• TechnologyInnovator
• EnterpriseInnovator
• SecurityInnovator
• WirelessInnovator 

• NextInnovator(at)Live.com
• No spam, subscription newsletters, solicitations, or attachments please!
• Attn: Harold Abraham, Chief Innovator

• Cyberwarfare Headline News
• Biometrics & Surveillance Headline News
• Terrorism Headline News
• Guerrilla Warfare Headline News
• Nuclear Strategy Headline News
• WMD Headline News

• Stratfor Geopolitical Report
• Stratfor Daily Podcast
• Computerworld Security Blog
• eWeek Security Blog
• Information Security
• Infoworld Zero Day Security
• Cheap Hack: Larry Seltzer's New Blog
• McAfee Avert Labs Blog
• Mike Rothman's Blog
• Network Computing Daily Blog
• NetworkWorld, Buzzblog
• Security Fix, Brian Krebs
• ZeroDay, Ryan Naraine

• Over the River
• eMarketer 
• TechnologyPundits
• Security Insights Blog 
• McAfee AudioParasitics
• Strand Consult
• Ovum
• The Eye For Innovation
• Rethink Research
• Innovation Insights
• Innoblog
• Strategy and Innovation
• The Gadgeteer
• Handheld Speech
• Ghost City

 

Operation Aurora continues to be a hot topic inside and outside of security circles. At this week’s RSA Conference in San Francisco many conversations are on the topic of the attacks that hit Google and dozens of other companies in January.

During a talk this afternoon Stuart McClure and I discussed how the attackers in Operation Aurora went after the crown jewels of the targeted companies, their intellectual property. Also, we disclosed some additional findings from the McAfee investigation into the attacks.

Specifically, we have concluded that, in several cases, the attackers executed precision strikes to gain access to source code configuration management systems (SCMs) at targeted companies. SCMs are used by software engineers to manage their projects and are used to store source code, the crown jewels of any tech company.

In our analysis of the attacks we found that the perpetrators went through several hoops to ultimately compromise the systems of the SCM users at the targeted organizations. This means that the attackers now had access to the SCM system and could siphon out source code or, worse, modify and add code.

As we continued our investigation, we realized that the SCM installations often aren’t properly secured. Many organizations have tight security around financial systems and other mission critical systems, but leave their intellectual property repositories broadly accessible. The company might have strong perimeter security, but once you’re in the SCM is readily available.

The SCM implementations were inherently insecure. A common SCM system we found in many of the Operation Aurora attacks, called Perforce, was researched by McAfee as to exactly how these attacks were targeting people with privileged access to intellectual property, including source code.

In the wake of Operation Aurora we published a white paper today that explores how SCM should be secured. We took a hard look at Perforce first and will look at other applications in the near future.

The main point: intellectual property is valuable, perhaps even more valuable than money, so it should be properly secured. If organizations today secured their financial assets as they secure their source code, they’d be broke.

You can follow George Kurtz on Twitter. Courtesy McAfee.