'Aurora' Cyber Attackers Were Really Running Counter-Intelligence
An attack Google attributed to Chinese targeting human-rights activists was actually a case of hackers probing U.S. surveillance on undercover agents, according to the senior director of Microsoft's Institute for Advanced Technology
Mon, April 22, 2013
CIO — NATIONAL HARBOR, Md. -- Some of the hackers involved in the infamous Aurora attacks executed from China against dozens of major American companies were believed to be running a counter-intelligence operation probing whether the U.S. government had uncovered the identity of clandestine agents operating in the United States, according to Dave Aucsmith, senior director of Microsoft's Institute for Advanced Technology in Governments.
Aucsmith, speaking last week at a government IT conference Microsoft hosted here at this Washington suburb, outlined a starkly different version of the attacks than the assessment that Google offered in the bombshell revelation it made in January 2010.
Google had said that the attackers were trying to infiltrate the Gmail accounts of Chinese human rights advocates, describing "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google."
The view from Redmond was different.
Aucsmith does not challenge Google's description of the attacks, but says that Microsoft's analysis concluded that the hackers seeking to infiltrate its systems were apparently working under a motivation that had little if anything to do with the issues of human rights and repression widely associated with the Aurora operation.
Microsoft's Institute for Advanced Technology in Governments
Instead, the attack on Microsoft looked to be a reconnaissance mission hackers were conducting to determine what type of surveillance U.S. authorities were conducting on undercover operatives through records obtained from the software giant via court orders.
"What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on," Aucsmith says. "So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That's essentially what we think they were trolling for, at least in our case."
An A-team of Cyber Criminals
Aucsmith describes that attack as coming from an elite, "A-team" of hackers, highlighting the nexus between business and government in the cyber realm and the reality that highly motivated (and potentially state-sponsored) hackers potentially will direct their most sophisticated attacks at private-sector operators when they are searching for national-security information.