Page last updated at 08:59 GMT, Thursday, 14 January 2010

Security experts say Google cyber-attack was routine

By Maggie Shiels
Technology reporter, BBC News, Silicon Valley

A Chinese flag flutters outside Google's China headquarters in Beijing
Google has about 700 staff in its China offices

The cyber-attack that made Google consider pulling out of China was run of the mill, say security experts.

Google revealed its move following attempts to hack Gmail accounts of human rights activists.

The search giant said analysis showed that the series of attacks originated from inside China.

"This wasn't in my opinion ground-breaking as an attack. We see this fairly regularly," said Mikko Hypponen, of security firm F-Secure.

"Most companies just never go public," he added.

"Human-rights activists are the biggest target," said Mr Hypponen. "Everyone from Freedom for Tibet to Falun Gong supporters and those involved in Liberation of Taiwan are hit."

F-Secure has been monitoring such attacks against Chinese human-rights activists since 2005.

Google has operated in China since 2006 and has now said it was no longer willing to censor results on its Chinese search engine as the government required.

China has responded to Google and said that foreign firms were welcome to trade in the nation "according to the law". The spokesman added that the net was "open" in China.

Other victims

Of the attacks, Google said only two Gmail accounts were accessed and that hackers got very limited information. This included when the account was set up and the subject line rather than content of e-mail messages.

The company said that the accounts of dozens of US, China and Europe-based users who are advocates of human rights in China had been routinely accessed by third parties. homepage ( archive image)
Google says Gmail accounts of rights activists have been accessed

The cyber-criminals broke in using a tactic known as "phishing" where a legitimate e-mail is sent claiming to come from someone the user knows and trusts.

Typically these e-mail messages have a booby-trapped attachment that, once opened, places malware on a computer.

Once an e-mail account is compromised, attackers can piggyback on it to get access to confidential files and systems throughout an organisation.

"The attacker really did their homework finding out first who to attack, who the key people were in the organisation and how to attack them," said Mr Hypponen.

Google has said publicly that another 20 companies were hit. Adobe is the only other company to go public with this information.

But many security experts say the figure is much higher.

"We know of at least 40 companies that were attacked. For the most part they were in the US," said Chris Day, chief security architect of IT services firm Terremark.

"This goes on all the time. Of the Fortune 100 companies, all 100 are under some sort of attack all the time."

Mr Day told the BBC a host of those targeted were technology and software companies based in Silicon Valley.

Google has revealed that finance, chemical and media firms were hit.

Blame game

Questions are now being asked about who orchestrated the attacks.

"We are not saying one way or another these attacks were state sponsored or done with the approval of the state," said David Drummond, Google's chief legal officer.

"We do know they were highly organised and we believe the attacker came from China."

who's your hacker sign
Over 20,000 new sources of malware are detected every day

The inference being drawn across the security community is that the Google attack and those on other US companies were sanctioned by government.

"Sources indicate that they believe the attack is the work of actors operating on behalf of or in the direct employ of official intelligence entities of the People's Republic of China," said iDefense Labs in an e-mail to the BBC.

IDefense also revealed that this incident resembles one that took place in July 2009 against nearly 100 IT-focused companies.

"A nation state getting into the business of hacking companies is a really big shift," said Dan Kaminsky, director of penetration testing at security firm IOActive.

"The question now is are we going to see a significant increase or decrease in these kinds of attacks?"

Safe and secure

Google has stressed that users have nothing to fear about the security of the information it holds.

magazine covers
President Obama has said cybersecurity is one of his main concerns

"The fact that they have come out and are transparent about what has happened is good for user trust," said Terremark's Mr Day.

"I have seen far worse things happen and I think larger organisations, and even individuals, should take this as an object lesson that no-one is immune to these attacks."

General security advice for all users is to have a strong password that is changed regularly and includes letters, numbers and symbols.

All security patches should be up-to-date and users should never open attachments unless they know the person they are being sent by and are expecting them.

Print Sponsor

The BBC is not responsible for the content of external internet sites

Los Angeles Times Google threat to leave points up China-linked cyber attacks - 7 hrs ago
CIO Magazine Hackers Used Rigged PDFs to Hit Google - and Adobe, Says Researcher - 21 hrs ago Adobe hit by Chinese Google attack - 22 hrs ago
Dark Reading Spear-Phishing Attacks Out Of China Targeted Source Code, Intellectual Property - 30 hrs ago
The Sun Google: We are quitting China 17:12 - 41 hrs ago

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific