What did Google's attackers do?
 

Can anybody with some "insider knowledge", heh heh, post about this? All Google said was that they were "sophisticated" attacks coming from China, I, generally speaking, love to know how hackers minds from all over the world work, so - does anybody know?

I'd be interested in the big picture too. I haven't paid much attention to the news, but what little I did read gave me the impression that the attack was based on an Internet Explorer exploit. I'm not sure what happened beyond that.

It's all related to bills browser AFAIK.

Read this for some more
http://tech.slashdot.org/story/10/01...gle-Now-Public

http://tech.slashdot.org/comments.pl...6&cid=30789090

Okay, so what happened after client-side arbitrary code execution abilities were gained?

they executed an attack.

Uh, you could have simply answered "I don't know", or better yet, just waited for someone who does to post. There's tons of different directions which could have been taken by the bad guys once they reached this point in their attack.

Or you could have looked it up yourself ?

Should I be posting intimate details of a hack on a public forum anyway ?

There are enough script kiddies out there without giving them detailed instructions here.

I gave some starting references for more information. Surely only newbies want the answer on a plate.

I've read multiple news articles regarding this event, and I'm still not exactly sure how it all unfolded. In other words, I'm quite likely in a situation similar to what the OP is in, and I'm looking forward to the valuable insight typical of the LQ community. If you have any links to reputable news sources which will shed light, please don't hesitate to share them.

No, of course you shouldn't - but unless you actually do have some, it's a moot point regardless.

This thread isn't about getting detailed instructions, okay? Heck, it isn't even about providing a detailed account of what happened. It's simply a means by which we may better understand what transpired during this extremely significant breach of security. That's all that it can be, because anything beyond that would likely be incompatible with the LQ Rules.

Your link to some random individual's Slashdot comment is very appreciated, and hopefully we can move beyond the Internet Explorer vulnerability now. Neither the ITworld article which that Slashdot user was commenting on, or the McAfee blog post which said article links to, provide any account of what happened after Internet Explorer's arbitrary code execution vulnerability was exploited. Once again, if you don't know the answer to the question, that's okay (we're in the same boat), so just sit back and relax while someone who does know chimes in. Thanks.

Thanks, Jim Bengtson. From that article:I wonder if these clients were actually Google employees (and/or the other companies which were attacked) or were they Gmail end-users? I ask because if this is simply the case of some Windows PCs getting owned and their users getting their Gmail passwords lifted then that wouldn't explain all the Google-related media coverage. I remember reading articles that mentioned the target as being certain specific Chinese human rights activists or something of that nature, but doesn't this quote above makes it sound like Google itself was the target?

I suspect the closest we'll come to understanding what happened might be this official statement.

It's starting to sound to me like it was indeed Google employees within the corporate network who inadvertently launched the exploit code. Does it sound that way to you guys?

As far as I know (which is usually not enough...and in any case needs a legal disclaimer that I only know what others have been saying) one of the somewhat confusing things about this case is there seem to have been two disconnected things, and there has been some assumption of a clear and obvious connection of some sort between them.

There was a hack attempt, which as far as anyone in the outside world knows, seems to have been from miscreants who may or may not have been in Chinese Universities. The only thing that has been revealed that connects these to the Chinese Government seems to have been that there seems to have been an attempt to target dissidents, and an attempt to target dissidents seems to be something that might have a value to the Chinese Government, although other interpretations, like straightforward blackmail, are possible.

Google's response, apart from the very immediate 'plug the hole' reaction, seems to involve going back on the hugely controversial deal that they had struck with the Chinese Government to, errr, 'protect' the Chinese people from information that the Government though might be harmful, although the Government has not been all that explicit about whether they thought that the harm in question would occur to the Chinese people or the Chinese government.

The lack of connection between these things seems, at first, confusing. 'Chinese hackers' try to do things which could compromise dissidents, Google responds with an action inimical to the Government.

It seems that the background to this is that Google's market penetration in China hasn't been to Google's normally elevated standards, and, presumably, to their business plan. In particular, this seems to have made it easier for Google to say to themselves that they are not that bothered about the Chinese market, big in total though it may be, and that it certainly it isn't worth compromising to attain, if reputational damage in the rest of the world where Google does do well is the consequence of the terms that they are forced to comply with, in order to be in the market.

Why is everyone suddenly giving legal disclaimers? As long as you have dynamic IPs, it'd be kind of hard to trace you ANYWAY, y'know.
So...
the attack was a stupid Exploit Bug in Adobe Reader hack, nothing mind bendingly original. And here I was thinking rootkits and whatnot.

What I find most worrying was that this attack happening to *Google* gets this much publicity. Surely attacks like this happen everyday, all over the world, to all sorts of companies....? Did Google actually put word about this out themselves? Folks know it's Google, so the security on the server-side'll be *bloody* good, so they're not worried about losing accounts, it's just a way to get the company's name in the papers....? Or am I being too skeptical? :)

Google was only one of dozens of companies which were hit. Also, when Google describes the attack as "highly sophisticated", they are referring to the attack as a whole, not the exploit you're making reference to. If you read this article you may get an idea of why the attack has been described by Google and others in that manner. BTW, keep in mind that we may never learn the true extent of what took place inside Google's corporate network during the time they were breached.