Hackers used rigged PDFs to hit Google -- and Adobe, says researcher

Adobe confirms attack against its network linked to Google's

Adobe today confirmed that the cyberattack that hit its corporate network earlier this month was connected to the large-scale attacks Google cited yesterday as one reason it might abandon China.

Meanwhile, some researchers have hinted, and others have claimed, that the attacks against both Google and Adobe were based on malicious PDFs that exploited a just-patched vulnerability in Adobe's popular Reader software.

Adobe is the first company to step forward after Google announced yesterday that the attacks were aimed at accessing Gmail accounts of human rights activists .

"We are still in the process of conducting our investigation into the incident," said Wiebke Lips, Adobe's senior manager of corporate communications, in an e-mail reply to questions today. "[But] It appears that this incident and the one Google announced earlier are related."

Yesterday, Google and Adobe acknowledged that their company systems had been struck by what both firms characterized as "sophisticated" attacks. Google added that it believed the attacks against its network, which took place last month, originated in China.

Google claimed that some of its intellectual property was stolen in the attack, and added that another aim of the assault was to access the Gmail accounts of Chinese human-rights activists. The California-based search firm cited the latter, as well as ever-more-restrictive rules ordered by the Chinese government, in its decision to review its business in the country.

If the Chinese do not allow Google to run its Chinese search engine unfiltered, the company may pull out of the lucrative market.

Adobe also admitted yesterday that it had been targeted by attackers. "Adobe became aware on January 2, 2010 of a computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies," the company said in a Tuesday statement posted on its company blog . "At this time, we have no evidence to indicate that any sensitive information -- including customer, financial, employee or any other sensitive data -- has been compromised."

Security researchers hinted earlier today that the attacks against Google, Adobe and dozens of other major firms were conducted using malicious PDFs that exploited one or more vulnerabilities in Adobe Reader. Analysts at Verisign's iDefense security group told Robert McMillan of IDGNews today that hackers had launched targeted attacks using a malicious document attached to e-mail messages.

While iDefense did not identify rogue PDFs as the malformed documents, its researchers claimed that the attachments exploited a "zero-day" -- a vulnerability that had not yet been patched -- in a "one of the major document types," a definition that certainly fits Adobe's PDF format.

Only yesterday did Adobe patch a zero-day in Reader. The bug had been publicly known since mid-December, and used surreptitiously by hackers for at least several weeks before that.

Adobe denied any link between the two events -- its patching of Reader and the announcement that it had been attacked. The security update had been on the schedule for months, said Lips, since Adobe now releases Reader patches quarterly.

Mikko Hypponen, the chief research officer of Helsinki-based F-Secure, disagreed. Although F-Secure has not been directly involved in investigating the attacks, Hypponen said he has talked with other researchers who were. "This was an attack launched via a convincing e-mail with an exploit-ridden PDF attachment," Hypponen said today in a telephone interview. He also said that those researchers, who he would not identify, told him that the PDF documents were exploiting the Reader zero-day patched on Tuesday.

"These kinds of targeted attacks using PDFs have been going on for quite a while," said Hypponen. "There's nothing new technically in any of these attacks, including the ones against Google and Adobe."

Hypponen was on the money in that regard. Adobe, for example, patched four Reader zero-day vulnerabilities last year, while some statistics show Adobe exploits are among the most prevalent on the Web.

Hypponen also took a stab at whether the Chinese government was directly responsible for the attacks, something that some have argued by reading between the lines of Google's announcement. "One theory is that the government, maybe the PLA (People's Liberation Army), is behind this. The other is that it's the usual idiots, local Chinese hackers who are encouraged and perhaps supported by authorities."

Hypponen laid his bet on the latter. "Indirect evidence supports the second theory," he said, citing the properties traits of malicious documents that typically show the creator's name as something like "shadowhunt" or "darkknight."

"Those are hacker names, not [the name of] a sergeant in the PLA," he said. "But we don't have a smoking gun."

Adobe denied that a Reader vulnerability was the basis of the attacks, or that malicious PDFs had been used to hack the company's own network. "In terms of the attack vector, this is still being determined as part of our ongoing investigation," Lips said. "At this time, we have no evidence to suggest that Adobe Reader was an attack vector."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld . Follow Gregg on Twitter at @gkeizer , send e-mail to gkeizer@ix.netcom.com or subscribe to Gregg's RSS feed .

Join the PC World newsletter!

Error: Please check your email address.

Tags pdfhackGoogleadobe

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld (US)
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?