Monday, April 26, 2010

Operation Aurora

Operation Aurora is a cyber attack which began in mid-2009 and continued through December 2009.[1] The attack was first publicly disclosed by Google on January 12, 2010, in a blog post.[2] In the blog post, Google said the attack originated in China.

The attack has been aimed at dozens of other organizations, of which Adobe Systems,[3] Juniper Networks[4] and Rackspace[5] have publicly confirmed that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman and Dow Chemical[6] were also among the targets.

As a result of the attack, Google stated in its blog that it plans to operate a completely uncensored version of its search engine in China "within the law, if at all", and acknowledged that if this is not possible it may leave China and close its Chinese offices.[2] Official Chinese media responded stating that the incident is part of a U.S. government conspiracy.[7]

The attack was named "Operation Aurora" by Dmitri Alperovitch, Vice President of Threat Research at cyber security company McAfee. Research by McAfee Labs discovered that “Aurora” was part of the file path on the attacker’s machine that was included in two of the malware binaries McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation," McAfee Chief Technology Officer George Kurtz said in a blog post.[8]

According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high tech, security and defense contractor companies. “[The SCMs] were wide open,” says Dmitri Alperovitch, McAfee’s vice president for threat research. “No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways — much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting."[9]

Source: Wikipedia