Microsoft IE Hole Used in Google China Attacks
Update 3: Now the State Department is quoted as saying it will issue a formal "demarche" to the Chinese government. From the Register:
"We will be issuing a formal demarche to the Chinese government in Beijing on this issue in the coming days, probably early next week," US State Department spokesman P.J. Crowley told reporters Friday. "It will express our concern for this incident and request information from China as to an explanation of how it happened and what they plan to do about it."
The top American official in China says the U.S. government will stay out of negotiations between Internet giant Google and the Chinese government. At the same time, though, he stressed that the issue of Internet freedom is related to free speech, which is a core American value.
He said the U.S. government sees the American company’s negotiations with China as a business matter and therefore will not get involved.
According to multiple sources, the attacks exploited a new security hole in Microsoft’s Internet Explorer. Microsoft is working with Google and other partners o patch the hole. The attackers called the attacks "Operation Aurora", according to McAfee.
Original Artilcle: There has been a lot of confusion and mixed reporting going on around this whole Google China situation. Verisign, whose iDefense team who has researched the attacks took note of this and put up a blog post trying to clear the air. Read that to get a clear summarization of what the firm knows. Within that, Verisign says:
The attack bears significant resemblance to a July 2009 attack in which attackers launched targeted e-mail campaigns against approximately 100 IT-focused companies. The July attack employed a PDF file that exploited a zero-day vulnerability in Adobe Reader. The malware associated with the summer attacks communicated with Command & Control Servers configured similarly to the Command and Control Servers involved in the Google attacks. In fact, the C&C servers from the Google attacks are within the same subnet and six IP addresses apart from the Command and Control server addresses in the summer attacks.
Considering the similarity of the two attacks, it is likely that the summer attacks and the Google attacks originate from the same actor and that the organizations targeted in the Silicon Valley attacks have been compromised since July. It is not much of a stretch to speculate (This is the speculation part) that both attacks leveraged an Adobe vulnerability although that has not been confirmed and Google is not talking.
We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation. The ability to operate with confidence in cyberspace is critical in a modern society and economy. I will be giving an address next week on the centrality of internet freedom in the 21st century, and we will have further comment on this matter as the facts become clear.
Chinese government officials were quoted by Bloomberg:
"The Chinese government administers the Internet according to law and we have explicit stipulations over what content can be spread on the Internet," Foreign Ministry spokeswoman Jiang Yu said at a regular briefing in Beijing today. Chinese law prohibits hacking and other forms of online attacks, she said, declining to say whether that law also applies to state agencies.
"Effective guidance of public opinion on the Internet is an important way of protecting the security of online information," Wang Chen, director of the State Council Information Office, said in a question-and-answer session with reporters, a transcript of which was posted on the office’s Web site today.
Google.cn is still accessible (at least from here in the U.S.), and it is no longer censoring search results. Among the other companies affected by the attacks were Yahoo and Adobe.