Operation Aurora
Encyclopedia
Operation Aurora was a cyber attack which began in mid-2009 and continued through December 2009. The attack was first publicly disclosed by Google
on January 12, 2010, in a blog
post. In the blog post, Google said the attack originated in China
. The attacks were both sophisticated and well resourced and consistent with an advanced persistent threat
attack.
The attack has been aimed at dozens of other organizations, of which Adobe Systems
, Juniper Networks
and Rackspace
have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec
, Northrop Grumman
, Morgan Stanley
and Dow Chemical were also among the targets.
As a result of the attack, Google stated in its blog that it plans to operate a completely uncensored
version of its search engine in China "within the law, if at all", and acknowledged that if this is not possible it may leave China and close its Chinese offices. Official Chinese media responded stating that the incident is part of a U.S. government conspiracy.
The attack was named "Operation Aurora" by Dmitri Alperovitch, Vice President of Threat Research at cyber security company McAfee
. Research by McAfee Labs discovered that “Aurora” was part of the file path
on the attacker’s machine that was included in two of the malware
binaries
McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation," McAfee Chief Technology Officer George Kurtz said in a blog post.
According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high tech, security and defense contractor companies. “[ The SCM
s] were wide open,” says Alperovitch. “No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting."
Hillary Clinton issued a brief statement condemning the attacks and requesting a response from China.
On January 13, 2010, the news agency
All Headline News
reported that the United States Congress
plans to investigate Google's allegations that the Chinese government used the company's service to spy on human rights activists.
In Beijing
, visitors left flowers outside of Google's office. However, these were later removed, with a Chinese security guard stating that this was an "illegal flower tribute
". The Chinese government has yet to issue a formal response, although an anonymous official stated that China is seeking more information on Google's intentions.
had been stolen. It suggested that the attackers were interested in accessing Gmail
accounts of Chinese dissidents. According to the Financial Times
, two accounts used by Ai Weiwei
had been hacked, their contents read and copied; his bank accounts were investigated by state security agents who claimed he was under investigation for "unspecified suspected crimes". However, the attackers were only able to view details on two accounts and those details were limited to things such as the subject line and the accounts' creation date.
Security experts immediately noted the sophistication of the attack. Two days after the attack became public, McAfee reported that the attackers had exploited purported zero-day vulnerabilities (unfixed and previously unknown to the target system developers) in Internet Explorer
and dubbed the attack "Operation Aurora". A week after the report by McAfee, Microsoft
issued a fix for the issue, and admitted that they had known about the security hole used since September. Additional vulnerabilities were found in Perforce
, the source code revision software used by Google to manage their source code.
VeriSign
's iDefense Labs claimed that the attacks were perpetrated by "agents of the Chinese state or proxies thereof".
According to a diplomatic cable
from the U.S. Embassy in Beijing, a Chinese source reported that the Chinese Politburo
directed the intrusion into Google's computer systems. The cable suggested that the hacking was part of a coordinated campaign executed by "government operatives, public security experts and Internet outlaws recruited by the Chinese government." The report suggested that it was part of an ongoing campaign in which hackers have "broken into American government
computers and those of Western allies, the Dalai Lama
and American businesses since 2002." According to The Guardian
's reporting on the leak, the attacks were "orchestrated by a senior member of the Politburo who typed his own name into the global version of the search engine and found articles criticising him personally."
Once a victim's system was compromised, a backdoor connection that masqueraded as an SSL
connection made connections to command and control
servers running in Illinois, Texas, and Taiwan, including machines that were running under stolen Rackspace
customer accounts. The victim's machine then began exploring the protected corporate intranet that it was a part of, searching for other vulnerable systems as well as sources of intellectual property, specifically the contents of source code repositories
.
The attacks were thought to have definitively ended on Jan 4 when the command and control servers were taken down, although it is not known at this point whether or not the attackers intentionally shut them down. However, the attacks were still occurring as of February 2010.
In an advisory on January 14, 2010, Microsoft said that attackers targeting Google and other U.S. companies used software that exploits a hole in Internet Explorer. The vulnerability affects Internet Explorer versions 6, 7, and 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4.
The Internet Explorer exploit code used in the attack has been released into the public domain, and has been incorporated into the Metasploit Framework
penetration testing tool. A copy of the exploit was uploaded to Wepawet, a service for detecting and analyzing web-based malware operated by the computer security group at the University of California, Santa Barbara. "The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," said George Kurtz, CTO of McAfee, of the attack. "The now public computer code may help cyber criminals craft attacks that use the vulnerability to compromise Windows systems."
Security company Websense
said it identified "limited public use" of the unpatched IE vulnerability in drive-by attacks against users who strayed onto malicious Web sites. According to Websense, the attack code it spotted is the same as the exploit that went public last week. "Internet Explorer users currently face a real and present danger due to the public disclosure of the vulnerability and release of attack code, increasing the possibility of widespread attacks," said George Kurtz, chief technology officer of McAfee, in a blog update. Confirming this speculation, Websense Security Labs identified additional sites using the exploit on January 19. According to reports from Ahnlab, the second URL was spread through the Instant Messenger network Misslee Messenger, a popular IM client in South Korea.
Researchers have created attack code that exploits the vulnerability in Internet Explorer 7 (IE7) as well as in the newest IE8—even when Microsoft's recommended defensive measure (Data Execution Prevention
(DEP)) is turned on. This piece of information proves that IE6 isn't the only version that is vulnerable and that upgrading to IE7 or IE8 could prove to be futile especially if one is running XP or only upgrading to IE7. According to Dino Dai Zovi, a security vulnerability researcher, "even the newest IE8 isn't safe from attack if it's running on Windows XP Service Pack 2 (SP2) or earlier, or on Windows Vista RTM (release to manufacturing), the version Microsoft shipped in January 2007."
Microsoft admitted that the security hole used had been known to them since September. Work on an update was prioritized and on Thursday, January 21, 2010, Microsoft released a security patch aiming to counter this weakness, the published exploits based on it and a number of other privately reported vulnerabilities. They did not state if any of the latter had been used or published by exploiters or whether these had any particular relation to the Aurora operation, but the entire cumulative update was termed critical for most versions of Windows, including Windows 7.
Security researchers have continued to investigate the attacks. HBGary
, a security firm, recently released a report in which they claim to have found some significant markers that might help identify the code developer. The firm also said that the code was Chinese language based but could not be specifically tied to any government entity.
On February 19, 2010, a security expert investigating the cyber-attack on Google, has claimed that the people behind the attack were also responsible for the cyber-attacks made on several Fortune 100 companies in the past one and a half years. They have also tracked the attack back to its point of origin, which seems to be two Chinese schools, Shanghai Jiao Tong University
and Lanxiang Vocational School. As highlighted by The New York Times, both of these schools have ties with the Chinese search engine Baidu
, a rival of Google China.
In March 2010, Symantec
, which was helping investigate the hacking for Google
, identified Shaoxing
as the source of 21.3% of all (12 billion) malicious emails sent throughout the world.
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
on January 12, 2010, in a blog
Blog
A blog is a type of website or part of a website supposed to be updated with new content from time to time. Blogs are usually maintained by an individual with regular entries of commentary, descriptions of events, or other material such as graphics or video. Entries are commonly displayed in...
post. In the blog post, Google said the attack originated in China
China
Chinese civilization may refer to:* China for more general discussion of the country.* Chinese culture* Greater China, the transnational community of ethnic Chinese.* History of China* Sinosphere, the area historically affected by Chinese culture...
. The attacks were both sophisticated and well resourced and consistent with an advanced persistent threat
Advanced Persistent Threat
Advanced persistent threat usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage, but applies...
attack.
The attack has been aimed at dozens of other organizations, of which Adobe Systems
Adobe Systems
Adobe Systems Incorporated is an American computer software company founded in 1982 and headquartered in San Jose, California, United States...
, Juniper Networks
Juniper Networks
Juniper Networks is an information technology and computer networking products multinational company, founded in 1996. It is head quartered in Sunnyvale, California, USA. The company designs and sells high-performance Internet Protocol network products and services...
and Rackspace
Rackspace
Rackspace US, Inc. is an IT hosting company based in San Antonio, Texas. The company also has offices in Australia, the United Kingdom, The Netherlands and Hong Kong, and data centers operating in Texas, Illinois, Virginia, the United Kingdom, and Hong Kong in late 2008...
have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
, Northrop Grumman
Northrop Grumman
Northrop Grumman Corporation is an American global aerospace and defense technology company formed by the 1994 purchase of Grumman by Northrop. The company was the fourth-largest defense contractor in the world as of 2010, and the largest builder of naval vessels. Northrop Grumman employs over...
, Morgan Stanley
Morgan Stanley
Morgan Stanley is a global financial services firm headquartered in New York City serving a diversified group of corporations, governments, financial institutions, and individuals. Morgan Stanley also operates in 36 countries around the world, with over 600 offices and a workforce of over 60,000....
and Dow Chemical were also among the targets.
As a result of the attack, Google stated in its blog that it plans to operate a completely uncensored
Google and censorship
Google and censorship may refer to:*Censorship by Google, willful censorship by Google of content within its services and websites*Censorship of Google, blocking or filtering of Google services or websites by outside entities, notably in the past and present policies of Internet censorship in the...
version of its search engine in China "within the law, if at all", and acknowledged that if this is not possible it may leave China and close its Chinese offices. Official Chinese media responded stating that the incident is part of a U.S. government conspiracy.
The attack was named "Operation Aurora" by Dmitri Alperovitch, Vice President of Threat Research at cyber security company McAfee
McAfee
McAfee, Inc. is a computer security company headquartered in Santa Clara, California, USA. It markets software and services to home users, businesses and the public sector. On August 19, 2010, electronics company Intel agreed to purchase McAfee for $7.68 billion...
. Research by McAfee Labs discovered that “Aurora” was part of the file path
Path (computing)
A path, the general form of a filename or of a directory name, specifies a unique location in a file system. A path points to a file system location by following the directory tree hierarchy expressed in a string of characters in which path components, separated by a delimiting character, represent...
on the attacker’s machine that was included in two of the malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
binaries
Binary file
A binary file is a computer file which may contain any type of data, encoded in binary form for computer storage and processing purposes; for example, computer document files containing formatted text...
McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation," McAfee Chief Technology Officer George Kurtz said in a blog post.
According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high tech, security and defense contractor companies. “
Software configuration management
In software engineering, software configuration management is the task of tracking and controlling changes in the software. Configuration management practices include revision control and the establishment of baselines....
s
History
On January 12, 2010, Google revealed on its blog that it had been the victim of a cyber attack. The company said the attack occurred in mid-December and originated from China. Google stated that over 20 other companies had been attacked; other sources have since cited that more than 34 organizations were targeted. As a result of the attack, Google said it was reviewing its business in China. On the same day, United States Secretary of StateUnited States Secretary of State
The United States Secretary of State is the head of the United States Department of State, concerned with foreign affairs. The Secretary is a member of the Cabinet and the highest-ranking cabinet secretary both in line of succession and order of precedence...
Hillary Clinton issued a brief statement condemning the attacks and requesting a response from China.
On January 13, 2010, the news agency
News agency
A news agency is an organization of journalists established to supply news reports to news organizations: newspapers, magazines, and radio and television broadcasters. Such an agency may also be referred to as a wire service, newswire or news service.-History:The oldest news agency is Agence...
All Headline News
All Headline News
All Headline News is a United States based news agency or wire service. Launched in 2003 it has grown to become a major worldwide online news wire service, providing news and other content, to websites, digital signage, and other publishers who pay a fee for the service.The company's daily news...
reported that the United States Congress
United States Congress
The United States Congress is the bicameral legislature of the federal government of the United States, consisting of the Senate and the House of Representatives. The Congress meets in the United States Capitol in Washington, D.C....
plans to investigate Google's allegations that the Chinese government used the company's service to spy on human rights activists.
In Beijing
Beijing
Beijing , also known as Peking , is the capital of the People's Republic of China and one of the most populous cities in the world, with a population of 19,612,368 as of 2010. The city is the country's political, cultural, and educational center, and home to the headquarters for most of China's...
, visitors left flowers outside of Google's office. However, these were later removed, with a Chinese security guard stating that this was an "illegal flower tribute
Illegal flower tribute
"Illegal flower tribute" is an Internet meme that emerged after Google's announcement of a possible exit from Mainland China in January 2010. On , Google posted an article on its official Blogspot blog, entitled "A New Approach to China", in which it disclosed its decision to end compliance with...
". The Chinese government has yet to issue a formal response, although an anonymous official stated that China is seeking more information on Google's intentions.
Attack analysis
In its blog posting, Google stated that some of its intellectual propertyIntellectual property
Intellectual property is a term referring to a number of distinct types of creations of the mind for which a set of exclusive rights are recognized—and the corresponding fields of law...
had been stolen. It suggested that the attackers were interested in accessing Gmail
Gmail
Gmail is a free, advertising-supported email service provided by Google. Users may access Gmail as secure webmail, as well via POP3 or IMAP protocols. Gmail was launched as an invitation-only beta release on April 1, 2004 and it became available to the general public on February 7, 2007, though...
accounts of Chinese dissidents. According to the Financial Times
Financial Times
The Financial Times is an international business newspaper. It is a morning daily newspaper published in London and printed in 24 cities around the world. Its primary rival is the Wall Street Journal, published in New York City....
, two accounts used by Ai Weiwei
Ai Weiwei
Ai Weiwei is a Chinese contemporary artist, active in sculpture, installation, architecture, curating, photography, film, and social, political and cultural criticism. Ai collaborated with Swiss architects Herzog & de Meuron as the artistic consultant on the Beijing National Stadium for the 2008...
had been hacked, their contents read and copied; his bank accounts were investigated by state security agents who claimed he was under investigation for "unspecified suspected crimes". However, the attackers were only able to view details on two accounts and those details were limited to things such as the subject line and the accounts' creation date.
Security experts immediately noted the sophistication of the attack. Two days after the attack became public, McAfee reported that the attackers had exploited purported zero-day vulnerabilities (unfixed and previously unknown to the target system developers) in Internet Explorer
Internet Explorer
Windows Internet Explorer is a series of graphical web browsers developed by Microsoft and included as part of the Microsoft Windows line of operating systems, starting in 1995. It was first released as part of the add-on package Plus! for Windows 95 that year...
and dubbed the attack "Operation Aurora". A week after the report by McAfee, Microsoft
Microsoft
Microsoft Corporation is an American public multinational corporation headquartered in Redmond, Washington, USA that develops, manufactures, licenses, and supports a wide range of products and services predominantly related to computing through its various product divisions...
issued a fix for the issue, and admitted that they had known about the security hole used since September. Additional vulnerabilities were found in Perforce
Perforce
Perforce is a commercial, proprietary, centralized revision control system developed by Perforce Software, Inc.-Architecture:Perforce is a client/server system.The server manages a central database and a master repository of file versions....
, the source code revision software used by Google to manage their source code.
VeriSign
VeriSign
Verisign, Inc. is an American company based in Dulles, Virginia that operates a diverse array of network infrastructure, including two of the Internet's thirteen root nameservers, the authoritative registry for the .com, .net, and .name generic top-level domains and the .cc and .tv country-code...
's iDefense Labs claimed that the attacks were perpetrated by "agents of the Chinese state or proxies thereof".
According to a diplomatic cable
United States diplomatic cables leak
The United States diplomatic cables leak, widely known as Cablegate, began in February 2010 when WikiLeaks—a non-profit organization that publishes submissions from anonymous whistleblowers—began releasing classified cables that had been sent to the U.S. State Department by 274 of its consulates,...
from the U.S. Embassy in Beijing, a Chinese source reported that the Chinese Politburo
Politburo of the Communist Party of China
The Central Politburo of the Communist Party of China or Political bureau of the CPC Central Committee , formerly as Central Bureau before 1927, is a group of 24 people who oversee the Communist Party of China...
directed the intrusion into Google's computer systems. The cable suggested that the hacking was part of a coordinated campaign executed by "government operatives, public security experts and Internet outlaws recruited by the Chinese government." The report suggested that it was part of an ongoing campaign in which hackers have "broken into American government
Federal government of the United States
The federal government of the United States is the national government of the constitutional republic of fifty states that is the United States of America. The federal government comprises three distinct branches of government: a legislative, an executive and a judiciary. These branches and...
computers and those of Western allies, the Dalai Lama
Dalai Lama
The Dalai Lama is a high lama in the Gelug or "Yellow Hat" branch of Tibetan Buddhism. The name is a combination of the Mongolian word далай meaning "Ocean" and the Tibetan word bla-ma meaning "teacher"...
and American businesses since 2002." According to The Guardian
The Guardian
The Guardian, formerly known as The Manchester Guardian , is a British national daily newspaper in the Berliner format...
's reporting on the leak, the attacks were "orchestrated by a senior member of the Politburo who typed his own name into the global version of the search engine and found articles criticising him personally."
Once a victim's system was compromised, a backdoor connection that masqueraded as an SSL
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
connection made connections to command and control
Botnet
A botnet is a collection of compromised computers connected to the Internet. Termed "bots," they are generally used for malicious purposes. When a computer becomes compromised, it becomes a part of a botnet...
servers running in Illinois, Texas, and Taiwan, including machines that were running under stolen Rackspace
Rackspace
Rackspace US, Inc. is an IT hosting company based in San Antonio, Texas. The company also has offices in Australia, the United Kingdom, The Netherlands and Hong Kong, and data centers operating in Texas, Illinois, Virginia, the United Kingdom, and Hong Kong in late 2008...
customer accounts. The victim's machine then began exploring the protected corporate intranet that it was a part of, searching for other vulnerable systems as well as sources of intellectual property, specifically the contents of source code repositories
Revision control
Revision control, also known as version control and source control , is the management of changes to documents, programs, and other information stored as computer files. It is most commonly used in software development, where a team of people may change the same files...
.
The attacks were thought to have definitively ended on Jan 4 when the command and control servers were taken down, although it is not known at this point whether or not the attackers intentionally shut them down. However, the attacks were still occurring as of February 2010.
Response and aftermath
The German, Australian, and French governments publicly issued warnings to users of Internet Explorer after the attack, advising them to use alternative browsers at least until a fix for the security hole was made. The German, Australian, and French governments consider all versions of Internet Explorer vulnerable or potentially vulnerable.In an advisory on January 14, 2010, Microsoft said that attackers targeting Google and other U.S. companies used software that exploits a hole in Internet Explorer. The vulnerability affects Internet Explorer versions 6, 7, and 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4.
The Internet Explorer exploit code used in the attack has been released into the public domain, and has been incorporated into the Metasploit Framework
Metasploit Project
The Metasploit Project is an open-source computer security project which provides information about security vulnerabilities and aids in penetration testing and IDS signature development....
penetration testing tool. A copy of the exploit was uploaded to Wepawet, a service for detecting and analyzing web-based malware operated by the computer security group at the University of California, Santa Barbara. "The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability," said George Kurtz, CTO of McAfee, of the attack. "The now public computer code may help cyber criminals craft attacks that use the vulnerability to compromise Windows systems."
Security company Websense
Websense
Websense is a San Diego-based company specializing in Web security gateway software. It enables clients to block access to chosen categories of websites.-History:Websense was founded by Phil Trubey in 1994...
said it identified "limited public use" of the unpatched IE vulnerability in drive-by attacks against users who strayed onto malicious Web sites. According to Websense, the attack code it spotted is the same as the exploit that went public last week. "Internet Explorer users currently face a real and present danger due to the public disclosure of the vulnerability and release of attack code, increasing the possibility of widespread attacks," said George Kurtz, chief technology officer of McAfee, in a blog update. Confirming this speculation, Websense Security Labs identified additional sites using the exploit on January 19. According to reports from Ahnlab, the second URL was spread through the Instant Messenger network Misslee Messenger, a popular IM client in South Korea.
Researchers have created attack code that exploits the vulnerability in Internet Explorer 7 (IE7) as well as in the newest IE8—even when Microsoft's recommended defensive measure (Data Execution Prevention
Data Execution Prevention
Data Execution Prevention is a security feature included in modern operating systems.It is known to be available in Linux, Mac OS X, and Microsoft Windows operating systems and is intended to prevent an application or service from executing code from a non-executable memory region. This helps...
(DEP)) is turned on. This piece of information proves that IE6 isn't the only version that is vulnerable and that upgrading to IE7 or IE8 could prove to be futile especially if one is running XP or only upgrading to IE7. According to Dino Dai Zovi, a security vulnerability researcher, "even the newest IE8 isn't safe from attack if it's running on Windows XP Service Pack 2 (SP2) or earlier, or on Windows Vista RTM (release to manufacturing), the version Microsoft shipped in January 2007."
Microsoft admitted that the security hole used had been known to them since September. Work on an update was prioritized and on Thursday, January 21, 2010, Microsoft released a security patch aiming to counter this weakness, the published exploits based on it and a number of other privately reported vulnerabilities. They did not state if any of the latter had been used or published by exploiters or whether these had any particular relation to the Aurora operation, but the entire cumulative update was termed critical for most versions of Windows, including Windows 7.
Security researchers have continued to investigate the attacks. HBGary
HBGary
HBGary is a technology security company. Two distinct but affiliated firms carry the name: HBGary Federal, which sells its products to the US Federal Government, and HB Gary, Inc. Its other clients include information assurance companies, computer emergency response teams, and computer forensic...
, a security firm, recently released a report in which they claim to have found some significant markers that might help identify the code developer. The firm also said that the code was Chinese language based but could not be specifically tied to any government entity.
On February 19, 2010, a security expert investigating the cyber-attack on Google, has claimed that the people behind the attack were also responsible for the cyber-attacks made on several Fortune 100 companies in the past one and a half years. They have also tracked the attack back to its point of origin, which seems to be two Chinese schools, Shanghai Jiao Tong University
Shanghai Jiao Tong University
Shanghai Jiao Tong University or SJTU), sometimes referred to as Shanghai Jiaotong University , is a top public research university located in Shanghai, China. Shanghai Jiao Tong University is known as one of the oldest and most prestigious universities in China...
and Lanxiang Vocational School. As highlighted by The New York Times, both of these schools have ties with the Chinese search engine Baidu
Baidu
Baidu, Inc. , simply known as Baidu and incorporated on January 18, 2000, is a Chinese web services company headquartered in the Baidu Campus in Haidian District, Beijing, People's Republic of China....
, a rival of Google China.
In March 2010, Symantec
Symantec
Symantec Corporation is the largest maker of security software for computers. The company is headquartered in Mountain View, California, and is a Fortune 500 company and a member of the S&P 500 stock market index.-History:...
, which was helping investigate the hacking for Google
Google
Google Inc. is an American multinational public corporation invested in Internet search, cloud computing, and advertising technologies. Google hosts and develops a number of Internet-based services and products, and generates profit primarily from advertising through its AdWords program...
, identified Shaoxing
Shaoxing
Shaoxing is a prefecture-level city in northeastern Zhejiang province, People's Republic of China. Located on the south bank of the Qiantang River estuary, it borders Ningbo to the east, Taizhou to the southeast, Jinhua to the southwest, and Hangzhou to the west. It was once known as "越"...
as the source of 21.3% of all (12 billion) malicious emails sent throughout the world.
See also
- Google ChinaGoogle ChinaGoogle China is a subsidiary of Google, Inc., the world's largest Internet search engine company. Google China ranks as the number 2 search engine in the People's Republic of China, after Baidu...
- Illegal flower tributeIllegal flower tribute"Illegal flower tribute" is an Internet meme that emerged after Google's announcement of a possible exit from Mainland China in January 2010. On , Google posted an article on its official Blogspot blog, entitled "A New Approach to China", in which it disclosed its decision to end compliance with...
- Honker Union
- Cyber-warfareCyber-warfareCyberwarfare refers to politically motivated hacking to conduct sabotage and espionage. It is a form of information warfare sometimes seen as analogous to conventional warfare although this analogy is controversial for both its accuracy and its political motivation.Government security expert...
- Titan RainTitan RainTitan Rain was the designation given by the federal government of the United States to a series of coordinated attacks on American computer systems since 2003...
- Chinese intelligence activity in other countriesChinese intelligence activity in other countriesChinese intelligence is believed to be highly active outside of the People's Republic of China. China is the largest intelligence collector in the Netherlands, as well as in several other EU countries, and one of the top five intelligence collectors in the United States...
- GhostNetGhostNetGhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an Advanced Persistent Threat...
- Economic and Industrial EspionageIndustrial espionageIndustrial espionage, economic espionage or corporate espionage is a form of espionage conducted for commercial purposes instead of purely national security purposes...
- Chinese Intelligence Operations in the United StatesChinese intelligence operations in the United StatesThe People's Republic of China has and is currently using a widespread effort to acquire U.S. military technology and classified information. To fulfill its long-term military development goals, the PRC uses a variety of methods to obtain U.S. technology; including espionage, the exploitation of...
- VulcanbotVulcanbotVulcanbot is the name of a botnet predominantly spread in Vietnam. The botnet began to spread after the website of the Vietnamese Professionals Society was hacked and the legitimate Vietnamese keyboard driver hosted on the site was replaced with backdoored version...
External links
- Forget Blaming Microsoft or Google – Blame Yourself AEON
- Google China insiders may have helped with attack news.cnet.com
- Operation Aurora – Beginning Of The Age of Ultra-Sophisticated Hack Attacks! Sporkings.com January 18, 2010
- In Google We Trust Why the company's standoff with China might change the future of the Internet. Rafal Rohozinski interviewed by Jessica Ramirez of Newsweek on 2010.1.29
- Recent Cyber Attacks – More than what meets the eye? Sporkings.com February 19, 2010
- ‘Google’ Hackers Had Ability to Alter Source Code Wired.com March 3, 2010
- 'Aurora' code circulated for years on English sites Where's the China connection?
- Google was brought down by Chinese hairdressers Curl up and dye westerners
- Gross, Michael Joseph, "Enter the Cyber-dragon", Vanity FairVanity Fair (magazine)Vanity Fair is a magazine of pop culture, fashion, and current affairs published by Condé Nast. The present Vanity Fair has been published since 1983 and there have been editions for four European countries as well as the U.S. edition. This revived the title which had ceased publication in 1935...
, September 2011.