Operation Aurora – History Repeats

There’s been a lot in the news about “Operation Aurora”. In a nutshell, hackers used a zero day IE exploit to gain access to computers and accounts they should not have access to. There are lots of fingers being pointed at the Chinese and implications the government may have been involved. The targets included Google and several large corporations. What I found really interesting was a comment in a blog by George Kurtz of McAfee http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/.

Kurtz says “All I can say is wow. The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”

The world has changed very, very little. Computers are merely tools. The crimes remain largely the same. Remember Watergate? I’m sure some of you are too young to remember. This was a case of state sponsored intellectual property theft. The president of a country tried to cover up his political party’s burglary of a rival party. The same president is recorded on tape as telling his henchmen to implicate Bobby Kennedy in the shooting of George Wallace… manipulate the media for political misinformation. Fast forward to about 2005 and recall the story of 18 people being arrested in an espionage case. http://www.washingtonpost.com/wp-dyn/content/article/2005/05/30/AR2005053000486.html. A trojan horse program was used to help spy on competitors.

At http://www.spiegel.de/international/germany/0,1518,550212,00.html you can read of allegations that a German agency spied on the Afghan ministry.

In fact at http://www.sans.org/reading_room/whitepapers/engineering/corporate_espionage_201_512 you can read all about corporate espionage. According to SANS, by 1999 (11 years ago) it was estimated that companies had lost more than 45 billion dollars due to theft of trade secrets and other corporate data.

It really isn’t a new world at all. Yes attacks have gotten more sophisticated, but that comes with more sophisticated software and time to learn how to more fully exploit the capabilities of new tools. The underlying crime is timeless.

No doubt there will be a lot more press about operation Aurora, but the real call to action for most users is to use the current version of your web browser and apply security patches for the operating system and applications. The Aurora hackers didn’t need to use an IE zero day, they could have used similar flaws in lots of other software, including many Adobe products.

If you don’t use Microsoft’s Automatic updates and you use Windows, there’s a new patch to fix the “Aurora” vulnerability. If you do use Automatic updates it might be a good idea to go to Microsoft Update and make sure that your system is fully patched. Often times when computers get infected the automatic updates are silently disabled.

For more on the vulnerability, etc. you might check out Tasneem's blog from yesterday http://www.eset.com/threat-center/blog/2010/01/20/r-i-p-ie-6

Randy Abrams
Director of Technical Education