Once the attackers control one computer on a network, they branch out from there, probing other computers on the same network and raiding e-mail accounts to get more ammunition for social engineering attacks. “They’re basically tricking users into exploiting themselves,” Villeneuve says, adding that perimeter defenses are useless if attackers can trick humans into handing over information or infecting themselves.
However, since many hacking groups operate using these tactics, Villeneuve says it can be devilishly hard to trace attacks back to their source. “We often don’t know [the exact details of attackers’] relationship with the Chinese government,” he says. Still, Villeneuve believes that the Chinese government would certainly stand to benefit from the activity.
Ross Anderson, a professor of security engineering at the University of Cambridge, agrees that “the sort of tricks” used against the Tibetan movement likely provide clues to the recent attacks against Google and other companies.
Shortly after Google made its announcement, Adobe posted an announcement of a “computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.” Adobe says it learned of the attack on January 2 but did not confirm that this attack was the same as the one that struck Google.
Google plans to negotiate with the Chinese government over the next few weeks to see if it is possible to run a standard version of its search engine in China. “These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the Web–have led us to conclude that we should review the feasibility of our business operations in China,” Drummond wrote.
No other major U.S. search engine has so far said it would change its operations in China. A Yahoo spokesperson said in a statement, “We stand aligned with Google that these kinds of attacks are deeply disturbing and strongly believe that the violation of user privacy is something that we as Internet pioneers must all oppose.” But the search engine was silent on the question of whether it would make any changes to its own policies. A Microsoft statement read, “We have no indication that any of our mail properties have been compromised.”
Hear more from Google at EmTech 2014.