Internet Explorer not responsible for Google China hack, CTO says

19 Jan 2010

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

A leading chief technology officer of security player Imperva has rubbished claims by McAfee that a vulnerability in Microsoft’s Internet Explorer played an important role in the recent cyber attacks against China.

Last week, Google revealed that it and more than 20 other organisations were hacked by sources originating inside China.

Speculation has been rife and last week security giant McAfee said it believes a vulnerability in Microsoft’s Internet Explorer browser was an important pathway for the attacks, which were directed at Google.

In response to McAfee’s claim that vulnerability in Internet Explorer played an important role in the recent attack against Google China, Imperva CTO Amichai Shulman cast doubt over the assertion.

“First, why are Google employees using IE and not Google’s own browser, Chrome?  This doesn’t make sense,” explained Shulman.

“Second, to execute an attack this sophisticated, it likely occurred as a result of spear phishing Google employees to gain access to Google users’ credentials.

“A hacker would have to jump through many hoops inside an internal network. This requires network — not browser — vulnerabilities so that the attacker can communicate with malware inside Google’s internal network,” explained Shulman.

“Unfortunately, blaming Microsoft is all too easy and it’s leading to a panic.

“France and Germany are now recommending that its citizens not use Internet Explorer given its role in the recent Google hacking incident,” he said, citing today’s decision by the leading European governments.

“Could this be a clever way to boost Google Chrome downloads?” Shulman asked.

By John Kennedy

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com