The Google China cyber attacks are still under investigation but have already had several serious effects on the technology industry. Google continues to deal with serious repercussions, some of which we covered last week, and is even considering the security breach could be an insider job. However, it’s not the only company that wishes the hacking never happened. Microsoft’s Internet Explorer 6 is under heavy fire as a security hole in the browser has been pointed out as the key vulnerability which made the attacks possible. Several governments have been warning people to stop using Internet Explorer, dealing serious blow to Microsoft’s internet browser.
Are Google Employees Responsible?
Google is considering the possibility that the security breach may have had help from within the company. Knowingly or accidentally, a Google employee may have played a key role in letting a Trojan infiltrate the company’s digital defenses. While some speculate that the parties behind the cyber attack had a insider in the company, security firm McAfee supports a different theory. McAfee purports that the outsiders were able to access Google’s private information and intellectual property when an employee unwittingly downloaded malware either from a website visited or an e-mail received.
While it’s currently unclear whether or not employees are at fault, Google’s problem can be a good lesson for us. Proper employee training on security measures and powerful encryption software are a necessity for both multinational firms and small companies. Having a secure business environments helps avoids catastrophes such as the one Google is facing. While the long term effects are unknown, the short term ones are already visible, the largest being Google’s reevaluating its business in China and considering leaving, even at the cost of sacrificing revenues and a significant market share.
Internet Explorer 6’s Downfall
McAfee’s investigation of the security breach presented another theory: an exploit in the Internet Explorer 6 browser played a key role in the cyber attack. Though several accusations were made against other applications, including Adobe PDF files, they didn’t hold water. The claims were retracted and everyone pretty much agreed that there was a serious vulnerability in an older version of Microsoft’s browser. In fact, several countries’ administrations have issued bulletins urging online users to drop Internet Explorer as their browser of choice. Though the exploit was only functional in IE6, both Germany and France are urging users to switch no matter which version of the browser they have installed. As you can imagine, Microsoft is scrambling to get a patch out to fix the vulnerability and trying to do damage control. Microsoft’s Head of Security and Privacy in the UK spoke with TechRadar and claimed:
“The net effect of switching [from IE] is that you will end up on less secure browser…”
“The risk [over this specific] exploit is minimal compared to Firefox or other competing browsers… you will be opening yourself up to security issues.
“There are broader risks and issues with other browsers.”
Though it’s unclear if Internet Explorer’s market share will drastically fall following the bulletins from the German and French governments, the situation shows the importance of data security. One hole in Microsoft’s IE browser has done permanent damage to the brand. It’s best not to wait and see if a leak in your organization can have similar effects. If your computers aren’t already protected by Pointsec data encryption services, you should check out what we have to offer.
Further Reading
Operation Aurora [McAfee]
Operation “Aurora” Hit Google, Others [McAfee Security Insights Blog]
iDefense retracts claims made on Adobe’s involvement in cyber attacks [SC Magazine]
Kritische Sicherheitslücke im Internet Explorer [Bundesamt für Sicherheit in der Informationstechnik]
Vulnérabilité dans Microsoft Internet Explorer [Centre d’Expertise Gouvernemental de Réponse et de Traitement des Attaques informatique]
Image [FreeDigitalPhotos.net]
Trackbacks /
Pingbacks