China's Aurora Attack Was Really a Counterespionage Effort

The hackers gained access to sensitive U.S. government information.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

Back in 2010, Google revealed it had been the target of a large-scale attack by hackers within China. At the time, Google said the cyberattack was after information about human rights activists. But now, anonymous sources are saying the hackers were really after information about Chinese spies who were under surveillance by the U.S. government.

The Washington Post's Ellen Nakashima reported, "Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials. The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies."

CIO's Kenneth Corbin ran a similar story in late April and quoted Microsoft's Dave Aucsmith, who said, "What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on. So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That's essentially what we think they were trolling for, at least in our case."

InformationWeek's Matthew J. Schwartz recalled, "The successful attack against Google was dubbed Operation Aurora by security firm McAfee because attackers reportedly employed the Aurora (a.k.a. Hydraq) Trojan horse application. At the time, however, Google said its investigation into the attack found that 'at least twenty other large companies from a wide range of businesses -- including the Internet, finance, technology, media and chemical sectors -- have been similarly targeted.' Google also disclosed that a second branch of the attack had compromised multiple Chinese and Vietnamese activists' Gmail accounts. All told, the Operation Aurora attacks reportedly targeted at least 34 companies, including Adobe, Juniper, Rackspace, Symantec, Northrop Grumman, Morgan Stanley and Yahoo."

Mashable's Lorenzo Franceschi-Bicchierai observed, "For security experts, this is a disturbing revelation with far-reaching implications. 'I think the fact that the public has been kept in the dark about the extent of the attack is really problematic,' says Chris Soghoian, a technologist and advocate at the American Civil Liberties Union. 'It's troubling that it took three years for the public to learn this.'"

Tags: Google, Microsoft, China, cyberattack, Aurora, cyber espionage

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.