not the farmer who cages them
Going Above 4% Again
Maybe 4% (or above) by month's end?
Conviction, jail for Hinduja family, Debian exploitation comparison
Reprinted with permission from Daniel Pocock
Links 23/06/2024: Hey Hi (AI) Scrapers Gone Very Rogue, Software Patents Squashed at EPO
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 22, 2024
IRC logs for Saturday, June 22, 2024
Gemini Links 23/06/2024: LoRaWAN and Gemini Plugin for KOReade
Links for the day
Links 22/06/2024: Chat Control Vote Postponed, More Economic Perils
Links for the day
Uzbekistan: GNU/Linux Ascent
Uzbekistan is almost the same size as France
SLAPP as an Own Goal
We have better things to with our limited time
Independence From Monopolies
"They were ethnically GAFAM anyway..."
GNU/Linux at New Highs (Again) in Taiwan
latest numbers
Links 22/06/2024: More Layoffs and Health Scares
Links for the day
Rwanda: Windows Falls Below 30%
For the first time since 2020 Windows is measured below 30%
[Meme] IBM Lost the Case Over "Dinobabies" (and People Died)
IBM agreed to pay to keep the details (and embarrassing evidence) secret; people never forgot what IBM called its staff that wasn't young, this keeps coming up in forums
Exactly One Year Ago RHEL Became Proprietary Operating System
Oh, you want the source code of RHEL? You need to pay me money and promise not to share with anyone
Dr. John Campbell on Gates Foundation
Published two days ago
Melinda Gates Did Not Trust Bill Gates, So Why Should You?
She left him because of his ties to child sex trafficker Jeffrey Epstein
How Much IBM Really Cares About Software Freedom (Exactly One Year Ago IBM Turned RHEL Into Proprietary Software)
RHEL became proprietary software
Fedora Week of Diversity 2024 Was Powered by Proprietary Software
If instead of opening up to women and minorities we might open up to proprietary software, i.e. become less open
18 Countries in Europe Where Windows Fell Below 30% "Market Share"
Many people still use laptops with Windows, but they're outnumbered by mobile users on Android
[Meme] EPO Pensions in the UK
pensioners: looks like another EPO 'reform'
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 21, 2024
IRC logs for Friday, June 21, 2024
During Fedora Week of Diversity (FWD) 2024 IBM and Its Subsidiaries Dragged to Court Over Discrimination at the Corporate Level
IBM is a deplorable, racist company
Workers of the European Patent Office Take the Office to Court Over Pension
pensions still precarious
Gemini Links 22/06/2024: FreeBSD vs XFCE and Gemini Bookmarks Syncing Solution
Links for the day
Links 21/06/2024: Matrimony Perils and US-Sponsored COVID-19 Misinformation
Links for the day
"A coming cybersecurity schism" by Dr. Andy Farnell
new from Dr. Andy Farnell
Links 21/06/2024: Overpopulation, Censorship, and Conflicts
Links for the day
IBM and Subsidiaries Sued for Ageism (Not Just for Racism)
This is already being discussed
UEFI is Against Computer Security, Its True Goal is to Curtail Adoption of GNU/Linux and BSDs on Existing or New PCs
the world is moving away from Windows
[Meme] Chat Control (EU) is All About Social Control
It won't even protect children
The Persistent Nature of Freedom Isn't About Easy Routes
Resistance to oppression takes effort and sometimes money
EFF Not Only Lobbies for TikTok (CPC) But for All Social Control Media, Irrespective of Known Harms as Explained by the US Government
The EFF's own "free speech" people reject free speech
Microsoft's Search (Bing) Fell From 3.3% to 1% in Turkey Just Since the LLM Hype Began
Bing fell sharply in many other countries
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 20, 2024
IRC logs for Thursday, June 20, 2024
The Real FSF Lost Well Over a Million Dollars Since the Defamation Attacks on Its Founder
2020-2023 income: -$659,756, -$349,927, -$227,857, and -$686,366, respectively
The Fake FSF ('FSF Europe') Connected to Novell Via SUSE, Not Just Via Microsoft (Repeated 'Donations')
'FSF Europe' is an imposter organisation
Just Less Than 3 Hours After Article on Debian Suicide Cluster Debian's Donald Norwood Recycles a Fortnight-Old 'Hit Piece'
The fall of Debian is its attack on its very own volunteers