Source Code Repositories Targeted In Operation Aurora

Operation Aurora continues to be a hot topic inside and outside of security circles. At this week’s RSA Conference in San Francisco many conversations are on the topic of the attacks that hit Google and dozens of other companies in January.
During a talk this afternoon Stuart McClure and I discussed how the attackers in Operation Aurora went after the crown jewels of the targeted companies, their intellectual property. Also, we disclosed some additional findings from the McAfee investigation into the attacks.
Specifically, we have concluded that, in several cases, the attackers executed precision strikes to gain access to source code configuration management systems (SCMs) at targeted companies. SCMs are used by software engineers to manage their projects and are used to store source code, the crown jewels of any tech company.
In our analysis of the attacks we found that the perpetrators went through several hoops to ultimately compromise the systems of the SCM users at the targeted organizations. This means that the attackers now had access to the SCM system and could siphon out source code or, worse, modify and add code.
As we continued our investigation, we realized that the SCM installations often aren’t properly secured. Many organizations have tight security around financial systems and other mission critical systems, but leave their intellectual property repositories broadly accessible. The company might (continue reading...)