Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.
Identity and Authentication Services

Google Hacked or Why the Cyber World Could Get M.A.D**

Created: 16 Feb 2010 • Updated: 08 Aug 2012 • 3 comments
nicolas_popp's picture
0 0 Votes
Login to vote

As the world already knows, Google and a few other prominent US companies got severely hacked around Christmas time last year. Sophos has an interesting analysis of the exploit. Web malware and a zero day vulnerability in IE6 were essential to the exploit.

For security folks, this was a meaningful event. The level of sophistication of the attacker was unprecedented. The attack was carefully crafted. The breach was severe. For tomorrow's cyber historians, however, the breach may prove to be a tipping point. In fact, it may even change the way the world approaches cyber security and cyber warfare. So, what makes the Google hack such a game-changer? Could it be the magnitude of the attack, the significance of the targets or even the rumored origins of the perpetrators?. No, we must look somewhere else.

Start with Google. I have personally met members of the Google security team. There is no doubt that Google has a world class security team. So, if it happened to Google, it could have happened to any organization, be it private, governmental or foreign. This exposes a fundamental truth of cyber security: attackers always have the advantage. Indeed, there will always be next zero day vulnerability, the weak social engineering link or the unsuspected insider loop-hole. The Google hack simply makes the reality of cyber security more blatantly obvious and more public than any other attacks before. In cyber world, the old adage still prevails: "si vis pacem, para bellum".

This may leave governments and intelligence agencies worldwide with a difficult consideration. If the advantage lies on the attacker side, the only pragmatic cyber defense may well be cyber offense. Under this scenario, the most solid hope for protection becomes fear of retaliation. This is the old Mutually Assured Destruction (M.A.D) principle of the cold war. In tomorrow's world, the nuclear truth of yesterday takes a new meaning: do not take my smart power grid down as I will shut down yours within seconds. Do not collapse the transactional backbone of my financial institution or yours will instantly follow the same fate. Yes, if the Google teaches us something is that cyber security agencies around the globe may soon have to consider M.A.D strategies.

Disturbing thought, flawed interpretation, or irrational conclusion? I certainly hope so since the comparison with nuclear warfare does not bode well for the good cyber security guys. With nuclear threats, at least, the public opinion could find some illusion of comfort. The complexity of assembling nuclear weapons of mass destruction meant that only a handful of belligerent nations would be regarded as real threats. But here lies the second inconvenient truth of cyber warfare. When it comes to cyber terrorism, the barrier to entry is extremely low. In fact, it does not take much to build an effective cyber swat team. Training is cheap, fast and effective. Some say that it is already being done on the Internet. For sure, training material is available for free on the Web. The ultimate irony is that you can probably Google it.

**M.A.D: Mutually Assured Destruction

Comments 3 CommentsJump to latest comment

maxime32's picture

The analogy is striking, and it would just take a few politically-oriented cyber attack to unleash a giant cataclysm. The reason it didn't happen is perhaps for the same reasons that it didn't during the Cold War, although it got close. This scenario is completely believable however. Google being targetting just shows that no site is safe.


Login to vote
NinjaLinker's picture

The complexity of assembling nuclear weapons of mass destruction meant that only a handful of belligerent nations would be regarded as real threats.

Augmentation de trafic organique google

Login to vote