Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Juniper, Symantec investigating after Google attack

Dow Chemicals, Northrop Grumman and Yahoo also named in reports

Juniper Networks and Symantec said Thursday that they were investigating a widespread cyber-espionage incident that has hit dozens of technology companies, including Google and Adobe.

Sources familiar with the situation say that 34 companies, most of them large Fortune 500 names, were hit by a sophisticated cyber-attack, first uncovered by Google last month. The attackers used a previously unknown "zero-day" attack on Internet Explorer, and possibly other techniques, to break into company networks and steal sensitive information.

The Washington Post reports that Yahoo, Dow Chemical and Northrop Grumman were also attacked.

Juniper and Symantec both acknowledged that they were investigating incidents, but stopped short of saying they had been hacked or of providing any details.

"As the world's largest security provider, we are the target of cyber-attacks on a regular basis. As we do with all threats, we are thoroughly investigating this one to ensure we are providing appropriate protection to our customers," Symantec said in a statement.

"Juniper Networks recently became aware of, and is currently investigating, a cyber security incident involving a sophisticated and targeted attack against a number of companies," a company spokeswoman said in an e-mail message. "We take these incidents seriously and as with any investigation of this nature, we do not disclose details."

Although IT administrators have long cited China as the source of many cyber-attacks, it is extremely difficult to say whether this malicious traffic is actually originating in China or merely passing through. The fact that Google seems to think that China is behind the attacks -- a strong enough conviction that it has threatened to stop doing business in China -- is exceptional, however.

Google discovered a command and control server being used to send instructions to hacked machines, and was able to notify and identify other victims based on that information. According to Google the companies that were targeted include the Internet, finance, technology, media and chemical businesses.

The search engine company may suspect Chinese government sponsorship of the attacks, but the company's chief legal counsel David Drummond told U.S. National Public Radio Thursday that the company doesn't have definitive evidence that the Chinese government was involved.

Human rights groups, government agencies and defense contractors have been targeted by this type of attack in the past, but the fact that so many major international companies could be hit is a wake-up call to businesses.

"It shows that even the biggest and the most sophisticated companies will always come in second place when they're matched with a big foreign intelligence service," said James Lewis a director with the Center for Strategic and International Studies.

Northorp Grumman said it does not comment on specific attacks. "Northrop Grumman, like most industries and government organizations, is at risk of cyber attacks ranging from the most complex to the simple hacker," a company spokeswoman said via e-mail.

Yahoo wouldn't say whether it had been hit. Dow Chemical could not be reached immediately for comment.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Adobe, Dow Chemical, Google, Juniper, Juniper Networks, Microsoft, Northrop Grumman, Symantec, Yahoo
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Adobe, cyberattacks, Google, juniper, symantec, Yahoo
Latest Blog Posts
Whitepapers
  • Managing IBM License Complexity
    IBM provides thousands of products in its portfolio and uses a variety of license models, contract terms and conditions. These license models can be very complex, causing frequent confusion for organisations trying to grasp the concepts while maintaining license compliance. While at first IBM licensing may seem incomprehensible, some education on the license models and licensing scenarios will help minimise the confusion. In addition, a more automated approach to managing licenses enables organisations to gain control, reduce ongoing software costs and minimise license liability risks. Read on.
    Learn more »
  • Restore control, Reinforce security & Reduce Cost
    Uncontrolled print environments and practices present a serious risk to the profit and security of your organisation. IT is under pressure to protect sensitive information, secure devices, and improve the way they manage the entire fleet. To gain better control, your organisation needs to implement plans that meet industry regulations while also increasing productivity, lowering costs, and providing users with more flexible imaging and printing solutions. Read more.
    Learn more »
  • CIO Executive Council ROI
    This document was created by Council CIOs as a means to illustrate ROI for membership. It outlines the services available to member CIOs and their deputies.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments