Operation Aurora – History Repeats

There’s been a lot in the news about “Operation Aurora”. In a nutshell, hackers used a zero day IE exploit to gain access to computers and accounts they should not have access to. There are lots of fingers being pointed at the Chinese and implications the government may have been involved. The targets included Google and several large corporations. What I found really interesting was a comment in a blog by George Kurtz of McAfee http://siblog.mcafee.com/cto/operation-%E2%80%9Caurora%E2%80%9D-hit-google-others/.

Kurtz says “All I can say is wow. The world has changed. Everyone’s threat model now needs to be adapted to the new reality of these advanced persistent threats.”

The world has changed very, very little. Computers are merely tools. The crimes remain largely the same. Remember Watergate? I’m sure some of you are too young to remember. This was a case of state sponsored intellectual property theft. The president of a country tried to cover up his political party’s burglary of a rival party. The same president is recorded on tape as telling his henchmen to implicate Bobby Kennedy in the shooting of George Wallace… manipulate the media for political misinformation. Fast forward to about 2005 and recall the story of 18 people being arrested in an espionage case. http://www.washingtonpost.com/wp-dyn/content/article/2005/05/30/AR2005053000486.html. A trojan horse program was used to help spy on competitors.

At http://www.spiegel.de/international/germany/0,1518,550212,00.html you can read of allegations that a German agency spied on the Afghan ministry.

In fact at http://www.sans.org/reading_room/whitepapers/engineering/corporate_espionage_201_512 you can read all about corporate espionage. According to SANS, by 1999 (11 years ago) it was estimated that companies had lost more than 45 billion dollars due to theft of trade secrets and other corporate data.

It really isn’t a new world at all. Yes attacks have gotten more sophisticated, but that comes with more sophisticated software and time to learn how to more fully exploit the capabilities of new tools. The underlying crime is timeless.

No doubt there will be a lot more press about operation Aurora, but the real call to action for most users is to use the current version of your web browser and apply security patches for the operating system and applications. The Aurora hackers didn’t need to use an IE zero day, they could have used similar flaws in lots of other software, including many Adobe products.

If you don’t use Microsoft’s Automatic updates and you use Windows, there’s a new patch to fix the “Aurora” vulnerability. If you do use Automatic updates it might be a good idea to go to Microsoft Update and make sure that your system is fully patched. Often times when computers get infected the automatic updates are silently disabled.

For more on the vulnerability, etc. you might check out Tasneem's blog from yesterday http://www.eset.com/threat-center/blog/2010/01/20/r-i-p-ie-6

Randy Abrams
Director of Technical Education

Author , ESET

  • Frank Sowa

    I'm sorry Mr. Abrams. I definitely differ with your broad stroked analysis of Operation Aurora and its impact. Perhaps you've given the dumbed-down social engineers of the planet something to examine in their anthropology classes. Perhaps on that weak level this truly is "more of the same" — a flaw in human morals caused by ambitions that needs to be quelched.

    But, in a synergistically and seamlessly inter-connected networked global society, where critical infrastructure, sensitive information and intellectual properties, and the capabilities to carry out long-term projected war are secured by ones and zeroes — the true ramifications of this most recent cyber attack is earth shattering — and will definitely change the ways we live, work, play, and learn from this point forward. "Computers are no longer just tools" in our society in the 21st Century — that, to me, is a comment by someone who has finally accepted the 1970-1980 paradigm of what a computer is. It's very outdated. But let's get back to the problems associated with the Google attack …
    Let me attempt to illustrate what the real problem is — and will be. Since the times at the beginnings of world history man has always protected himself by erecting perimeters that kept dangers (human and animals) outside "the keep." This allowed the culture inside the keep to feel safe and secure, and for society and social norms to grow. As cities grew, civilians (peasants) would farm and grow outside the keep but remain relatively nearby — so that if threatened, they could secure themselves back inside of the battlements of the keep. The Roman Empire used this fact to their advantage by surrounding a keep and staying their keeping it under siege, and controlling the exterior (as we do prisons) until the battle walls were broken — or until those inside wore down without food and resources, and/or were destroyed by stress and sickness — and surrendered to submission.
    This Roman approach became the essence worldwide of all attacks through to the 21st Century. War theory and tactics were predicated on the fact that there was a front line and battlements that could be disrupted for ultimate victories. Siege towers and catapaults, cannonades and artlllery, charges of the light brigade and calvaries, blitzkreig, subs, battleships, carrier groups, the MAD policy of the sixties, the Cold War, strategic bombers, space-based weaponry, attack helicopters, laser-guided missiles and drones, stealth aircraft, "Shock and Awe," and UAV attacks all designed to focus on destroying perimeter defenses and taking over a territory for gain — and forcing enemies into submission show these approaches evolving and in action through that period. In that time, all war and peace theory — even the U.S. concepts (which were founded in the British Empire) for the projection of war were based on maintaining the safety and security of the keep (the borders) by fighting wars in far-off lands are based on these paradigms of what creates peace, security, and safety in a social order.
    In the private civilian sector, the same rules applied to competition, guerilla marketing, managing risk, financial planning, seizing markets, etc. followed the same paradigms regarding protecting the perimeters, keeping the core aspects of the business safe and secure, keeping intellectual properties safe, etc. That now is changing.
    During the same time, for over 7,000 years, enemies have sought ways to slip through the defenses and "bring down" the keep from the interior through stealth and subterfuge. Spying, propaganda, and infiltration of the civilian ranks were the most common tools. You mention them well in your blog when you mention Watergate, German spying, and corporate spying even via cyber espionage in the 1990's. In business attacks come similarly from the competition.
    Again, the recent cyber attacks alter the most prevalent paradigms here. "The keep" no longer provides safety and security — and thus the billions paid to security companies to secure the perimeter — to secure the core data of the business — has been monies totally wasted. (In computing you can blame the laziness and sloppiness of Microsoft, and those that constantly make their wealth from patching a bad thing for the enterprises they serve. (Even Bill Gates attempted to set security issues at the forefront ten years ago. Microsoft knew the problems but apparently buried them opting instead for greedy pursuits — as do many companies who operate for stakeholder profits — and equate risks and opportunities based on static goals that are wrong and dangerous to the jeweled assets they have.).) The concepts, and the spending of billions monthly to project forces globally is also both losing its luster and can no longer remain a key military strategy as it is becoming increasingly impossible to identify the enemy or establish a position of "the front line." Geopolitics is also taking a back seat,as is the globalized multinational and its cheap offshore labor base — and that will definitely disrupt capitalistic consumption. All are becoming less meaningful in the 21st Century world — causing an identity crisis and increasing social unrest and stress because of new paradigms taking shape like those involving the Google attack.
    Finally, the Aurora attack approach implants constant alterations into governments, businesses, schools, militaries, defense systems, security systems, avionics, energy grids, oil pipelines, internet NOCs, technologies, critical operational infrastructures, and so forth — that are constantly changing, sucking information, and disruptive. Government, the military and/or the private sector can no longer provide safety and security or economic control within the 21st Century society if this continues unabated under almost any of the tried-and-true old paradigms that have managed things since the beginnings of written social history. This is earth-changing — and is just an early iteration of things to come. Perhaps as you said, in this iteration, "all you need is to make sure your system is fully-patched." (I do not agree even with this.)
    But, as a business or organization, it would be ridiculously naive if you didn't start a process today of reconsidering your operational strategies — anticipating that your reliances on products, vendors, mass-production specs, and old industrial age (and earlier) paradigms no longer can maintain sanity in this 21st Century — and that the sophistication of he Aurora attacks mean that you are wasting your time with security patching, and perimeter (firewall, virus-protective, network-protective, directory-protective) countermeasures. There are solutions — but they test one's current comfort levels. Change is transformative, often bloody, and hard. But it is needed for survival.

    • Randy Abrams

      Computers are tools. They are very complex tools that have a huge variety of uses. We are still talking about criminals though and this is a tool that the criminal uses.
      The abilities these tools give us has undeniably and profoundly changed the world, but at the end of the day, the computer is a tool.

      The only thing I see different about operation aurora is the scale, the same fundamental attacks have been i progress for a long time. This is not earth shattering and it is unlikely it will cause any widescale changes very soon.

      If you are going to quote me, then quote what I said. You claimed I said “all you need is to make sure your system is fully-patched.” when I never said that. Patching vulnerabilities is ONE aspect of defense in depth. There is no “all you need to do” solution. I have never claimed that patching alone is sufficient security outside of a few times that I have given exapmples of specific threats that all you had to do was patch and the specific threat could not have exploited the vulnerability. What I did say was “If you do use Automatic updates it might be a good idea to go to Microsoft Update and make sure that your system is fully patched.” Quite different than your misrepresentation of my comment.

      You did say “But, as a business or organization, it would be ridiculously naive if you didn’t start a process today of reconsidering your operational strategies” and I agree, except for many businesses and organizations this should have been happening a long time ago.

  • Yadda

    In this day and age of connected, always-on computers, is it not imperative to put an application-level firewall on every computer (server, client, router, industrial controller,etc)? It sounds like Google and others still do not understand this. Who should be using SSL in a company, to where, from where? We have the technology to guard against these threats but the education level and vendor-driven profits model is creating a dangerous attack environment as sub-standard security software is improperly implemented. Cheers to ESET for providing one of the needed anti-hacker tools on Windows OS.

Follow us

Copyright © 2017 ESET, All Rights Reserved.