Monday, January 18, 2010

Google Hack Code Is In Public

The code used by China-based hackers in cyber attacks against Google and at least 20 other companies has been published on the internet. Code that exploits the yet-to-be-patched Microsoft Internet Explorer vulnerability has appeared on at least one website, according to researchers at security firm McAfee.

Microsoft published a blog post about the vulnerability after it was identified by McAfee researchers investigating the attacks. The public release of the exploit code increases the possibility of widespread attacks using the IE vulnerability, said McAfee chief technology officer George Kurtz in a blog post.

"The now public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems," he said. According to McAfee, the attack is especially deadly on older systems running Window XP and IE 6, although versions 7 and 8 are also vulnerable. This is the largest and most sophisticated cyber attack in years targeted at specific corporations, said Kurtz. "What really makes this a watershed moment in cybersecurity is the targeted and coordinated nature of the attack, with the main goal appearing to be to steal core intellectual property," he said.

The attacks prove these threats are no longer the stuff of science fiction, and should be taken seriously by the public and private sectors alike, according to security advisors. Hopefully, the attacks will prompt organisations to review their security and perhaps even discover breaches that have remained hidden for some time, said Tony Dyhouse, director of the UK's Cyber Security Knowledge Transfer Network (CSKTN). "The problem is organisations are often unaware they have been infiltrated and do not take seriously threats they cannot see," he said.