Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch

Google.cn

Three dozen US corporations infiltrated by Chinese government hackers.


Get It

Try It

THE INTERNET (Rixstep) -- Things are worse than feared. Google discovered a breach of security back in December. The breach was traced to three dozen Fortune 500 corporations. All indications are that the breach was made possible by compromising Microsoft Windows.

A New Approach to China

The attack wasn't just on Google, reports chief legal officer David Drummond.

We have discovered that at least twenty other large companies from a wide range of businesses have been similarly targeted. We are currently in the process of notifying those companies and we are also working with the relevant US authorities.

As the evidence points to direct Chinese governmental sanction, Google are changing their Google.cn censorship policy - even though Google staff remain within Chinese borders.

We have evidence to suggest a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date, we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

No More Censorship

Google will no longer cooperate with the Chinese government in censoring Google.cn.

We are no longer willing to continue censoring Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognise this may mean having to shut down Google.cn and potentially our offices in China.

An aside inserted to protect those in the PRC.

We want to make clear that this move was driven by our executives in the United States without the knowledge or involvement of our employees in China who have worked incredibly hard to make Google.cn the success it is today.

A risky move - but will the Chinese take the hint?

Crisis Conference 24 December

IDG's Bob McMillan dug deeper into the story. What happened to Google is 'a problem that US lawmakers have complained about loudly', writes McMillan.

Online attacks that appear to come from China have been an ongoing problem for years but big companies haven't said much about this, eager to remain in the good graces of the world's powerhouse economy.

Google now imply Beijing's been sponsoring the attacks and this PRC matter's now before HRC.

We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation. The ability to operate with confidence in cyberspace is critical in a modern society and economy.

McMillan says the Google attack gained access to a system used to help Google comply with search warrants - and this according to an undisclosed source not authorised to speak to the media. The discovery scared the Googles to say the least.

Holy shit! This malware is accessing the internal intercept!

The discovery also resulted in a emergency meeting chaired by Larry Page on Xmas eve.

Behind Secure Walls

China also contribute to the general malaise by making it easy for criminals to purchase 'bulletproof' hosting - servers guaranteed to not be taken down even if they're linked to spam or other illegal online activities.

The Google security team traced the attack to just such a server, penetrated it, and discovered they weren't the only target. All told, 34 companies were hacked. Adobe went public only minutes after Google.

Adobe became aware on 2 January 2010 of a computer security incident involving a sophisticated coordinated attack against corporate network systems managed by Adobe and other companies. We are currently in contact with other companies and are investigating the incident. At this time, we have no evidence to indicate any sensitive information has been compromised.

Microsoft deny being victimised. Though many wonder how they would even know.

We have no indication that any of our mail properties have been compromised.

Digging Deeper

VeriSign's iDefense unit were called in to help. 'We've never seen attacks on this large of a scale and this successful against private companies', said Eli Jellenc.

According to Jellenc, the hackers sent targeted email messages to victims that contained a 0day attack - in other words: a new ILOVEYOU.

There's an attack exploiting a zero day vulnerability in one of the major document types. They infect whichever users they can and leverage any contact information or any access information on the victim's computer to misrepresent themselves as that victim.

That's pure ILOVEYOU. And those types of attacks work only on one platform.

See Also
Washington Post: A Statement from Google
Official Google Blog: A new approach to China
The Technological: I Could Really Get Used to This!
Adobe Featured Blogs: A Corporate Network Security Issue
Computerworld: Google attack part of widespread spying effort
US Department of State: Statement on Google Operations in China
USCC: Capability of PRC for Cyber Warfare and Network Exploitation

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.