Warning Signs Preceded Cyber Attack On Google - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Information Management
Commentary
1/26/2010
02:37 PM
John Foley
John Foley
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Warning Signs Preceded Cyber Attack On Google

The news of a cyber attack from within China on Google and other companies has prompted a range of reactions, including Google's decision to reassess its operations there and a rebuke from U.S. Secretary of State Hillary Clinton. But no one should be surprised by what happened. Two months earlier, a U.S. government report warned that the private sector was susceptible to this very risk.

The news of a cyber attack from within China on Google and other companies has prompted a range of reactions, including Google's decision to reassess its operations there and a rebuke from U.S. Secretary of State Hillary Clinton. But no one should be surprised by what happened. Two months earlier, a U.S. government report warned that the private sector was susceptible to this very risk.That report, titled "Report on the Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation," should be required reading for all businesses and government agencies. It warns that a "reactive defense model" -- one practiced by many IT departments -- isn't enough to ward off what's described as a "long term, sophisticated computer network exploitation campaign" by the Chinese military.

The 88-page opus, published in October, was prepared by Northrup Grumman's Information Systems Sector for the U.S.-China Economic and Security Review Commission, which was created 10 years ago to monitor the national security implications of trade and economic ties between the U.S. and China.

At the time the report was issued, InformationWeek ran a story with the following headline, "Evidence Points To China In Cyber Attacks." To repeat, that was two months before Google experienced its own targeted attack, which was revealed by Google's chief legal officer David Drummond in a Jan. 12 blog post.

In fact, since Drummond first published that, Google has gone back and provided a link to the Northrup Grumman report. You can download it here.

The report provides a detailed overview of China's cyber warfare and cyber espionage strategy, a case study in advanced cyber intrusion, a timeline of "Chinese related" cyber events over the past 10 years, and a chronology of network exploitations against U.S. and foreign interests that were allegedly undertaken by the Chinese government or its cohorts.

Notably, the report includes examples of socially engineered e-mail and zero-day exploits as among China's methods, both of which may have come into play in the December cyber attacks on U.S. companies. In its report, Northrup Grumman writes that, while conclusive evidence is hard to come by, it has reason to believe that Chinese security services have teamed with "elite individual hackers" in some cases.

The report's authors acknowledge that details are fuzzy and hard to prove, and the Chinese government has denied involvement in the attack on Google. Even so, new reports point to China as a suspected source of cyber attacks on U.S. oil companies back in 2008.

There's also this sobering assessment from Northrup Grumman: "The skill sets needed to penetrate a network for intelligence gathering purposes in peace time are the same skills necessary to penetrate that network for offensive action during war time." As I said, the report should be required reading for senior management and IT pros in business and government alike.



Register now for Black Hat DC, the largest and the most important security conference series in the world. It happens Jan. 31-Feb. 3, 2010, in Arlington, Va. Find out more and register.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Commentary
AI Regulation: Has the Time Arrived?
John Edwards, Technology Journalist & Author,  2/24/2020
News
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
Slideshows
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Slideshows
Flash Poll