Wavety.com
Google Wave, News, Reviews, Gadgets and Robots.
‘Google Security’ Category
-
Google Aurora Hackers May Have Changed Source Code
A recent report by a security firm is claiming that the recent wave of hacking attacks on Google, along with dozens of other firms, pilfered and modified crucial system source code by intruding into the employees’ PCs via privileged login credentials.
The hackers actually targeted only a small bunch of employees who were responsible for controlling source code management systems, which control several changes that developers introduce while they write any software, according to George Kurtz, CTO at the security firm McAfee.
The white paper, published by McAfee during RSA security conference in San Francisco, divulges some unexplored details about the recent attacks, codenamed as “Operation Aurora”, which impacted as many as 34 companies, such as Google and Adobe, starting from July last year.
Incidentally, McAfee assisted Adobe in investigating the kind of attacks launched on its systems, and even provided crucial details to Google about malware used in exploiting its systems.
Dmitri Alperovitch, McAfee’s VP for threat research, described the software configuration management (SCM) systems as the “crown jewels” of the companies.
Along the same line, he said: “No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting”.
-
Google Aurora Attack Carried Out By “Amateurs”?
An analytical study conducted by US security firm Damballa has been revealed that the cyber attack which was targeted at Google’s corporate infrastructure and that of 20 other US companies, was apparently carried out by a group of amateurs, who had been testing the attack since July 2009.
The company revealed that upon thorough investigation of the malware and CnC (Command And Control) topologies used by the cyber criminals, it was determined that the attack was a version of an increasingly common botnet attack, albeit a dangerous one.
Gunter Ollmann, vice president of research at Damballa, dismissing the Google attack as a state-sponsored operation, said in a statement that “I would say this particular botnet group was not well funded because the level of the tools used would have been far superior to what it was. Some of the codes within the malware were at least five years old.”
Explaining the functionality behind the alleged amateur botnet attack, Ollmann said that the botnet was based on basic command topology and relied heavily on Dynamic DNS CnC techniques which are hardly used by professional botnet developers who prefer more sophisticated techniques.
Mr. Ollmann went to add that criminals had targeted companies in seven other countries before setting their eyes on Google.
-
Chinese Schools Deny Involvement In Google Aurora Hack
US investigators have zeroed in on the source of recent wave of cyber attacks that crippled the servers of Google along with 20 other companies, according to reports.
Quoting a researcher working with the US investigators, the Financial Times reported yesterday that a freelance security consultant in China published the code that helped exploiting vulnerabilities in Microsoft’s Internet Explorer 6 web browser.
The Financial Times also claimed that the Chinese authorities had “special access” to the work of this consultant, and he published at least some part of the code to a hacking forum. However, the consultant himself didn’t launch the attack, but he facilitated for the same, the report said.
The report comes high on the heels of The New York Times report that pinpointed two Chinese schools, namely Lanxiang Vocational School and Shanghai Jiaotong University, for the attacks.
Of the two, the Lanxiang Vocational School was reportedly claimed to have connections with the Chinese military. However, a day later, the two schools denied their alleged involvement in the attacks, and representatives from Lanxiang rebuffed the reports of having ties with the Chinese PLA.
Originally published on ITProPortal.com
More Details Emerge About Chinese Involvement In Google Cyber Attacks
The team of cyber security experts investigating the cyber attack on Google has apparently established the identity of the Chinese programmer who created the sophisticated program that was used to hack into Google and other US companies.
This fresh piece of evidence linking the Chinese government to the cyber attack comes days after the team of cyber investigators traced the spyware back to two well known educational institutes in China, with one of them having close ties with the Chinese military.
The Financial Times has reported that according to a security researcher working for the US government, the Chinese programmer is a 30 year-old freelance cyber security expert, who after developing the program, posted a part of it on a Chinese hacking forum, as something he was ‘working on’.
Last year in December, Google had reported a hacking attempt on the firm’s corporate infrastructure, which had also targeted the Gmail accounts of some Chinese human rights activists. The company had also revealed that the cyber attack, which had originated from China, had also targeted 20 other US based companies.
Search engine giant Google had threatened to close down its operations in China if the country does not permit it to operate in a censorship free environment.
Google Aurora Attack Originated From Chinese Schools
A security expert investigating the cyber-attack on Google, that had targeted the Gmail accounts of Chinese human right activists, has claimed that the hackers behind the attack were also responsible for the cyber-attacks made on several Fortune 100 companies in the past one and a half year.
According to security analyst, James C. Mulvenon, cyber investigators have succeeded in creating profiles of the hackers involved in the Google attack based on the types of cyber violations, the way the computer code was written and the symbols used in the code.
The profiles thus created have revealed to the investigators that the same hackers were involved in several other cyber-intrusions made on Fortune 100 companies.
Surprisingly, the attacks seem to originate from two Chinese schools, the Shanghai Jiaotong University and the Lanxiang Vocational School.
Last month in January, search engine Google had revealed to the world that the company’s corporate infrastructure had been breached by a cyber-attack originating from the People’s Republic of China. Google had also reported that the cyber-attack also targeted 20 other US multinational companies.
This revelation by Google had triggered a global debate on freedom of information over the internet and countries like China, Iran and Egypt were criticised for restricting information over the internet.
NSA Teams With Google Over Cybersecurity
The electronic surveillance agency of the US government, the National Security Agency (NSA), will soon be assisting search engine giant Google, to improve the company’s cyber security in order to prevent any further cyber attacks on the company’s corporate infrastructure, similar to the one, which was reported by Google several weeks ago.
According to sources privy to the matter, the agreement between the two heavy weights, which is still being finalised, will see both organisations working together in order to investigate the nature of the cyber attack, which is said to have originated in China.
The idea behind this cyber security alliance, according to anonymous sources, is to allow the two organisations to share vital information and resources that will help the government and the industry to set-up cyber security measures that are both in favor of national security, interests of US businesses and most importantly, the US citizens.
However, the news of a possible cyber security alliance between NSA and Google has caused apprehensions in the mind of many who feel that the NSA will intrude on the privacy of Google users.
Such worries may be unfounded with the Washington Post reporting that it sources have claimed that “The deal does not mean the NSA will be viewing users’ searches or e-mail accounts or that Google will be sharing proprietary data.”
Google Hackers Used Social Engineering Tricks To Carry Out Attacks
McAfee, one of the world’s leading antivirus software and computer security companies, has claimed that the hackers which were responsible for the cyber attack on Google and several other US-based companies first ran a highly sophisticated reconnaissance on some of the employees at Google and might have impersonated their friends on some social networking sites.
McAfee’s Chief Technology Officer George Kurtz announced that the hackers used complex social engineering techniques and advanced reconnaissance techniques to specifically target those individuals which had access to sensitive company information.
Explaining the tactic used, Kurtz mentioned “Speaking generically, we’re seeing a lot more targeted attacks where people focus on [employees with] the highest set of privileges, and then work backwards, gaining access to secondary parties to get to the primary source.”
If what Kurtz is saying is true then it means that hackers had to first compromise and manipulate social networking accounts of friends of some Google employees.
The targeted employees then received links to malicious websites from the compromised accounts, which they went on to click as they believed that those links were sent by a friend.
However, the CTO of McAfee believes that this cyber attack on privately held companies by the government of another country proves that global cyber wars have attained a whole new level.
Google Toolbar Bug Allows Google To Track Sites Visited
A bug in the Google Toolbar application apparently enables Google to track URLs of the websites visited by the user along with associated directories, filenames, URL parameters and search terms even after the user has ‘disabled’ the toolbar’s ‘enhanced features’.
Ben Edelmen, a Harvard professor and a long-time Google critic reported on his blog that Google Toolbar continued to transmit data back to Google servers even after he disabled the feature and he further went on to supply screenshots and video evidence to support his claim.
In his blog post, commenting on Google’s intrusion of a user’s privacy, Edelmen said that “Fact is, the ‘Disable Google Toolbar only for this window’ option doesn’t work at all: It does not actually disable Google Toolbar for the specified window.”
However, the search engine giant Google was prompt in issuing a statement, acknowledging a bug along with a patch that fixes the problem.
The company said in an emailed statement that the bug only affects versions 6.3.911.1819 through 6.4.1311.42 of Google Toolbars for Internet Explorer web browser.
Google also claimed that the bug does not come into affect until users activate the ‘enhanced features’ of the toolbar, which according to Edelmen, is surprisingly easy than disabling it altogether.
Kaspersky Security Application Flagging Google Adsense As Malware
A recent Kaspersky antivirus software update accidentally listed Google’s Adsense advertising solution as a malicious script, causing confusion and inconvenience to many.
Google Adsense is widely used as an online advertisement platform by numerous legitimate but small websites on the internet.
It was reported that when a visitor, who has an activated Kaspersky antivirus software installed, accessed a web page with an Adsense advertisement on it, the security application would flashed a message on the screen that warned the visitor against a Trojan virus that was supposed to be on the page, when in fact wasn’t.
Furthermore, depending on the settings applied by the user, Kaspersky software blocked the ‘affected’ pages, making them inaccessible.
However, the Russian antivirus company, acknowledging the false alert issued by its popular software, issued a statement along with a patch that fixes the problem.
Te statement admitted the mistake and mentioned “Kaspersky Lab would like to apologize for any inconvenience this problem may have caused users. The company is continually improving its procedures for testing products and releasing updates to prevent such errors from occurring in future.”
The company reported that the problem occurred when an incorrect signature was added to the company’s database which led to Kaspersky products blocking legitimate websites that contained the Google Adsense script.
Security Expert Confirms Chinese Fingerprints On Google Attacks
A researcher working with a leading US security firm has claimed that he has found ‘fingerprints’ of Chinese hackers in the ‘highly sophisticated’ cyber attack that had targeted search engine giant Google and several other US-based companies.
The Director of SecureWorks’ Counter Threat unit, Joe Stewart, who reverse engineered the code that was used in the cyber attack, reported that the newly discovered ‘fingerprint’ of Chinese hackers is an error-checking algorithm in the software that installed the Hydraq backdoor on the compromised PCs.
Stewart reported in his paper that the algorithm that installed the Hydraq backdoor comes from a technical paper in the Chinese language that has been published exclusively on some Chinese websites.
He also said that the CRC, or cyclic redundancy check, used a table of only 16 constants, a compact version of the more standard 256-value table.
Claiming that the CRC-16 is ‘virtually unknown’ outside China, he added that “This indicates the Aurora code base originated with someone who is comfortable reading simplified Chinese. Although source code itself is not restrained by any particular human language or nationality, most programmers reuse code documented in their native language.”
- IBM Unveils New Global Water-Management Projects http://dlvr.it/4vjn8
- eBay Launches Eco Friendly Packaging http://dlvr.it/4vds0
- New Google Doodle Adds To Mystery http://dlvr.it/4vZDx
- New Spam Attack Exploits Facebook Flaw http://dlvr.it/4vXKB
- Key Vendors of Data Storage Systems to Demonstrate Their Solutions at InfoSecurity Russia VII http://dlvr.it/4vSw8
ITProPortal Network
© Copyright Wavety.com 2010