Operation Aurora

Last updated
Operation Aurora
DateJune–December 2009
Location
Not specified – occurred on a worldwide scale.
Result Diplomatic incident between the United States and China
Belligerents
Flag of the United States.svg  United States Flag of the People's Republic of China.svg  China
Casualties and losses
Google intellectual property stolen [1]

Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army. [2] First disclosed publicly by Google (one of the victims) on January 12, 2010, by a weblog post, [1] the attacks began in mid-2009 and continued through December 2009. [3]

Contents

The attack was directed at dozens of other organizations, of which Adobe Systems, [4] Akamai Technologies, [5] Juniper Networks, [6] and Rackspace [7] have confirmed publicly that they were targeted. According to media reports, Yahoo, Symantec, Northrop Grumman, Morgan Stanley, [8] and Dow Chemical [9] were also among the targets.

As a result of the attack, Google stated in its weblog that it plans to operate a completely uncensored version of its search engine in China "within the law, if at all," and acknowledged that if this is not possible, it may quit China and close its Chinese offices. [1] Official Chinese sources claimed this was part of a strategy developed by the U.S. government. [10]

The attack was named "Operation Aurora" by Dmitri Alperovitch, Vice President of Threat Research at cybersecurity company McAfee. Research by McAfee Labs discovered that "Aurora" was part of the file path on the attacker's machine that was included in two of the malware binaries McAfee said were associated with the attack. "We believe the name was the internal name the attacker(s) gave to this operation", McAfee Chief Technology Officer George Kurtz said in a weblog post. [11]

According to McAfee, the primary goal of the attack was to gain access to and potentially modify source code repositories at these high-technology, security, and defense contractor companies. "[The source code repositories ] were wide open," says Alperovitch. "No one ever thought about securing them, yet these were the crown jewels of most of these companies in many ways—much more valuable than any financial or personally identifiable data that they may have and spend so much time and effort protecting." [12]

History

Flowers left outside Google China's headquarters after its announcement it might leave the country. IllegalFlowerTribute1.jpg
Flowers left outside Google China's headquarters after its announcement it might leave the country.

On January 12, 2010, Google revealed on its weblog that it had been the victim of a cyber attack. The company said the attack occurred in mid-December and originated from China. Google stated that more than 20 other companies had been attacked; other sources have since cited that more than 34 organizations were targeted. [9] As a result of the attack, Google said it was reviewing its business in China. [1] On the same day, United States Secretary of State Hillary Clinton issued a brief statement condemning the attacks and requesting a response from China. [13]

On January 13, 2010, the news agency All Headline News reported that the United States Congress plans to investigate Google's allegations that the Chinese government used the company's service to spy on human rights activists. [14]

In Beijing, visitors left flowers outside of Google's office. However, these were later removed, with a Chinese security guard stating that this was an "illegal flower tribute". [15] The Chinese government has yet to issue a formal response, although an anonymous official stated that China was seeking more information on Google's intentions. [16]

Attackers involved

Technical evidence including IP addresses, domain names, malware signatures, and other factors, show Elderwood was behind the Operation Aurora attack. The "Elderwood" group was named by Symantec (after a source-code variable used by the attackers), and is referred to as the "Beijing Group" by Dell Secureworks. The group obtained some of Google's source code, as well as access to information about Chinese activists. [17] Elderwood also targeted numerous other companies in the shipping, aeronautics, arms, energy, manufacturing, engineering, electronics, financial, and software sectors. [2] [18]

The "APT" designation for the Chinese threat actors responsible for attacking Google is APT17. [19]

Elderwood specializes in attacking and infiltrating second-tier defense industry suppliers that make electronic or mechanical components for major defense companies. Those companies then become a cyber "stepping stone" to gain access to the major defense contractors. One attack procedure used by Elderwood is to infect legitimate websites frequented by employees of the target company – a so-called "water hole" attack, just as lions stake out a watering hole for their prey. Elderwood infects these less-secure sites with malware that downloads to a computer that accesses the site. After that, the group searches inside the network to which the infected computer is connected, finding and then downloading executives' e-mails and critical documents on company plans, decisions, acquisitions, and product designs. [2]

Attack analysis

In its weblog posting, Google stated that some of its intellectual property had been stolen. It suggested that the attackers were interested in accessing Gmail accounts of Chinese dissidents. According to the Financial Times , two accounts used by Ai Weiwei had been attacked, their contents read and copied; his bank accounts were investigated by state security agents who claimed he was being investigated for "unspecified suspected crimes". [20] However, the attackers were only able to view details of two accounts and those details were limited to information such as the subject line and the accounts' creation date. [1]

Security experts immediately noted the sophistication of the attack. [11] Two days after the attack became public, McAfee reported that the attackers had exploited purported zero-day vulnerabilities (unfixed and previously unknown to the target system developers) in Internet Explorer and dubbed the attack "Operation Aurora". A week after the report by McAfee, Microsoft issued a fix for the problem, [21] and admitted that they had known about the security flaw used since September. [22] Additional vulnerabilities were found in Perforce, the source code revision software used by Google to manage their source code. [23] [24]

VeriSign's iDefense Labs claimed that the attacks were perpetrated by "agents of the Chinese state or proxies thereof". [25]

According to a diplomatic cable from the U.S. Embassy in Beijing, a Chinese source reported that the Chinese Politburo directed the intrusion into Google's computer systems. The cable suggested that the attack was part of a coordinated campaign executed by "government operatives, public security experts and Internet outlaws recruited by the Chinese government". [26] The report suggested that it was part of an ongoing campaign in which attackers have "broken into American government computers and those of Western allies, the Dalai Lama and American businesses since 2002". [27] According to The Guardian's reporting on the leak, the attacks were "orchestrated by a senior member of the Politburo who typed his own name into the global version of the search engine and found articles criticising him personally". [28]

Once a victim's system was compromised, a backdoor connection that masqueraded as an SSL connection made connections to command and control servers operating in Illinois, Texas, and Taiwan, including machines that were using stolen Rackspace customer accounts. The victim's machine then began exploring the protected corporate intranet that it was a part of, searching for other vulnerable systems as well as sources of intellectual property, specifically the contents of source code repositories.

The attacks were thought to have definitively ended on Jan 4 when the command and control servers were deactivated, although it is not known at this time whether or not the attackers deactivated them intentionally. [29] However, the attacks were still occurring as of February 2010. [3]

Response and aftermath

The German, Australian, and French governments publicly issued warnings to users of Internet Explorer after the attack, advising them to use alternative browsers at least until a fix for the security breach was made. [30] [31] [32] The German, Australian, and French governments considered all versions of Internet Explorer vulnerable or potentially vulnerable. [33] [34]

In an advisory on January 14, 2010, Microsoft said that attackers targeting Google and other U.S. companies used software that exploits a flaw in Internet Explorer. The vulnerability affects Internet Explorer versions 6, 7, and 8 on Windows 7, Vista, Windows XP, Server 2003, Server 2008 R2, as well as IE 6 Service Pack 1 on Windows 2000 Service Pack 4. [35]

The Internet Explorer exploit code used in the attack has been released into the public domain, and has been incorporated into the Metasploit Framework penetration testing program. A copy of the exploit was uploaded to Wepawet, a service for detecting and analyzing web-based malware operated by the computer security group at the University of California, Santa Barbara. "The public release of the exploit code increases the possibility of widespread attacks using the Internet Explorer vulnerability", said George Kurtz, CTO of McAfee, of the attack. "The now public computer code may help cybercriminals craft attacks that use the vulnerability to compromise Windows systems". [36]

Security company Websense said it identified "limited public use" of the unpatched IE vulnerability in attacks against users who strayed onto malicious Web sites. [37] According to Websense, the attack code it spotted is the same as the exploit that went public last week.[ clarification needed ] "Internet Explorer users currently face a real and present danger due to the public disclosure of the vulnerability and release of attack code, increasing the possibility of widespread attacks," said George Kurtz, chief technology officer of McAfee, in a blog update. [38] Confirming this speculation, Websense Security Labs identified additional sites using the exploit on January 19. [39] According to reports from Ahnlab, the second URL was spread through the Instant Messenger network Misslee Messenger, a popular IM client in South Korea. [39]

Researchers have created attack code that exploits the vulnerability in Internet Explorer 7 (IE7) and IE8—even when Microsoft's recommended defensive measure (Data Execution Prevention (DEP)) is activated.[ dubious discuss ] According to Dino Dai Zovi, a security vulnerability researcher, "even the newest IE8 isn't safe from attack if it's running on Windows XP Service Pack 2 (SP2) or earlier, or on Windows Vista RTM (release to manufacturing), the version Microsoft shipped in January 2007." [40]

Microsoft admitted that the security flaw used had been known to them since September. [22] Work on an update was prioritized [41] and on Thursday, January 21, 2010, Microsoft released a security patch intended to counter this weakness, the published exploits based on it and a number of other privately reported vulnerabilities. [42] They did not state if any of the latter had been used or published by exploiters or whether these had any particular relation to the Aurora operation, but the entire cumulative update was termed critical for most versions of Windows, including Windows 7.

Security researchers continued to investigate the attacks. HBGary, a security company, released a report in which they claimed to have found some significant markers that might help identify the code developer. The company also said that the code was Chinese language based but could not be associated specifically with any government entity. [43]

On February 19, 2010, a security expert investigating the cyber-attack on Google, has claimed that the people who performed the attack were also responsible for the cyber-attacks made on several Fortune 100 companies in the past one and a half years. They have also tracked the attack back to its origin, which seems to be two Chinese schools, Shanghai Jiao Tong University and Lanxiang Vocational School. [44] As highlighted by The New York Times, both of these schools have associations with the Chinese search engine Baidu, a rival of Google China. [45] Both Lanxiang Vocational and Jiaotong University have denied the allegation. [46] [47]

In March 2010, Symantec, which was helping investigate the attack for Google, identified Shaoxing as the source of 21.3% of all (12 billion) malicious emails sent throughout the world. [48]

Google retrospective

On October 3, 2022, Google on YouTube released a six-episode series [49] concerning the events that occurred during Operation Aurora, with commentary from insiders who dealt with the attack, though the series' primary emphasis was to reassure the Google-using public that measures are in place to counter hacking attempts.

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Linux malware includes viruses, Trojans, worms and other types of malware that affect the Linux family of operating systems. Linux, Unix and other Unix-like computer operating systems are generally regarded as very well-protected against, but not immune to, computer viruses.

The Windows Metafile vulnerability—also called the Metafile Image Code Execution and abbreviated MICE—is a security vulnerability in the way some versions of the Microsoft Windows operating system handled images in the Windows Metafile format. It permits arbitrary code to be executed on affected computers without the permission of their users. It was discovered on December 27, 2005, and the first reports of affected computers were announced within 24 hours. Microsoft released a high-priority update to eliminate this vulnerability via Windows Update on January 5, 2006. Attacks using this vulnerability are known as WMF exploits.

Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Trellix is a privately held cybersecurity company that was founded in 2022. It has been involved in the detection and prevention of major cybersecurity attacks. It provides hardware, software, and services to investigate cybersecurity attacks, protect against malicious software, and analyze IT security risks.

<span class="mw-page-title-main">Kaspersky Lab</span> Russian multinational cybersecurity and anti-virus provider

Kaspersky Lab is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in the United Kingdom. It was founded in 1997 by Eugene Kaspersky, Natalya Kaspersky and Alexey De-Monderik. Kaspersky Lab develops and sells antivirus, internet security, password management, endpoint security, and other cybersecurity products and services.

Cyber spying, cyber espionage, or cyber-collection is the act or practice of obtaining secrets and information without the permission and knowledge of the holder of the information using methods on the Internet, networks or individual computers through the use of proxy servers, cracking techniques and malicious software including Trojan horses and spyware. Cyber espionage can be used to target various actors- individuals, competitors, rivals, groups, governments, and others- in order to obtain personal, economic, political or military advantages. It may wholly be perpetrated online from computer desks of professionals on bases in far away countries or may involve infiltration at home by computer trained conventional spies and moles or in other cases may be the criminal handiwork of amateur malicious hackers and software programmers.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

Stuxnet is a malicious computer worm first uncovered in 2010 and thought to have been in development since at least 2005. Stuxnet targets supervisory control and data acquisition (SCADA) systems and is believed to be responsible for causing substantial damage to the nuclear program of Iran. Although neither country has openly admitted responsibility, multiple independent news organizations recognize Stuxnet to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as Operation Olympic Games. The program, started during the Bush administration, was rapidly expanded within the first months of Barack Obama's presidency.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat (APT) groups, against other countries.

Duqu is a collection of computer malware discovered on 1 September 2011, thought by Kaspersky Labs to be related to the Stuxnet worm and to have been created by Unit 8200. Duqu has exploited Microsoft Windows's zero-day vulnerability. The Laboratory of Cryptography and System Security of the Budapest University of Technology and Economics in Hungary discovered the threat, analysed the malware, and wrote a 60-page report naming the threat Duqu. Duqu got its name from the prefix "~DQ" it gives to the names of files it creates.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.

Cyberweapons are commonly defined as malware agents employed for military, paramilitary, or intelligence objectives as part of a cyberattack. This includes computer viruses, trojans, spyware, and worms that can introduce malicious code into existing software, causing a computer to perform actions or processes unintended by its operator.

The following outline is provided as an overview of and topical guide to computer security:

Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them between 2010 and 2021. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

<span class="mw-page-title-main">Vault 7</span> CIA files on cyber war and surveillance

Vault 7 is a series of documents that WikiLeaks began to publish on 7 March 2017, detailing the activities and capabilities of the United States Central Intelligence Agency (CIA) to perform electronic surveillance and cyber warfare. The files, dating from 2013 to 2016, include details on the agency's software capabilities, such as the ability to compromise cars, smart TVs, web browsers including Google Chrome, Microsoft Edge, Mozilla Firefox, and Opera, the operating systems of most smartphones including Apple's iOS and Google's Android, and computer operating systems including Microsoft Windows, macOS, and Linux. A CIA internal audit identified 91 malware tools out of more than 500 tools in use in 2016 being compromised by the release. The tools were developed by the Operations Support Branch of the CIA.

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

<span class="mw-page-title-main">Sandworm (hacker group)</span> Russian hacker group

Sandworm is an advanced persistent threat operated by Military Unit 74455, a cyberwarfare unit of the GRU, Russia's military intelligence service. Other names for the group, given by cybersecurity researchers, include Telebots, Voodoo Bear, IRIDIUM, Seashell Blizzard, and Iron Viking.

References

  1. 1 2 3 4 5 "A new approach to China". Google Inc. 2010-01-12. Retrieved 17 January 2010.
  2. 1 2 3 Clayton, Mark (14 September 2012). "Stealing US business secrets: Experts ID two huge cyber 'gangs' in China". Christian Science Monitor . Retrieved 24 February 2013.
  3. 1 2 "'Aurora' Attacks Still Under Way, Investigators Closing In On Malware Creators". Dark Reading . DarkReading.com. 2010-02-10. Archived from the original on 2010-08-11. Retrieved 2010-02-13.
  4. "Adobe Investigates Corporate Network Security Issue". 2010-01-12. Archived from the original on 2010-01-14.
  5. "9 Years After: From Operation Aurora to Zero Trust". Dark Reading . DarkReading.com. 2019-02-20. Retrieved 2020-05-09.
  6. "Juniper Networks investigating cyber-attacks". MarketWatch. 2010-01-15. Retrieved 17 January 2010.
  7. "Rackspace Response to Cyber Attacks". Archived from the original on 18 January 2010. Retrieved 17 January 2010.
  8. "HBGary email leak claims Morgan Stanley was hacked". Archived from the original on March 3, 2011. Retrieved 2 Mar 2010.{{cite web}}: CS1 maint: unfit URL (link)
  9. 1 2 Cha, Ariana Eunjung; Ellen Nakashima (2010-01-14). "Google China cyberattack part of vast espionage campaign, experts say". The Washington Post. Retrieved 17 January 2010.
  10. Hille, Kathrine (2010-01-20). "Chinese media hit at 'White House's Google'". Financial Times. Retrieved 20 January 2010.
  11. 1 2 Kurtz, George (2010-01-14). "Operation "Aurora" Hit Google, Others". McAfee, Inc. Archived from the original on 11 September 2012. Retrieved 17 January 2010.
  12. Zetter, Kim (2010-03-03). "'Google' Hackers Had Ability to Alter Source Code". Wired. Retrieved 4 March 2010.
  13. Clinton, Hillary (2010-01-12). "Statement on Google Operations in China". US Department of State. Archived from the original on 2010-01-16. Retrieved 17 January 2010.
  14. "Congress to Investigate Google Charges Of Chinese Internet Spying". All Headline News. 13 January 2010. Archived from the original on 28 March 2010. Retrieved 13 January 2010.
  15. Osnos, Evan (14 January 2010). "China and Google: "Illegal Flower Tribute"". The New Yorker. Retrieved 10 November 2020.
  16. "Chinese govt seeks information on Google intentions". China Daily. Xinhua. 2010-01-13. Retrieved 18 January 2010.
  17. Nakashima, Ellen. "Chinese hackers who breached Google gained access to sensitive data, U.S. officials say". WashingtonPost. Retrieved 5 December 2015.
  18. Riley, Michael; Dune Lawrence (26 July 2012). "Hackers Linked to China's Army Seen From EU to D.C." Bloomberg . Retrieved 24 February 2013.
  19. "APT-doxing group exposes APT17 as Jinan bureau of China's Security Ministry". ZDNet .
  20. Anderlini, Jamil (January 15, 2010). "The Chinese dissident's 'unknown visitors'". Financial Times.
  21. "Microsoft Security Advisory (979352)". Microsoft. 2010-01-21. Retrieved 26 January 2010.
  22. 1 2 Naraine, Ryan. Microsoft knew of IE zero-day flaw since last September, ZDNet, January 21, 2010. Retrieved 28 January 2010.
  23. "Protecting Your Critical Assets, Lessons Learned from "Operation Aurora", By McAfee Labs and McAfee Foundstone Professional Services" (PDF). wired.com.
  24. Zetter, Kim. "'Google' Hackers Had Ability to Alter Source Code". Wired. Retrieved 27 July 2016.
  25. Paul, Ryan (2010-01-14). "Researchers identify command servers behind Google attack". Ars Technica. Retrieved 17 January 2010.
  26. Shane, Scott; Lehren, Andrew W. (28 November 2010). "Cables Obtained by WikiLeaks Shine Light Into Secret Diplomatic Channels". The New York Times . Retrieved 28 November 2010.
  27. Scott Shane and Andrew W. Lehren (November 28, 2010). "Leaked Cables Offer Raw Look at U.S. Diplomacy". The New York Times. Retrieved 2010-12-26. The Google hacking was part of a coordinated campaign of computer sabotage carried out by government operatives, private security experts and Internet outlaws recruited by the Chinese government. They have broken into American government computers and those of Western allies, the Dalai Lama and American businesses since 2002, ...
  28. US embassy cables leak sparks global diplomatic crisis The Guardian 28 November 2010
  29. Zetter, Kim (2010-01-14). "Google Hack Attack Was Ultra Sophisticated, New Details Show". Wired. Retrieved 23 January 2010.
  30. One News (19 January 2010). "France, Germany warn Internet Explorer users". TVNZ . Retrieved 22 January 2010.
  31. Relax News (18 January 2010). "Why you should change your internet browser and how to choose the best one for you". The Independent . London. Archived from the original on January 21, 2010. Retrieved 22 January 2010.
  32. "Govt issues IE security warning". ABC (Australia). 19 January 2010. Retrieved 27 July 2016.
  33. NZ Herald Staff (19 January 2010). "France, Germany warn against Internet Explorer". The New Zealand Herald . Retrieved 22 January 2010.
  34. Govan, Fiona (18 January 2010). "Germany warns against using Microsoft Internet Explorer". The Daily Telegraph . London. Retrieved 22 January 2010.
  35. Mills, Elinor (14 January 2010). "New IE hole exploited in attacks on U.S. firms". CNET. Archived from the original on 24 December 2013. Retrieved 22 January 2010.
  36. "Internet Explorer zero-day code goes public". Infosecurity. 18 January 2010. Retrieved 22 January 2010.
  37. "Security Labs – Security News and Views – Raytheon – Forcepoint" . Retrieved 27 July 2016.
  38. Keizer, Gregg (19 January 2010). "Hackers wield newest IE exploit in drive-by attacks" . Retrieved 27 July 2016.
  39. 1 2 "Security Labs – Security News and Views – Raytheon – Forcepoint" . Retrieved 27 July 2016.
  40. Keizer, Gregg (19 January 2010). "Researchers up ante, create exploits for IE7, IE8". Computerworld. Retrieved 22 January 2010.
  41. "Security – ZDNet" . Retrieved 27 July 2016.
  42. "Microsoft Security Bulletin MS10-002 – Critical". Microsoft . Retrieved 27 July 2016.
  43. "Hunting Down the Aurora Creator". TheNewNewInternet. 13 February 2010. Retrieved 13 February 2010.(Dead link)
  44. Markoff, John; Barboza, David (18 February 2010). "2 China Schools Said to Be Tied to Online Attacks". New York Times. Retrieved 26 March 2010.
  45. "Google Aurora Attack Originated From Chinese Schools". itproportal. 19 February 2010. Retrieved 19 February 2010.
  46. Areddy, James T. (4 June 2011). "Chefs Who Spy? Tracking Google's Hackers in China". Wall Street Journal via www.wsj.com.
  47. University, Jiao Tong. "Jiao Tong University - 【Shanghai Daily】Cyber expert slams "spy" report". en.sjtu.edu.cn. Archived from the original on 2019-11-29. Retrieved 2013-06-26.
  48. Sheridan, Michael, "Chinese City Is World's Hacker Hub", London Sunday Times , March 28, 2010.
  49. "HACKING GOOGLE - YouTube". www.youtube.com. Retrieved 2022-10-03.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.