The same Chinese hackers who attacked Google appear to have also gone after Morgan Stanley around the same time, according to leaked e-mails from security firm HBGary Federal.
Morgan Stanley had a “sensitive breach” in which hackers attacked its network for six months, beginning in June 2009, according to e-mails from Phil Wallisch, a senior security engineer at HBGary Federal. Wallisch said Morgan Stanley had identified the attackers as the same hackers who had hit Google and several other major American companies as part of Operation Aurora.
“They were hit hard by the real Aurora attacks,” he wrote.
Operation Aurora was a series of high-profile online attacks from China targeting top United States companies that began in June 2009 and lasted for several months. George Kurtz, chief technology officer for McAfee, had called Operation Aurora the “largest and most sophisticated cyber-attack we have seen in years.”
Morgan Stanley had given Wallisch access to an internal report investigating the “sensitive breach,” according to an e-mail he wrote to HBGary President Penny Leavy-Hoglund in May. The e-mails indicate that Morgan Stanley considered details of the intrusion a closely guarded secret, according to a Bloomberg article.
Wallisch never mentioned in any of his e-mails what, if anything, had been stolen during the data breach, according to Bloomberg. There’s also no mention of which databases or systems had been targeted.
Morgan Stanley declined to comment on the e-mails or to confirm that it had been hit by the Aurora hackers. “Morgan Stanley invests significantly in IT security and manages a robust program to deal with malware and attempted computer compromises,” said a spokesperson.
Initially, the number of companies that had been attacked were estimated at 20 or 30, but now the estimates run as high as 200 companies, Christopher Day, senior vice president for Terremark Worldwide, told Bloomberg. Very few companies have publicly acknowledged being compromised during the attack. Google, Adobe Systems, Juniper Networks and Yahoo are some of the publicly known victims.
Google announced Jan. 12, 2010, the “highly sophisticated and targeted attack” by hackers using China-based servers. The company made the announcement as hackers were winding down their operation.
The intruders had exploited various security vulnerabilities in Internet Explorer that had previously been known only to Microsoft, according to security experts who had analyzed the Aurora attacks.
The attack was partly aimed at the Gmail accounts of Chinese human rights activists, the company had said at the time. A senior member of China’s government at the “Politburo Standing Committee level” organized the Google attack, according to leaked diplomatic cables that had been revealed by WikiLeaks earlier this year.
Morgan Stanley was the first financial institution targeted in Operation Aurora, according to the leaked e-mails.
The e-mails were part of the more than 70,000 messages hacktivist group Anonymous had stolen and posted in a searchable format on anonleaks.ch as a result of its attack on HBGary and its HBGary Federal subsidiary in early February. Anonymous had organized the attack in retaliation to comments made by Aaron Barr, the former CEO of HBGary Federal, in which he bragged to the Financial Times about having uncovered the identities of several Anonymous leaders who had coordinated the distributed denial of service attacks on PayPal, Visa and MasterCard for severing ties with WikiLeaks.