3 Steps to Protect Your IT from China-Like Attack
While the Aurora attacks that Google and others publically disclosed last week on their IT infrastructure might have surprised many who work outside of the Beltway, the revelations provided substantial validation for many of us who follow the unofficial reports on China's long-standing involvement in offensive information operations against the United States.
Often times we hear reports about officials, speaking on condition of anonymity, about incursions from China against American networks, but the Google disclosure was very different. Google, a respected, independent business operating within China, stepped forward to publicly declare that hackers from China had stolen its intellectual property and committed incursions against the privacy of its account holders.
While they did fall short of saying the Chinese government was responsible for the attacks, they diplomatically implicated the Chinese government by threatening to remove government Internet filters as a punitive act. The punishment was an indirect way of acknowledging, on the world's stage, that the Chinese government bears responsibility for the acts.
China, a leader in Internet censorship and monitoring, may no longer be able to find an audience for it's very stale we-had-no-idea, it-wasn't-us song and dance. It should be abundantly clear that the Chinese government is more than capable and willing to weaponize software vulnerabilities to target U.S. interests, commercial or otherwise.
While details are forthcoming about the incident, the next few days represent a critical time to evaluate how this incident may have affected you and your organization. Here are a three points you should consider if you are concerned about the Aurora attacks:
- Determine your risk. While this attack was an unpublished, zero-day attack targeting Internet Explorer, there is no patch now available. Microsoft has published details on specific configurations that are resistant to this vulnerability, but you will probably start seeing more instances of this vulnerability incorporated into other forms of malware. The attack code has been published, and if you aren't watching your configuration, you may be very vulnerable to this issue if malware developers pick it up full bore.
- Identify signs of compromise. How do you know you aren't among the list of organizations targeted by Aurora? Odds are, Aurora didn't just target commercial entities. If this was as successful as it seems to have been, odds are it was a tool of choice that was utilized to fully exploit a variety of sources. Check your systems to identify any fragments or artifacts consistent with this type of attack.
- Evaluate the business case for foreign access. Can your employees take computers overseas? Do your employees remotely access federal IT systems in high-risk host countries? Host countries exercise total control of the information environment within their borders - including resources that are accessed remotely.
It's time to think about how these activities can be used to compromise the security and integrity of federal-interest IT systems, and how you should re-evaluate your options.
Other blogs from Eric Fiterman:
- Lessons From the Predator Drone Breach
- Confronting Virtualization's Security Challenges
- Workplace Culture Clash
- 4 Tips on Insider Threats
- Can Cloud Defend Against DDoS Attacks?
Eric M. Fiterman is a former FBI special agent and founder of Methodvue, a consultancy that provides cybersecurity and computer forensics services to the federal government and private businesses.