Hackers Accessed Sensitive Database in 2010 Spear Phishing Attack on Google

by on | Leave a comment
Filed under Industry News, Security 101 and tagged , , , .

restricted access

As reported by the Washington Post, current and former US government officials, speaking on condition of anonymity, have acknowledged that Chinese hackers who penetrated Google’s network security in 2010 via a sophisticated Spear Phishing attack also accessed a sensitive database containing vast amounts of information regarding surveillance targets, apparently in search of Chinese intelligence officers being tracked in the US.

While US officials did not reveal how much sensitive information was exposed, the acknowledgement is likely to reignite the legal battle between Google and the Justice Department over whether the FBI can send in its forensic experts to investigate the attack. Google, which did not publicly acknowledge the sensitive database breach in 2010 and has refused the FBI access to its information, declined to comment on the Washington Post report, as did the FBI.

The news highlights a growing concern in the US over Chinese hacking campaigns, which go back to the early 2000s. According to analysts and experts, Chinese adversaries have systematically targeted and stolen sensitive, proprietary data from defense, tech, aerospace, oil and gas companies. It’s a massive magnitude of larceny that National Security Agency (NSA) director Gen. Keith B. Alexander has dubbed the “greatest transfer of wealth in history.”

For their part, the Chinese government is steadfastly rejecting any involvement in the cyber crime. In fact, they’ve noted that many malware attacks targeting Chinese victims are launched from US-based servers.

Regardless of how this particular story unfolds — and it’s far, far from over — experts agree that this is yet another example of how the Internet’s infrastructure of routers and servers is a haven for espionage and counter-espionage.

“[These kinds of intrusions serve as] a wake-up call for the government that the overall security and effectiveness of lawful interception and undercover operations is dependent in large part on security standards in the private sector,” commented Michael M. DuBose, the former chief of the Justice Department’s Computer Crime and Intellectual Property Section, in an interview with the Washington Post’s Ellen Nakashima. “Those clearly need strengthening.”

To learn more about this article or to see if you are infected sign up for our free service.

Advanced persistent threats white paper

 

Creative Commons photo courtesy of Eric Fischer’s Flickr photostream.