'Aurora' Cyber Attackers Were Really Running Counter-Intelligence

An attack Google attributed to Chinese targeting human-rights activists was actually a case of hackers probing U.S. surveillance on undercover agents, according to the senior director of Microsoft's Institute for Advanced Technology

By Kenneth Corbin
Mon, April 22, 2013

CIO — NATIONAL HARBOR, Md. -- Some of the hackers involved in the infamous Aurora attacks executed from China against dozens of major American companies were believed to be running a counter-intelligence operation probing whether the U.S. government had uncovered the identity of clandestine agents operating in the United States, according to Dave Aucsmith, senior director of Microsoft's Institute for Advanced Technology in Governments.

'Aurora' Attackers Were Running Counter-Intelligence

Aucsmith, speaking last week at a government IT conference Microsoft hosted here at this Washington suburb, outlined a starkly different version of the attacks than the assessment that Google offered in the bombshell revelation it made in January 2010.

Google had said that the attackers were trying to infiltrate the Gmail accounts of Chinese human rights advocates, describing "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google."

The view from Redmond was different.

Aucsmith does not challenge Google's description of the attacks, but says that Microsoft's analysis concluded that the hackers seeking to infiltrate its systems were apparently working under a motivation that had little if anything to do with the issues of human rights and repression widely associated with the Aurora operation.

"I believe it is fundamentally impossible to stop an attack for which you have never, ever conceived of. But I believe it may be in my power to find that first attack very quickly and then make everything else immune"

--Dave Aucsmith
Microsoft's Institute for Advanced Technology in Governments

Instead, the attack on Microsoft looked to be a reconnaissance mission hackers were conducting to determine what type of surveillance U.S. authorities were conducting on undercover operatives through records obtained from the software giant via court orders.

"What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on," Aucsmith says. "So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That's essentially what we think they were trolling for, at least in our case."

An A-team of Cyber Criminals

Aucsmith describes that attack as coming from an elite, "A-team" of hackers, highlighting the nexus between business and government in the cyber realm and the reality that highly motivated (and potentially state-sponsored) hackers potentially will direct their most sophisticated attacks at private-sector operators when they are searching for national-security information.

Continue Reading

Our Commenting Policies