Drummond, in his blog post, said that -- in part due to this incident -- Google would no longer censor search results in China, a move that could cause its Web site to be blocked by the Chinese government.
Corporate IT workers have come to expect all sorts of Internet attacks from China in recent years, but because of the distributed nature of the Internet, it's very hard to determine the true source of a cyber attack. For several hundred dollars, criminals from any country can buy so-called bulletproof hosting in China. These servers are guaranteed not to be taken down, even if they are linked to spam or other illegal online activity.
In this case, however, Google believes the attacks really were state sponsored, said Leslie Harris, president and CEO of the Center for Democracy and Technology. "They wouldn't be taking an action suggesting that they cannot operate in China ... if it was not related to the Chinese government," she said.
Google's security team eventually managed to gain access to a server that was used to control the hacked systems, and discovered that it was not the only company to be hit. In fact, 33 other companies had also been compromised, including Adobe Systems, according to several sources familiar with the situation.
On Jan. 2 Adobe learned of "a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies," the company said in a blog post published just minutes after Google went public with its account of the hacking incident. An Adobe spokeswoman declined to comment on whether or not the Google and Adobe attacks were related.
Other companies that have been hit include "Internet, finance, technology, media and chemical sectors," Drummond said.
On Tuesday Yahoo -- another likely target -- declined to say whether it had been hit, but the company did issue a brief statement in support of Google. These "kinds of attacks are deeply disturbing," Yahoo said.
Microsoft said even less about the incident. "We have no indication that any of our mail properties have been compromised," the company said via e-mail.
"We've never seen any attacks that were on this large of a scale and were this successful against private companies," said Eli Jellenc, head of international threat intelligence with Verisign's iDefense security unit.
IDefense was called in to help some of the victim companies that Google had uncovered. According to Jellenc, the hackers sent targeted e-mail messages to victims that contained a malicious attachment containing what's known as a zero-day attack. These attacks are typically not detected by antivirus vendors because they exploit a previously unknown software bug.
Web giants attacked
- White House orders security review in wake of WikiLeaks disclosure
- Leaked U.S. document links China to Google attack
- Update: Researchers track cyber-espionage ring to China
- Google, China now playing cat and mouse?
- McAfee: 'Amateur' malware not used in Google attacks
- Military warns of 'increasingly active' cyber-threat from China
- China: Google 'totally wrong' to stop censoring
- Update: Google stops censoring in China
- Google's China ad partners wait in 'incomparable pain'
- Google may soon leave China, reports say
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
If you use ‘password,’ one the worst passwords, as your password, fail to keep antivirus protection updated and don’t bother to deploy security patches to close critical vulnerabilities, then maybe you should consider working for the cybersecurity-clueless federal government; you’d fit right in, according to Senator Tom Coburn's cybersecurity and critical infrastructure report.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Changing the Way Government Works: Four Technology Trends that Drive Down Costs and Increase Productivity
- This paper discusses four technology-based approaches to improving processes and increasing
productivity while driving down department and agency costs.
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses
- IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Streamline Data Protection with IBM Tivoli Storage Manager Operations Center
- IBM Tivoli Storage Manager (TSM) has been an industry-standard data protection solution for two decades. But, where most competitors focus exclusively on Backup...
- Simplify and Consolidate Data Protection for Better Business Results
- Learn about IBM® Tivoli® Storage Manager Operations Center, which provides advanced visualization, built-in analytics and integrated workflow automation features that leapfrog traditional backup...
- HP HAVEn: See the big picture in Big Data
- HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data... All Government IT White Papers
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the...
- Containerization Options: How to Choose the Best DLP Solution for Your Organization This webcast outlines a framework for making the right choice when it comes to containerization approaches, along with the pros and cons of...
- Mobile Apps and Devices Slash Customer Cycle Time Consolidated Engineering Laboratories' field employees used to collect data on triplicate forms that were sometimes hard to read and difficult to manage. After...
- All Government IT Webcasts