Google hack hit 33 other companies
PDF flaw blamed for Chinese espionage.
By John E. Dunn | Techworld | Published: 12:06, 13 January 2010
The plot thickens. According to iDefense Labs, the recent Internet attack that has so upset Google affected 33 other US tech and defence firms and is directly related to an Adobe Reader-based attack of last July.
The US flaw-hunting specialist said that the attack was an attempt to steal source code on an industrial scale and was, in many cases, probably successful. If correct, this might explain why Google has by its own normally quite restrained standards gone ballistic to the extent of threatening to quit China.
"Two independent, anonymous iDefense sources in the defense contracting and intelligence consulting community confirmed that both the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof," said the iDefense press statement, confirming what the world already knows.
Related Articles on Techworld
It now turns out that Adobe itself was targeted in the latest alleged Chinese attacks, as a statement on its own website explains.
"Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies."
The note goes on to say that in Adobe's case, the attack was not successful in stealing any data.
More embarrassingly, a flaw in Adobe software has been implicated in the new attacks. iDefense has forensically linked these to last July's attacks, which involved exploiting zero-day flaws in Adobe Reader 9.1.2 and Adobe Flash Player 9 and 10 to send specially-crafted PDFs.
As well as using the same emailed PDF technique to drop Trojans, the two attacks used the same HomeLinux DynamicDNS provider, pointed to the same virtual private server host owned by US-based Linode, and had IP addresses on the same subnet within a very similar address range.
"Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July," says iDefense.
In fact, it is also possible that exploits go back further since the flaws used in last summer's attack pre-date the known attack by some months.
Whatever the details, that China is targeting the US technology firms, the government and military is nothing new, as a Northrop Grumman report of last October made clear. It now looks as if the latest cycle of attacks could take US firms, and perhaps even the US government itself, beyond breaking point.