Chinese hackers used Microsoft browser to launch Google strike

Bobbie Johnson
The Guardian
Fri, 15 Jan 2010 01:36 UTC

Microsoft has admitted that its Internet Explorer browser was the weak link used by hackers to attack Google's systems in China.

The world's biggest software company today issued a security advisory and warned of a loophole that was used by Chinese hackers to attack dozens of US companies - the same attack that led Google on Tuesday to announce its plan to drop the censorship of its search engine in China.

"In a specially-crafted attack... Internet Explorer can be caused to allow remote code execution," said Microsoft in its security alert.

The company added that it had not yet fixed the vulnerability in the world's most popular web browser, which is used by around two thirds of internet users.

The attacks, which apparently attempted to steal personal information on Chinese dissidents and the code that runs some of Google's critical services, also hit a number of other companies, said to include Yahoo and US defence contractor Northrop Grumman.

Microsoft confirmed the existence of the loophole after an investigation by internet security firm McAfee and information from Google and Adobe.

"As with most targeted attacks, the intruders gained access to an organisation by sending a tailored attack to one or a few targeted individuals," said George Kurtz, McAfee's chief technology officer, adding that the hackers would then use the Internet Explorer bug to infect the victim's computer.

"Once the malware is downloaded and installed, it opens a back door that allows the attacker to perform reconnaissance and gain complete control over the compromised system. The attacker can now identify high value targets and start to siphon off valuable data from the company."

The company's admission is at odds with earlier consensus - largely based on a report from security firm iDefense - that it was Adobe's own software that had been used for the attacks.

Earlier this week experts had suggested that a "zero-day vulnerability" - jargon for a previously unknown software loophole - had been used to exploit a "major document type", thought to be Adobe's PDF format. By sending an infected document to target users, iDefense suggested, the hackers had been able to compromise victim's computers and launch further attacks.

Now, however, it appears that the strike - which analysts are now calling "Operation Aurora" - was carefully orchestrated using the hidden bug in Microsoft's systems.

The Chinese government yesterday issued its first response to the claims by Google, saying that it was opposed to computer crime and had been the victim of cyberattacks itself in the past. However, the statement, issued by the country's foreign ministry, also contained a veiled threat to other companies who may be considering following Google's stand.

"China has tried creating a favorable environment for internet," said a spokeswoman. "China welcomes international internet companies to conduct business within the country according to law. China's law prohibits cyber crimes, including hacker attacks."

Comment: Interesting bunch running iDefense:

Rick Howard, - Prior to joining iDefense, Mr. Howard lead the intelligence gathering activities at Counterpane Internet Security and ran Counterpane's global network of Security Operations Centers (SOCs). Mr. Howard served in the US Army for 23 years in various command and staff positions involving information technology and security and retired as a Lieutenant Colonel in 2004. He spent the last two years of his career as the US Army's Computer Emergency Response Team Chief where he coordinated Network Defense, Network Intelligence and Network Attack operations for the Army's global network

Jayson Jean - Mr. Jean brings more than eight years of technical experience in the software, telecommunications and security industries. Early in his career, Mr. Jean worked at several start-up companies as a Network Engineer. Prior to joining iDefense, Mr. Jean worked for SAIC, where he served as a security analyst for the US Department of Homeland Security (DHS).

Eli Jellenc - Mr. Jellenc's prior professional experience includes research positions at the UK's Royal Institute for International Affairs (Chatham House) and the Center for Defense Information in Washington, DC.

Andrew Scholnick - Since 1980, Mr. Scholnick has been in the forefront during the evolution of the Internet and was a principal innovator for projects including the US Government's automated global digital video infrastructure, the first US Government certified EC/EDI VAN, AOL's internet email gateway and core search engines, high-speed secure satellite communication technology, and real-time telephony management tools.

After China and Russia, who is next on the list of countries the US wants? Iran?

ReRan

"I'm from Ze Government, and I'm here to help you."

boli

Awful lot of lithium batteries around these days. Just sayin'. Or the other options, carelessness and sabotage.

British troops could be deployed in Gaza to assist with aid deliveries What they are really saying is: British troops could be deployed in Gaza to...

Gabriel

They treat it as a game. That's because - to them - it IS a game. They are comfortable, warm enough, cool enough, well-fed... and - perhaps most...

Science & Technology

Chinese hackers used Microsoft browser to launch Google strike

Reader Comments

Latest News

Picture of the Day

Quote of the Day

Recent Comments

Quantum Quirk