Attackers who raided Google in 2010 to learn information about Chinese human rights activists were also trying to gain insight on which Chinese intelligence agents were on the radar of U.S. authorities.
The intruders, who spearheaded the so-called Aurora attacks that breached more than 30 firms using weaponized PDFs, accessed a database at Google which contained data about court orders that authorized surveillance of certain individuals, presumably included among them Chinese spies. The revelation was reported Monday by The Washington Post, which quoted unnamed U.S. officials.
Among the most sensitive data accessed were court orders, called FISA orders, which, under the Foreign Intelligence Surveillance Act, could allow the government to access electronic data, like Gmail accounts, related to foreign or terrorist threats.
Recent comments from a Microsoft executive appeared to further corroborate these details. Last month, Dave Aucsmith, senior director for Microsoft's Institute for Advanced Technology, reportedly said the Aurora campaign's mission was to uncover court orders revealing U.S. law enforcement surveillance efforts.
Aucsmith has since clarified his remarks, saying he never meant to imply that Microsoft had been hacked by the same adversaries.In a statement emailed to SCMagazine.com on Tuesday, he said he was referencing “statements in the media” during the 2010 attacks.
“My comments were not meant to cite any specific Microsoft analysis or findings about motive or attacks, but I recognize that my language was imprecise,” said his statement. “What I should have said was, ‘According to what I've read concerning the so-called Aurora attack…industry investigators found that the point of entry was a backdoor access system created by Google in order to comply with government search warrants on user data.”
Google declined comment to SCMagazine.com, and the FBI has not immediately responded.Meanwhile, a cyber espionage group believed to be based in China has resumed operations. On Sunday, the New York Times reported that the Chinese military hacking unit behind the theft of hundreds of terabytes of information from scores of organizations, many in the United States, had resumed its operations.
