Google Aurora Attack Carried Out By "Amateurs"?

An analytical study conducted by US security firm Damballa has been revealed that the cyber attack which was targeted at Google's corporate infrastructure and that of 20 other US companies, was apparently carried out by a group of amateurs, who had been testing the attack since July 2009.

The company revealed that upon thorough investigation of the malware and CnC (Command And Control) topologies used by the cyber criminals, it was determined that the attack was a version of an increasingly common botnet attack, albeit a dangerous one.

Gunter Ollmann, vice president of research at Damballa, dismissing the Google attack as a state-sponsored operation, said in a statement that “I would say this particular botnet group was not well funded because the level of the tools used would have been far superior to what it was. Some of the codes within the malware were at least five years old.”

Explaining the functionality behind the alleged amateur botnet attack, Ollmann said that the botnet was based on basic command topology and relied heavily on Dynamic DNS CnC techniques which are hardly used by professional botnet developers who prefer more sophisticated techniques.

Mr. Ollmann went to add that criminals had targeted companies in seven other countries before setting their eyes on Google.

Our Comments

If Damballa's suggestions are indeed true, it raises the spectre of even more lethal attacks in the future which could bring down significant portions of the internet. Damballa has a number of reports published on CNC Topologies which you can read here.

Related Links

Study: Google-China attack driven by amateurs


Report: Google hack was 'amateur,' began in July

(USA Today)

Google botnet attack was 'amateurish'

(TG Daily)

Most resistance to 'Aurora' hack attacks futile, says report

(The Register)