RSA: Aurora Hackers Targeted Google Source Code


Security experts say that Operation Aurora hackers went after unsecured source code to lift intellectual property from Google, Adobe, Intel and numerous other high profile targets.

During a talk at the RSA Conference Wednesday, George Kurtz, McAfee chief technology officer, and Stuart McClure, McAfee senior vice president and general manager of the risk and compliance business unit, told their audience that the Operation Aurora hackers targeted intellectual property of their high profile corporate targets by going after source code.

In January, Google and more than 30 other corporations, including Intel and Adobe, suffered a serious malware attack appearing to be sourced from China -- dubbed Operation Aurora -- in which the hackers infiltrated corporate networks to steal critical assets such as intellectual property. Kurtz said they were able to hone in on their targets by obtaining access to software configuration management systems (SCMs).

"SCMs are used by software engineers to manage their projects and are used to store source code, the crown jewels of any tech company," Kurtz said in a blog post.

Unfortunately for Google and others, the SCMs weren't adequately secured, Kurtz said.

"Many organizations have tight security around financial systems and other mission critical systems, but leave their intellectual property repositories broadly accessible. The company might have strong perimeter security, but once you're in the SCM, it's readily available," he said.

Kurtz said that once the attackers were able to penetrate the SCM system, they had the unchecked ability to lift, alter or add source code that would enable them to access critical and privileged information.

McAfee researchers said that security bugs found in Perforce, one of the most common SCM systems found in many of the Operation Aurora attacks, enabled attackers to easily access source code, Kurtz said.

According to a McAfee white paper, released Wednesday, victims received a link delivered via e-mail or IM from what appeared to be a "trusted source." The victim clicked on the link, which redirected them to a malicious Website hosted in Taiwan that downloaded malware onto their system that exploited a zero-day Internet Explorer vulnerability.

The malware then set up a backdoor that connected the victim's computer with command and control servers in Taiwan, which turned the machine into a drone and giving the attackers access to all internal corporate systems. With the keys to the castle, the attackers then targeted sources of intellectual property, including the companies' SCMs.

Altogether, Kurtz underscored the value of intellectual property, pointing out that it was crucial that companies beef up security to protect their critical assets.

"The main point: intellectual property is valuable, perhaps even more valuable than money, so it should be properly secured," he said. "If organizations today secured their financial assets as they secure their source code, they'd be broke."