Analyst: Google Hacked by Amateurs

Reports that China's government was behind cyber attacks on Google and several other companies may be wrong, and instead was the work of amateurs, according to the technology security company Damballa.

The company recently completed its own analysis of the attacks designed to access Gmail accounts along with company secrets and found that the tools used by the hackers seem to indicate they weren't professionals. In its report, Damballa said "The attack is most notable, not for its advanced use of an Internet Explorer 6 Zero-Day exploit, but rather for its unsophisticated design and a pedigree that points to a fast-learning but nevertheless amateur criminal botnet team."

The company's statement contradicts Google's assertion that the attacks were orchestrated by professionals and were most likely directed by the Chinese government. The Damballa report also claims that the attacks most likely weren't targeted, as Google suggests, but instead were fairly generalized.

At the time, Google stated "We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists."

Apparently the attacks on Google can be traced back to July 2009 and some test runs of a botnet. By December, when Google became aware of the hacker's work, at least seven countries had already been affected by the attacks. By January 12, 2010, the number of affected countries had jumped to 22.

By mid February, a U.S. government investigation had linked a Chinese security expert's work to the attacks, and seemed to tie his research to government activities.

"Based on a thorough analysis of deeper data surrounding the attacks... it appears that Aurora can be best classified as just another increasingly common botnet attack, and one that is more amateur than average," the Damballa report said.

Using more rudimentary tools to carry out a cyber attack don't necessarily rule out government involvement. They do, however, serve as a reminder that even unsophisticated attacks can be effective when given enough time.

[Thanks to Computerworld for the heads up.]