Cyber attacks disclosed by Google and Adobe that may lead Google to quit China highlight a sophisticated type of bespoke cyberspying that could be more widespread than previously thought.
Google, the world's top search engine, said on Tuesday it might shut down its Chinese site, Google.cn, after an attack on its infrastructure it believed was primarily aimed at accessing the Google mail accounts of Chinese human rights activists. Unlike ordinary viruses that are released into cyberspace and quickly spread from computer to computer, the type of attack launched against Google and at least 20 other companies were likely handcrafted uniquely for each targeted organisation. Such attacks, most often delivered using Adobe PDF documents sent by e-mail, secretly deposit a software file on a user's hard drive allowing the computer to be remotely accessed. Typically, top personnel with access to high-level information are targeted with such software, known as malware. Since each organisation is hit with a malware that looks different from malware delivered to others, companies cannot detect samples spreading around the globe and protect themselves as they normally would, security experts say. “Attacks like this are very hard to block and very hard to filter,” says Mikko Hypponen, chief research officer at security software maker F-Secure, who has been monitoring such attacks against Chinese human-rights activists since 2005. The fact that this kind of malware can easily sit in computers undetected, potentially for ever, also means the true number of such hacking attempts is hard to estimate. “I don't think they're very unusual at all. I think they're very usual — that's the problem,” says John Walker, a professor in cyber-crime at the UK's Nottingham Trent University and chief technology officer of security software.