In January 2010, a sophisticated and advanced persistent threat known as “Operation Aurora” occurred, causing a significant impact on cyber security. This attack targeted prominent corporations, including Google, Yahoo, Juniper Networks, and Adobe Systems. It forever changed the defense industry and the commercial sector’s perception of cyber-attacks, highlighting their common occurrence and the need for heightened security measures to protect valuable intellectual property.
Through the manipulation of computer codes, attackers were able to exploit vulnerabilities in Microsoft Internet Explorer and gain unauthorized access to valuable sensitive information from over thirty prominent companies. Operation Aurora demonstrates that the world is entering a high-risk era where cybercrimes are no longer limited to governments, but also target all sectors of various corporations and companies. Entities that were once considered immune are now under threat (McAfee Labs and McAfee Foundstone Professional Services 1).
According to Microsoft, there was an identified flaw in Internet Explorer as early as September 2009. The Microsoft Security Response Center had planned to release a patch for this vulnerability in February 2010. However, during the period of December 2009 and January 2010, Operation Aurora successfully exploited these vulnerabilities and gained access to affected systems, potentially allowing them to take full control (Naraine).
In July 2009, a similar attack was found where around 100 IT companies were hacked through emails containing harmful PDF attachments. The specific outcomes and impacts of these attacks have not been disclosed, thus the success of that attack remained unknown (Zetter, Google Hackers Targeted Source Code of More Than 30 Companies | Threat Level | Wired. com). According to McAfee, the hackers behind Operation Aurora discreetly infiltrated various systems without leaving any visible traces of malicious intent or actions, following a series of steps.
The assault commenced by dispatching a hyperlink via email or instant message, purportedly from a reliable source, to a specific user. As the source is considered trustworthy, the recipient proceeds to click on the link, which directs them to a website harboring a malevolent JavaScript payload. As the payload is an executable file, the browser proceeds to download the malicious JavaScript. Embedded within the script is a zero-day exploit for Internet Explorer, which proceeds to download a binary under the guise of Taiwan servers and subsequently executes the payload.
This Trojan creates an encrypted backdoor that mimics an authentic SSL connection in order to avoid being detected. Once the backdoor is open, the attackers gain full access to steal sensitive information and intellectual property from their victims. They can also use the compromised internal systems to further infiltrate the network (McAfee Labs and McAfee Foundstone Professional Services 3). If Operation Aurora continues to target more systems, it could potentially disrupt global capitalism and commerce.
Many companies take extensive precautions to safeguard their intellectual properties, such as trademarks, source codes, or trade secrets. However, in the event that these repositories are breached, the global economic landscape can be significantly disrupted. In response to the recent attack, Microsoft promptly released a security advisory warning that the exploit impacts virtually all versions of Internet Explorer. They strongly advised all Windows users to update their IE browser to address the vulnerabilities and defend against malicious execution files.
McAfee quickly emphasized the importance of their security products and guidance for both consumers and businesses (Zetter, Google Hack Attack Was Ultra Sophisticated, New Details Show | Threat Level | Wired. com). According to McAfee, customers should initially confirm and upgrade to the newest threat definition while conducting a comprehensive system scan. Next, it is advised to thoroughly review and analyze the network traffic history for any potential external systems connected to past or ongoing attacks. Lastly, it is crucial to consistently search for and investigate files or file attributes linked to current or previous attacks.
McAfee advises consumers to use McAfee Network Security Platform, McAfee Web Gateway, and McAfee Firewall Enterprise to protect against IE vulnerabilities (Evers and Bain). Additionally, to optimize IP security in their systems, consumers are urged to implement several countermeasures due to the sophistication of Operation Aurora.
- Users accounts should be limited and not granted excessive authorizations especially ability to access to administrative functions such as read and/or write source code and source code trees. To ensure system integrity, all logs must be set up and configured to record each and every event performed on the system. The systems should audit these logs frequently.
- •Account users should submit to a two-factor authentication process. Inactive or retired log-on accounts should be deleted or removed.
- The system should be able to block attempts and protect its configuration files as well as logs through cryptographic hashing.
- It is ideal to maintain back up integrity by having all files validated independently. Ensure that all communications are encrypted during data at rest, in motion or data in use.
- The SCM software should be monitored, updated and patched regularly to protect the system for the latest threats.
- Adhere to either the FISMA or NSA hardening guidelines and house the SCM on a single-use system.
- Have a good network forensics system that will store and log all traffic for offline analysis (McAfee Labs and McAfee Foundstone Professional Services 11-12).
Despite cyber-attacks being prevalent in the defense industry, Operation Aurora highlighted that even sectors that were previously considered immune, such as commercial sectors, are now vulnerable to cyber hacking. The cybercrime landscape is shifting towards targeting intellectual property repositories. As long as vulnerabilities exist, consumers will always face the risk of future attacks. It is therefore crucial to safeguard their systems by regularly updating and utilizing security protection programs like McAfee. Countermeasures must be implemented seriously to ensure optimal system protection against all kinds of threats, whether malicious or not.
