Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
Standard view
Full view
of .
Look up keyword
Like this
0 of .
Results for:
No results containing your search query
P. 1
Operation Aurora: Confidentiality compromised

Operation Aurora: Confidentiality compromised

Ratings: (0)|Views: 18|Likes:
Published by David Matchey
Essay on Operation Aurora breach, IE vulnerability, Google.
Essay on Operation Aurora breach, IE vulnerability, Google.

More info:

Published by: David Matchey on Oct 11, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less





Running head: Operation Aurora: Confidentiality compromised1Operation Aurora: Confidentiality compromisedDavid MatcheyUniversity of Maryland University CollegeCSIA301 Section 6381Dr. Hawthorne, Instructor Due October 12, 2011
Running head: Operation Aurora: Confidentiality compromised2In 2009, a year which held the 60
anniversary of the establishment of the People's Republic of China, and the 20
anniversary of the massacre in Tienanmen Square in which several hundred peopledied demonstrating for democracy and human rights, there was a cyber attack that originated in Chinawhose apparent goal was to gain access to the web accounts of human rights activists operating inChina. Before it was all over, however, more than 27 organizations were reported to have been victims,including Google, Yahoo, Adobe Systems and Northrop Grumman, though only a few publiclyconfirmed that they were victims of the attack. It was also found that the aim of the attack was notsolely the gain of user account information, but the theft of valuable intellectual property from thesecompanies and access to the repositories of source code that they managed. From a security standpoint,the attackers would not only have access to a technology firm's trade secrets, but also be able to scanstolen source code for additional vulnerabilities, paving the way for more attacks. While the secrecyemployed by some of the affected companies may influence the actual timeline of the attack, we willevaluate how the attack played out on its most vocal victim, Google, since their announcement wasclosely followed by a response from the firm that had a central role in dealing with the problem.Relying on social engineering to initiate the attack, hackers sent a Google employee in China aninstant message, laced with a link to a malicious website hosted in Taiwan, using Microsoft InstantMessenger. When the cooperative employee opened the link in their web browser, the website'smalicious JavaScript targeted a zero day vulnerability in Microsoft Internet Explorer, automaticallyinstalling malware which was disguised as an image file. A backdoor was opened to the attacker'sservers in Taiwan, allowing the execution of remote code. This trojan malware was then designed to place more malicious code on the compromised computer, and not only give the attackers access to protected data, but even view a live desktop feed of the infected host. It was not long before thecomputers of software developers at Google headquarters in Mountain View, California had their computers infected as well, probably through further social engineering methods where specific users
Running head: Operation Aurora: Confidentiality compromised3were targeted and sent the same or similar links in e-mails or instant messages from trusted sources.Google disclosed to the public that they had been victims of this attack on January 12, 2010. McAfeeLabs, who identified the vulnerability in Microsoft Internet Explorer two days later, named the attack “Operation Aurora” as it was found during investigation of the malicious code that “Aurora” was likelythe attacker's name for the operation, since the code referenced the name as part of the folder structureof the system used to conduct the attack.On a basic level, Operation Aurora is an example of the violation of the security principle of confidentiality. Clearly, those who did not have the authority to access protected data did gain access.On a deeper level, however, the attack highlights some of the common problems with the managementof authentic user accounts. By default, these users are granted more privileges than is practical, as wecan see happened with the Google employee in China who received the laced message. In order for theattack to work, the compromised user account would have had to have sufficient privileges on thatcomputer so that the malware could change system files and operate undetected. In this vein of confidentiality, a weakness is exposed in the characteristics of a valid user account. Within a network of interconnected clients, all having sufficient privileges to make system-wide changes, there is adomino effect once the right host has been compromised. In the case of Operation Aurora, once a hosthas been compromised, the attacker can view any information to which the authorized user has access.Given sufficient privileges by the infected host, the attacker can then choose to violate the next security principle: integrity.Integrity is less cut and dry than confidentiality in the case of Operation Aurora. Obviously, theintegrity of the infected systems has been compromised. System files added by the malware and anyother changes it made have modified the system in an unauthorized way. The door is also wide openfor modification by an unauthorized user, but in the case of industrial espionage, it may be moreadvantageous for the attacker to maintain a degree of undetectability. This means that it is less likely

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->