Does Google Need Computer Forensics Help?
Google’s Cyber Attacks and Computer Forensics
I just came across this the other day and as surprised to see such a sophisticated attack on Google’s internal systems. Is the Chinese government behind these attacks or a group of sophisticated hackers?
Official Google Blog: A new approach to China
In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this Report to Congress (PDF) by the U.S.-China Economic and Security Review Commission (see p. 163-), as well as a related analysis (PDF) prepared for the Commission, Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.
Looks like it is time to get the Network Security teams together and also some Computer Forensics professionals as well and figure out what China is up to. For Google it sounds like it was more a target of Gmail but the other corporations, who knows. They were definitely looking for information and who knows how much they got.
What is your opinion on this? Is any system truly safe? Leave you opinions and thoughts in the comments section.
