Chinese Hackers Found Sensitive U.S. Government Data on Google Servers
Posted by Author on May 23, 2013
When Chinese hackers breached Google servers in 2010, they were not targeting the Gmail accounts of human rights activists, as the company claimed at the time.
What the hackers were actually after was a database containing years of sensitive information related to U.S. surveillance. Now we have learned that the attack was successful, and the data compromised.
In 2010, as part of what has been dubbed as Operation Aurora, Chinese hackers gained access to a database of data relating to thousands of surveillance orders, all judicial responses to agency requests for email monitoring.
Those orders were issued under the Foreign Intelligence Surveillance Act (FISA), which allows the feds to spy on foreign communications (and American targets who communicate with foreign suspects).
This startling revelation was first reported by the online security website CIO on April 22, but confirmed by anonymous sources to the Washington Post Monday.
It’s unclear exactly what information the database contained. We also don’t know how much data the hackers got their hands on. But the U.S. officials interviewed by the Post said it was “valuable intelligence.”
That the attacks were part of a larger counter-intelligence operation had been an unconfirmed rumor for years. Google refused to confirm it for the Post article.
But senior U.S. officials did confirm it, explaining how important this information could have been for the Chinese government, and how sensitive it was for its American counterpart.
“Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” one former anonymous official told the Post. He speculated that the the Chinese might have wanted to deceive U.S. spies by feeding them false information.
David Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments, revealed in April that Microsoft had been a target during Operation Aurora as well. They found the hackers “were actually looking for the accounts that we had lawful wiretap orders on,” he said.
After Hiatus, Chinese Hackers Take Aim at U.S. Targets
For security experts, this is a disturbing revelation with far-reaching implications. “I think the fact that the public has been kept in the dark about the extent of the attack is really problematic,” says Chris Soghoian, a technologist and advocate at the American Civil Liberties Union. “It’s troubling that it took three years for the public to learn this.”
“This is why wiretapping systems are a bad idea,” tweeted Matthew Green, a cryptography researcher and professor at Johns Hopkins University. “Not because they can’t be built securely; because they won’t be.”
This is why many security experts are concerned about an FBI plan to mandate backdoors into online communications. The plan would allow them to wiretap online chats. It’s part of a rumored overhaul of the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law that mandates similar wiretap requirements for phone calls.
“Google has hundreds of engineers doing nothing but security,” Soghoian told Mashable. “If Google can not protect its databases against the Chinese government, if they cannot protect their wiretapping system, what makes us think that a smaller company with less resources is going to be able to defend itself?”
– source: http://mashable.com/
Sorry, the comment form is closed at this time.