Internet Explorer not responsible for Google China hack, CTO says

19 Jan 2010

A leading chief technology officer of security player Imperva has rubbished claims by McAfee that a vulnerability in Microsoft’s Internet Explorer played an important role in the recent cyber attacks against China.

Last week, Google revealed that it and more than 20 other organisations were hacked by sources originating inside China.

Speculation has been rife and last week security giant McAfee said it believes a vulnerability in Microsoft’s Internet Explorer browser was an important pathway for the attacks, which were directed at Google.

In response to McAfee’s claim that vulnerability in Internet Explorer played an important role in the recent attack against Google China, Imperva CTO Amichai Shulman cast doubt over the assertion.

“First, why are Google employees using IE and not Google’s own browser, Chrome?  This doesn’t make sense,” explained Shulman.

“Second, to execute an attack this sophisticated, it likely occurred as a result of spear phishing Google employees to gain access to Google users’ credentials.

“A hacker would have to jump through many hoops inside an internal network. This requires network — not browser — vulnerabilities so that the attacker can communicate with malware inside Google’s internal network,” explained Shulman.

“Unfortunately, blaming Microsoft is all too easy and it’s leading to a panic.

“France and Germany are now recommending that its citizens not use Internet Explorer given its role in the recent Google hacking incident,” he said, citing today’s decision by the leading European governments.

“Could this be a clever way to boost Google Chrome downloads?” Shulman asked.

By John Kennedy

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years