X

Google China insiders may have helped with attack

Google looking into whether employees in China could have played a part in what looks like a multi-prong attack on the company, sources familiar with the investigation tell CNET.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
3 min read

Google is looking into whether employees in its China office were involved in the attacks on its network that led to theft of intellectual property, according to CNET sources.

Sources familiar with the investigation told CNET last week that Google was looking into whether insiders at the company were involved in the attacks, but additional details were not known at the time.

Insiders could have played a part in what is believed to have been a multi-prong attack on the company, according to the sources.

Employees in the Google China office were put on leave and others were transferred, Reuters reported on Monday, citing local media reports and unnamed sources. Employees in the office were temporarily cut off from the network so Google could run tests and scans to ensure that the network was secure, sources familiar with the investigation told CNET.

A Google spokesperson declined to comment on specifics of the attack.

Meanwhile, France has joined Germany in urging people to avoid using Internet Explorer until a patch is released to fix a hole that was used in the attack on Google and for which exploit code targeting that vulnerability has been published on the Web. The French security organization CERTA issued a statement warning IE users about the threat, following a similar advisory from Germany's federal security agency last week.

Google discovered a sophisticated and targeted attack on its network in mid-December that originated in China and also targeted what is believed to be at least 30 other companies--including Yahoo, Symantec, Juniper Networks, Dow Chemical, Northrop Grumman, according to sources and reports.

In the attack on Google, Gmail accounts of two people were targeted, but only limited information was exposed, Google said. Separately, accounts of Gmail users who were human rights activists were compromised somehow and had been breached, Google said.

Foreign journalists living in Beijing, including a TV reporter for the Associated Press, were among those who had their Google e-mail accounts hijacked, The New York Times reported on Monday. The settings on the accounts were changed so that e-mail sent to the journalists was forwarded to other addresses, the report said.

As a result of the attacks, Google says it will stop censoring its Web search results in China and may stop doing business there.

To get access to computers on Google's network, attackers used software that exploits a new hole in Internet Explorer, Microsoft said late last week. Exploit code for that zero-day hole is now available on the Web for IE 6, which was specifically targeted in the attack. Customers using IE 6 or 7 should upgrade immediately to IE 8, Microsoft says.

Sources familiar with the investigation speculate that attackers sent e-mails that included a link to a Web site hosting malware to administrators or people with authorization to access certain parts of the Google network. If the e-mail appeared to come from someone familiar, the targets would be more likely to click on the link and get their computer infected. In at least some of the attacks on the companies, a version of the Hadraq Trojan, which installs a back door on computers, was used, sources said.

McAfee says analysis of the code in the attacks targeting Google indicates that the attackers were calling the operation "Aurora."

The U.S. government plans to ask China for a formal explanation regarding the cyberattacks against Google and the other U.S. companies, according to a State Department spokesman. Meanwhile, Secretary Clinton is expected to deliver "a major policy address on Internet freedom" in Washington, D.C., on Thursday.

Updated at 12:54 p.m. with Google declining to comment on specifics.