Tibet among top targets of notorious Google hackers, says Symantec

Groups involved with the issue of Tibet are amongst the top targets of a hacker group that attacked Google in 2009 and has launched hundreds of other cyber assaults since then, according to a new research by security software maker Symantec.

Google had confirmed in January 2010 that the sophisticated cyber attack - later dubbed Operation Aurora – came from China-based hackers and resulted in the theft of intellectual property from more than 20 other companies.

Eric Chien, a manager in Symantec's research group last week said the same group of hackers, over the past year, have focussed “almost exclusively on stealing data from companies that supply parts to big defense contractors, rather than targeting the firms themselves.”

“The second most common group of targets was non-government organisations involved in Tibetan human rights issues,” the security firm, which sells anti-virus software under the Symantec and Norton brands said.

Hinting at the involvement of a nation-state in the large network of hackers, Symantec said it believed the hackers alone have used eight zero-day vulnerabilities from 2010 to 2012. According to experts, a zero-day vulnerability that enables attackers to hack into highly secured systems can cost hundreds of thousands of dollars, even more than $1 million.

The fact that the hackers used as many as zero-day vulnerabilities, which requires the money to hire large teams of skilled software engineers, suggests it is either a very large criminal group, or backed by
a nation-state, or a nation-state itself, Chien said.

Earlier in March this year, researchers at AlienVault, a security software company, uncovered several targeted attacks against Tibetan organisations, including the Dharamshala based Central Tibet Administration and the International Campaign for Tibet.

Researchers said the attacks “appear to have been launched by Chinese hackers.”

"Our research suggests that the attacks we have been tracking over the last few months are linked to the Kalachakra Initiation, a Tibetan religious festival that took place in early January,” Jaime Blasco, head of labs with AlienVault told reporters.