The Dark Side of Software Engineering by Glass Robert L. Rost Johann. & Robert L. Glass

Author:Glass, Robert L.,Rost, Johann. & Robert L. Glass
Language: eng
Format: epub
Publisher: John Wiley & Sons, Inc.
Published: 2011-03-21T16:00:00+00:00

3.9 LATE-BREAKING NEWS

Operation Aurora: Google Hacked by China?

In January 2010, a few days before we had to send our final manuscript to the publisher, Google and other well known companies were successfully targeted by a cyber attack. If the circumstances of the attack were not so extraordinarily interesting we would probably have decided that the material was too premature to be included in our book. However, since the case includes so many new and important details, we include here our current understanding of the case—even if we expect more details to appear in the near future.

Many experts suspect that the attack came from China. And quite a few of them expressed their opinion that most likely the Chinese government is behind this attack. The Chinese government promptly denied having anything to do with the case and blamed an American conspiracy instead. Nevertheless, the attack caused an intensified public discussion and tensions in the international relations between the United States and China.

Note that we, the authors, are computing practitioners by profession and choose not to participate in this political and moral discussion. We simply will report the known facts and offer some explanations, leaving it to the reader to form his or her own opinion.

What Happened?

The attack started in December 2009 and was publicly disclosed by Google on January 12, 2010. The cyber security company McAfee was among the first who published technical details of the attack (a few days later).

The attack was based on a zero-day vulnerability of Internet Explorer—i.e., a bug of Internet Explorer that affects its security (a vulnerability) but has not been published (or is not known) so far (“zero day”). This is what happened, according to our current knowledge.

The attack was classified as an “advanced persistent threat” (APT). Let’s define the term by breaking it down into parts.

Advanced: The attacker applies state-of-the-art cyber war technology and usually one or more zero-day exploits. This makes it different from the more frequent “usual” attacks which apply (mildly adapted) technology readily available on Web sites visited by hackers.

Persistent: The attack works toward a strategic goal specified in advance. Unlike opportunistic cyber criminals who try to steal “everything what can be made into money,” a “persistent” attacker ignores temptations such as credit cards. He might have the goal of capturing the source code of a certain system, for example. He will try his best to deliver this source code and will not risk his mission by being caught (for example, with a stolen credit card).

Threat: Usually there are people, real humans, behind the attack to control and guide it—not just a piece of software, such as a virus, that blindly infects all systems of a certain profile (that is, a certain version of the operating system). Usually these people are highly trained, motivated, and well funded.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.