Operation Aurora and Asymetric Warfare

Although the news about the events quickly died down, Chinese government hacking attacks on Google and other companies is an important moment in internet history that is not getting the analysis it deserves. First, a quick summary of what happened from McAfee's web site:

McAfee Labs identified a zero-day vulnerability in Microsoft Internet Explorer that was used as an entry point for “Operation Aurora” to exploit Google and at least 30 other companies. Microsoft has issued a security advisory and McAfee is working closely with them on this matter. “Operation Aurora” was a coordinated attack which included a piece of computer code that exploits a vulnerability in Internet Explorer to gain access to computer systems. This exploit is then extended to download and activate malware within the systems. The attack, which was initiated surreptitiously when targeted users accessed a malicious Web page (likely because they believed it to be reputable), ultimately connected those computer systems to a remote server. That connection was used to steal company intellectual property and, according to Google, additionally gain access to user accounts.

I included McAfee's self promoting language because they deserve some credit for their work. Notice that McAffee does not explicitly call out the Chinese government, but I have no such qualms.

Google's response has been masterful. But, first, you have to understand that the success of the Chinese attack threatens the very core of Google's business model. Google can only grow by persuading more consumers to put their data on line. Obviously, we must believe it is safe to do so, specifically, that privacy, integrity and non-repudiation of our data can be assured. The success of the Chinese exploit threatens that model. In all the hoopla over cloud computing, in which Google is a leader due to their massive lead in understanding commodity server technology, the need for security remains the cloud darkening the silver lining of the promise of vast amounts of cheap compute capacity.

For Google to fight back traditionally, by going to other national governments to complain, will hurt not only its brand name, but the trust in the very product at the core of its business line, (and it isn't search, despite what the average consumer may think.) Google instead attacked the Chinese leadership where it lived, by publicly embarrassing them over censorship and making THAT the big issue on the pages of newspapers. What they did was show the Chinese that the hack attack was too clever by half, and that Google had the capacity to strike back in a way that would personally offend Chinese leadership. This will certainly put more caution into the actual cyber-warriors conducting this espionage, because embarrassing the boss is never a good career move.

Meanwhile, I caution people to be very careful about what they store in cyberspace. While interacting on line is unavoidable, and sometimes even fun, taking basic steps to protect one's data are necessary. If you are a Windows user, you should have antivirus (like Norton or McAfee), anti-spyware (Spybot), software firewall (ZoneAlarm), hardware firewall (like a router, don't plug straight into your cable modem for instance) and turn on Windows automatic patching. Further, I think that local back up of data, while more less effective for disaster recovery, is better from a security perspective.