Last updated: January 15, 2010 - 9:03am
VeriSign's iDefense security lab has published a report with technical details about the recent cyberattack that hit Google and over 30 other companies. The iDefense researchers traced the attack back to its origin and also identified the command-and-control servers that were used to manage the malware.
The cyber-assault came to light on Tuesday when Google disclosed to the public that the Gmail Web service was targeted in a highly-organized attack in late December. Google said that the intrusion attempt originated from China and was executed with the goal of obtaining information about political dissidents, but the company declined to speculate about the identity of the perpetrator. Citing sources in the defense contracting and intelligence consulting community, the iDefense report unambiguously declares that the Chinese government was, in fact, behind the effort. The report also says that the malicious code was deployed in PDF files that were crafted to exploit a vulnerability in Adobe's software.
"The source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," the report says. The researchers have determined that there are significant similarities between the recent attack and a seemingly related one that was carried out in July against a large number of US companies. Both attacks were apparently managed through the same command-and-control servers.
- How to Fight and Win the Cyberwar
- Cyberattacks on U.S. military jump sharply in 2009
- Everyone Should Pay for Cyber Defense
- Evidence Found for Chinese Attack on Google
- Survey shows cyberattacks are getting more disruptive
- The Web's Crystal Ball Gets an Upgrade
- Hackers Who Breached Google Made Earlier Attacks, Expert Says
- Expert says Chinese government likely behind massive cyberattacks
- Software developers are to blame for most cyberattacks, say security experts
- DHS Sec Napolitano Gives Rundown on U.S. Cybersecurity Efforts
- Smartphone security gap exposes location, texts, email, expert says
- Agencies aim to bolster cybersecurity
- Brennan: Google attacks heighten concern about national security
- Deterrence in Cyberspace: Debating the Right Strategy with Ralph Langner and Dmitri Alperovitch
- Pressure Builds for Congressional Action on Cybersecurity