Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Perimeter

1/21/2010
11:00 AM
Gadi Evron
Gadi Evron
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
50%
50%

Google/China Reality Check Amid The Fog Of Cyberwar

We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.

We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.Nobody knows for sure it was China that attacked Google and the other affected corporations, and if someone does, he or she is not saying so publicly. In fact, Google CEO Eric Schmidt told Newsweek that he has no clear evidence, but invites us to draw our own conclusions.

The evidence against China would be thrown out of any court of law, and just because we have grown comfortable in blaming China of attacks does not mean they are behind them.

The Chinese network is a hotbed of criminal activity used by criminals around the world to launch Internet attacks, which reduces the possibility of blaming any single attack coming from it as state-sponsored. However, it also raises the question of why such activity has been allowed to go on for so long.

Many networks around the world, including some inside the U.S., are just as abused by criminals. These have been shown to be used against nation-states in past attacks, such as with Estonia -- which I had the honor of writing the post-mortem analysis for -- and in Georgia last year.

Looking at the current incident, Google is a trustworthy and capable corporation. However, when making accusations one needs to provide proof. And "it feels like China" isn't good enough.

In the fog of war, with world news discussing the diplomatic implications for the U.S., Google's business and China's censorship, and applauding Google's moral stance, some important questions are left unanswered.

For some time now, cybercriminals have been winning the "war." Security professionals can write analyses of attacks, as well as mitigate specific attacks. But in nearly all instances we haven't been able to impact criminal operations. For some years, one of my beliefs has been that we should take the offensive in the fight against cybercrime.

For reasons ranging from the criminals' willingness to play a scorched Earth game to legal and ethical limitations, we must be careful to not start a war the Internet can't win. This means we can't use the criminals' weapons against them.

While reporting is vague, Google has supposedly broken into a server in Taiwan (unless information of working through Taiwanese authorities, or that someone else has done this for Google, becomes available). If this happened, then Google broke the law in order to defend itself from criminal activity. This should be legal, but it isn't. Google needs to disclose exactly what it has done. Ethics change, and morally I believe it is in the right. Our ethics just need to catch up.

Another question many of us should ask is about Microsoft and the Internet Explorer Web browser. It has been disclosed that a previously unknown software vulnerability (0day) in Internet Explorer was what attackers used. Exploit code enabling any criminal to make use of the vulnerability to attack has been made public, and in the past such events were followed further exploitation. But Microsoft initially planned to patch this vulnerability in February.

Only when Germany and France issued warnings to users to not use Internet Explorer, and ZERT considered releasing a third-party patch, did Microsoft say it would release an early patch.

While creating software updates is very complicated, and Microsoft is usually a responsible organization, not patching this type of vulnerability for a whole month as the default response is irresponsible and unethical. We should all call on Microsoft to act responsibly, and write our representatives and the press about it.

Microsoft should be commended for issuing an early patch; after all, it was far from easy. However, until such time as Microsoft announces a new policy on patching software vulnerabilities, it's in my opinion unsafe to continue using Internet Explorer for surfing the Web, so switch to one of the many alternatives, such as Mozilla's Firefox browser.

This targeted attack, while impressive, is no new threat. Security risk assessment should already include corporate espionage. An example for a targeted attack is the GhostNet incident, exposed last year by Canadian researchers, demonstrating in detail how such attacks work. As another, the public disclosure of German intelligence cyber-espionage operations, showed that indeed, everyone does it.

I call upon my fellow security professionals worldwide to refrain from creating fear when speaking of this incident. Computers are just the most recent weapon to be used for old motives -- espionage. Unlike cybercrime and cyberwar, it is well-recognized in law and in diplomacy, and it is not the security experts who should be called on for answers.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-30477
PUBLISHED: 2021-04-15
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to messages sent by outgoing webhooks to private streams meant that an outgoing webhook bot could be used to send messages to private streams that the user was not intended to be able to send messages to.
CVE-2021-30478
PUBLISHED: 2021-04-15
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the can_forge_sender permission (previously is_api_super_user) resulted in users with this permission being able to send messages appearing as if sent by a system bot, including to other organizations hosted by the sa...
CVE-2021-30479
PUBLISHED: 2021-04-15
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the all_public_streams API feature resulted in guest users being able to receive message traffic to public streams that should have been only accessible to members of the organization.
CVE-2021-30487
PUBLISHED: 2021-04-15
In the topic moving API in Zulip Server 3.x before 3.4, organization administrators were able to move messages to streams in other organizations hosted by the same Zulip installation.
CVE-2020-36288
PUBLISHED: 2021-04-15
The issue navigation and search view in Jira Server and Data Center before version 8.5.12, from version 8.6.0 before version 8.13.4, and from version 8.14.0 before version 8.15.1 allows remote attackers to inject arbitrary HTML or JavaScript via a DOM Cross-Site Scripting (XSS) vulnerability caused ...