China's Aurora Attack Was Really a Counterespionage Effort

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Back in 2010, Google revealed it had been the target of a large-scale attack by hackers within China. At the time, Google said the cyberattack was after information about human rights activists. But now, anonymous sources are saying the hackers were really after information about Chinese spies who were under surveillance by the U.S. government.

The Washington Post’s Ellen Nakashima reported, “Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials. The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies.”

CIO’s Kenneth Corbin ran a similar story in late April and quoted Microsoft’s Dave Aucsmith, who said, “What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on. So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case.”

InformationWeek’s Matthew J. Schwartz recalled, “The successful attack against Google was dubbed Operation Aurora by security firm McAfee because attackers reportedly employed the Aurora (a.k.a. Hydraq) Trojan horse application. At the time, however, Google said its investigation into the attack found that ‘at least twenty other large companies from a wide range of businesses — including the Internet, finance, technology, media and chemical sectors — have been similarly targeted.’ Google also disclosed that a second branch of the attack had compromised multiple Chinese and Vietnamese activists’ Gmail accounts. All told, the Operation Aurora attacks reportedly targeted at least 34 companies, including Adobe, Juniper, Rackspace, Symantec, Northrop Grumman, Morgan Stanley and Yahoo.”

Mashable’s Lorenzo Franceschi-Bicchierai observed, “For security experts, this is a disturbing revelation with far-reaching implications. ‘I think the fact that the public has been kept in the dark about the extent of the attack is really problematic,’ says Chris Soghoian, a technologist and advocate at the American Civil Liberties Union. ‘It’s troubling that it took three years for the public to learn this.'”