The two main attack vectors according to the article are IE and Flash. I think I read here in HN a while ago that using Windows boxes was highly controlled in Google nowadays, and even some kind of permission was needed. Strong correlation here, it seems that Google was indeed hit and probably hard.
Windows is highly controlled because of the 2010 attack the author references. Google eliminated Windows as a workstation choice for employees after that, allowing only Linux or Mac. They still have Windows around for testing, or special cases that have to get approved, but very sandboxed.
Whatever you do, do NOT turn off Javascript, or stop using Microsoft products like Windows, or Adobe products like their "Flash" player or even their seemingly harmless PDF viewer.
Don't be fooled into thinking these "highly sophisticated" hackers need such things in order to succeed in their "exploits".
And even if they did, the costs of NOT using Javascript, Microsoft and Adobe far, far outweight the benefits.
</sarcasm>
Nevermind the word "lethal", I've always wondered by the word "attack" was chosen within the cryptography/computer security world. Maybe someone knows the history behind it? Once you get used to this term it's seems normal. But at first it's a bit strange. Playing around with computers and binary numbers seems like the furthest thing from an "attack" one could imagine. But I guess it goes without saying that computer nerds have very vivid imaginations.
Some victims may be unwilling, but I'd say a higher portion of them are unwitting; most of them almost definitely have no idea what the extent of the attacks were, if they know at all. When you're dealing with advanced attackers, just knowing that something is going on isn't going to be obvious.
"The number of victims affected, the duration of the campaign, and the difficulty of identifying and exploiting so-called zero-day vulnerabilities mean the resources required "could only be provided by a large criminal organization, attackers supported by a nation state, or a nation state itself,"
Just say it, you want us to A) hate China. B)Give up internet freedom so we can have a bigger cyber army
I love how people are always up at arms how "a nation state" OBVIOUSLY means Israel in a given story why don't they come out and say it???, or OBVIOUSLY means China in another story, or OBVIOUSLY means the NSA, come on!!
Meanwhile, the reporter is the only one smart enough not to speculate based on nothing.
