Reuters is reporting that Google is now investigating the possibility that one or more Google employees could have been involved in the recent attack in China, but is not offering comment on any details. The news agency reports:
Security analysts told Reuters the malicious software (malware) used in the Google attack was a modification of a Trojan called Hydraq. A Trojan is malware that, once inside a computer, allows someone unauthorized access. The sophistication in the attack was in knowing whom to attack, not the malware itself, the analysts said.
Local media, citing unnamed sources, reported that some Google China employees were denied access to internal networks after January 13, while some staff were put on leave and others transferred to different offices in Google’s Asia Pacific operations.
Regardless of whether or not insiders were involved, it’s important to note that "Operation Aurora", as the attacks have been dubbed, stem from a particular vulnerability in Micosoft’s Internet Explorer. Security giant McAfee has a page set up with information on protection. The company explains:
McAfee Labs identified a zero-day vulnerability in Microsoft Internet Explorer that was used as an entry point for “Operation Aurora” to exploit Google and at least 30 other companies. Microsoft has issued a security advisory and McAfee is working closely with them on this matter. “Operation Aurora” was a coordinated attack, which included a piece of computer code that exploits a vulnerability in Internet Explorer to gain access to computer systems. This exploit is then extended to download and activate malware within the systems. The attack, which was initiated surreptitiously when targeted users accessed a malicious Web page (likely because they believed it to be reputable), ultimately connected those computer systems to a remote server. That connection was used to steal company intellectual property and, according to Google, additionally gain access to user accounts.
The company’s "Security Insights" blog has been updated continuously, and may be a good spot to keep in mind for the latest developments on Operation Aurora.
The attack on Google has of course led to Google stopping the censoring of its search results in China, which could in turn lead to the company having to shut down its Chinese operations. Philipp Lenssen at Blogoscoped points to some other instances where Google is censoring results.
More WPN articles on the Google/China story here.