Aucsmith, speaking last week at a government IT conference Microsoft hosted here at this Washington suburb, outlined a starkly different version of the attacks than the assessment that Google offered in the bombshell revelation it made in January 2010.
Google had said that the attackers were trying to infiltrate the Gmail accounts of Chinese human rights advocates, describing "a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google."
The view from Redmond was different.
Aucsmith does not challenge Google's description of the attacks, but says that Microsoft's analysis concluded that the hackers seeking to infiltrate its systems were apparently working under a motivation that had little if anything to do with the issues of human rights and repression widely associated with the Aurora operation.
"I believe it is fundamentally impossible to stop an attack for which you have never, ever conceived of. But I believe it may be in my power to find that first attack very quickly and then make everything else immune" Dave AucsmithMicrosoft's Institute for Advanced Technology in Governments
Instead, the attack on Microsoft looked to be a reconnaissance mission hackers were conducting to determine what type of surveillance U.S. authorities were conducting on undercover operatives through records obtained from the software giant via court orders.
"What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on," Aucsmith says. "So if you think about this, this is brilliant counter-intelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That's essentially what we think they were trolling for, at least in our case."
An A-team of Cyber Criminals
Aucsmith describes that attack as coming from an elite, "A-team" of hackers, highlighting the nexus between business and government in the cyber realm and the reality that highly motivated (and potentially state-sponsored) hackers potentially will direct their most sophisticated attacks at private-sector operators when they are searching for national-security information.
"We don't get a free pass just because we're not a government," he says.
One lesson to draw is that while there may be no such thing as perfect security in the Internet age, government agencies and enterprises can help their cause by making their IT operations moving targets. Aucsmith outlines a vision for adaptive cybersecurity through which the insights gleaned from vigilant intelligence gathering would be used to continually update systems and rapidly shut down new threat vectors upon discovery.
Sign up for Computerworld eNewsletters.