By Kim Zetter
February 3, 2010
Until now we've only known that the attackers got in through a
vulnerability in Internet Explorer and that they obtained intellectual
property and access to the Gmail accounts of two human rights activists
whose work revolves around China. We also know a few details about how
the hackers siphoned the stolen data, which went to IP addresses in
Taiwan. About 34 mostly undisclosed companies were breached.
Now a leading computer forensic firm is providing the closest look so
far at the nature of the attacks, and attackers, that struck Google and
others. The report never mentions Google by name, or any other
companies, but focuses on information gathered from hundreds of forensic
investigations the firm has conducted that are identical to what we know
about the Google hack.
What the information indicates is that the attack that hit Google is
identical to publicly undisclosed attacks that have quietly plagued
thousands of other U.S. companies and government agencies since 2002 and
are rapidly growing. They represent a sea change from the kinds of
attacks that have commonly hit networks and made headlines.
"The scope of this is much larger than anybody has every conveyed," says
Kevin Mandia, CEO and president of Virginia-based computer security and
forensic firm Mandiant. "There [are] not 50 companies compromised. There
are thousands of companies compromised. Actively, right now."
Mandiant released the report last week at a closed-door cybercrime
conference, sponsored by the U.S. Defense Department, in an effort to
make companies aware of the threat.
Did a friend send you this? From now on, be the
first to find out! Subscribe to InfoSec News