Analyst: Google Hacked by Amateurs

| News

Reports that China's government was behind cyber attacks on Google and several other companies may be wrong, and instead was the work of amateurs, according to the technology security company Damballa.

The company recently completed its own analysis of the attacks designed to access Gmail accounts along with company secrets and found that the tools used by the hackers seem to indicate they weren't professionals. In its report, Damballa said "The attack is most notable, not for its advanced use of an Internet Explorer 6 Zero-Day exploit, but rather for its unsophisticated design and a pedigree that points to a fast-learning but nevertheless amateur criminal botnet team."

The company's statement contradicts Google's assertion that the attacks were orchestrated by professionals and were most likely directed by the Chinese government. The Damballa report also claims that the attacks most likely weren't targeted, as Google suggests, but instead were fairly generalized.

At the time, Google stated "We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists."

Apparently the attacks on Google can be traced back to July 2009 and some test runs of a botnet. By December, when Google became aware of the hacker's work, at least seven countries had already been affected by the attacks. By January 12, 2010, the number of affected countries had jumped to 22.

By mid February, a U.S. government investigation had linked a Chinese security expert's work to the attacks, and seemed to tie his research to government activities.

"Based on a thorough analysis of deeper data surrounding the attacks... it appears that Aurora can be best classified as just another increasingly common botnet attack, and one that is more amateur than average," the Damballa report said.

Using more rudimentary tools to carry out a cyber attack don't necessarily rule out government involvement. They do, however, serve as a reminder that even unsophisticated attacks can be effective when given enough time.

[Thanks to Computerworld for the heads up.]

Comments

Lee Dronick

Is it possible that the attack was done by professionals, but made to look like amateurs. A red herring if not a red panda.

geoduck

That was my first reaction too. China does not want it traced back to them. One good way of hiding their involvement is to make it look like a bunch of kids who were “a fast-learning but nevertheless amateur criminal botnet team.” Look at the targets. The accounts of Human Rights activists. A bunch of kids wouldn’t be interested in them. The Chinese government would be.

mactoid

It also occurs to me that Google would prefer the perception that they were hacked by professionals using advanced, technically sophisticated techniques, as opposed to amateurs using relatively unsophisticated, and generally available techniques.  Google is now a prime target of every socially maladjusted teenage hacker out to make a name for themselves; and they now know its possible.

Lee Dronick

t also occurs to me that Google would prefer the perception that they were hacked by professionals using advanced, technically sophisticated techniques…

Yes there is certainly the possibility of that scenario.

Log-in to comment