A drama of world-wide proportions ( that wouldn’t out of place in a Hollywood blockbuster ) has been playing out over the last week concerning Google’s operations in China. It all started with denial of service attacks against Google’s Gmail service in late December last year ( and attacks against about about 30 other US companies ). VeriSign’s iDefense security lab published a report with technical details about the recent cyberattack which iDefense unambiguously says originated from China.
iDefense says malicious PDFs were crafted to deploy the malware that was used in the attack. Adobe disputed that claim and issued a statement saying that they have found no evidence that their technology was used as an attack vector. This is supported by independent research conducted by security firm McAfee, which has found evidence that a vulnerability in Internet Explorer—but not Acrobat Reader—was exploited in the attack. iDefense later retracted its claim about PDFs, but stands behind the rest of its report.
In a stunning move on last Thursday, Microsoft officials acknowledged that the widely publicized attacks on Google and perhaps another 20 or more corporations were helped by a previously unknown zero-day vulnerability in most versions of its popular browser. Affected systems include IE 6, 7, and 8 running on Windows 2000 SP4 through XP, Windows Server, Vista, and Windows 7. It also includes both 32 and 64-bit releases of those operating systems.
The United States said on Friday that it will issue a formal diplomatic note to China expressing concern about cyber attacks that hit Google and dozens of other companies, and that researchers say originated in that country. The attack on Google targeted its intellectual property and the Gmail accounts of human rights activists protesting Chinese policies which have always been questionable from a humanitarian and political point of view.
Google have, as a result of the issues of operating in China, indicated the possibility of ceasing their operations in that country. Considering that they do not derive a large proportion of income in China, this will not necessarily hurt them however it will be a big blow against personal rights, and freedom of speech.
In an unprecedented move, the German government has warned against using Internet Explorer. The warning from the Federal Office for Information Security comes after Microsoft admitted IE was the weak link in recent attacks on Google’s systems.