Were Google Hackers Amateurs Or Chinese Cyber Commandos?
When Google discovered it had been hacked it quickly pointed the finger at sophisticated hackers acting on behalf of the Chinese government and vowed to hit back by stopping censoring its search results in China.
But was Google really the victim of highly expert Chinese hackers? Nick Farrell, on TechEye, reports that it could have been the work of amateurs.
According to a new report from McAfee the Operation Aurora attack targeted the source code management systems of companies, allowing them to siphon source code as well as modify it.
... According to the paper, the hackers gained access to software configuration management systems (SCM), which could have allowed them to steal proprietary source code or surreptitiously make changes to the code that could seep undetected into commercial versions of the company's software product.
Dmitri Alperovitch, McAfee's vice president for threat research said the SCM's were wide open and no one ever thought about securing them.
Gunter Ollmann, vice president of research at Damballa and one of the authors of the report said that botnet was in many ways unremarkable.
Aurora was just another increasingly common botnet attack and one that is "more amateur than average."
Does this mean Google will back down from its claims of Chinese cyber hacking? China has long maintained that it was not involved.
And will it continue with its pledge to stop censoring its Chinese version of Google?
It would seem that it would at least have to go ahead with quitting censoring its search results. There's no way it can backtrack again on this important point of principle. Which means it might have to leave China.
You'd think that Google's security would be beefier than it is. It would certainly help it avoid making such sweeping statements and dramatic pledges that deeply impact its business, based on faulty data.