When a multibillion-dollar corporation gets quietly and spectacularly hacked, the last thing you expect it to do is announce the breach to the world. Yet that’s exactly what Google did last January after discovering hackers had breezed past its security measures to burrow deep into its network.
The well-coordinated attack, dubbed Operation Aurora, began with an instant message to a Google employee in China that included a link to a malicious Web site. When the employee clicked on the link, the nefarious code downloaded to a computer, enabling the attackers to control it and hop to other machines in the company’s U.S. network. The intruders accessed a software repository used by Google developers, siphoned intellectual property, and viewed basic Gmail account information for at least two human rights activists who focus on China.
No fewer than 27 other companies—financial institutions and defense contractors among them—were also attacked, but most remained mum. Google went public in part to counter the silence of its fellow victims. Google cofounder Sergey Brin said in February that “if more companies were to come forward with respect to these sorts of security incidents and issues, I think we would all be safer.” Google’s admission made other companies realize the sophistication of the attacks they might face, says Alan Paller, director of research at the sans Institute, which trains computer security professionals.
Although determining the precise source of a hack is often impossible, fingers pointed at China as the likely origin, sparking a volley of political posturing from Beijing, Silicon Valley, and Washington, D.C. In its blog post reporting the cyberattack, Google announced it would stop censoring search results in China and threatened to pull out of the country entirely. In the end, the company only added a link to its Chinese search page, allowing users to view uncensored results through its Hong Kong–based search engine.