Aurora attackers were looking for Google's surveillance database
Posted on 21 May 2013.
When in early 2010 Google shared with the public that they had been breached in what became known as the Aurora attacks, they said that the attackers got their hands on some source code and were looking to access Gmail accounts of Tibetan activists.

What they didn't make public is that the hackers have also accessed a database containing information about court-issued surveillance orders that enabled law enforcement agencies to monitor email accounts belonging to diplomats, suspected spies and terrorists.

Whether this was the primary goal of the attacks as well as how much information was exfiltrated is unknown.

It is widely believed (though never unequivocally confirmed) that hackers were hired by the Chinese government, and current and former U.S. government officials interviewed by the Washington Post say that the database in question was possibly accessed in order to discover which Chinese intelligence operatives located in the U.S. were under surveillance.

Armed with such information, Chinese intelligence agencies might decide to extract the suspected operatives, or instruct them to provide false information aimed at deceiving U.S. intelligence agents.

The theory is also backed by an earlier claim by Dave Aucsmith, senior director of Microsoft's Institute for Advanced Technology in Governments, who said that the Aurora attacks directed at Microsoft were aimed at discovering similar information regarding Microsoft accounts.

"If you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That's essentially what we think they were trolling for, at least in our case," he shared with the attendees of a government IT conference.

As usual, the Chinese deny having anything to do with the attacks, and the U.S. government has also decided not to comment on these claims. Google followed suit, and Aucsmith commented the publication of the article by saying that his comments were “not meant to cite any specific Microsoft analysis or findings about motive or attacks.”









Spotlight

Leveraging network intelligence and deep packet inspection

Posted on 26 November 2014.  |  Tomer Saban, CEO of WireX Systems, talks about how deep packet inspection helps with identifying emerging threats, the role of network intelligence, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Nov 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //