In a speech given yesterday at the Newseum in Washington, D.C., U.S. Secretary of State Hillary Clinton put pressure on the Chinese government to address the cyber attacks revealed recently by Google. For much of the speech, which focused largely on promoting Internet freedom, Clinton avoided mentioning China specifically. But her comments condemned Internet censorship and cyber attacks in no uncertain terms.
Clinton’s remarks paint the U.S. vision of the Internet in stark contrast to China’s. In her talk, Clinton stressed the benefits of enforcing the principles of freedom of expression, assembly, and universal access online. In contrast, China has a reputation for routinely blocking access to politically sensitive content and gathers information on dissidents via their Internet communications.
Clinton also addressed Google’s disclosure directly. “We look to the Chinese authorities to conduct a thorough review of the intrusions that led Google to make its announcement,” Clinton said.
Clinton sharply criticized Internet censorship and companies that cooperate with it. “Censorship should not be in any way accepted by any company from anywhere,” she said, warning that efforts to limit information flow create a less useful, fragmented Internet. In particular, she said that “unfettered access to search engine technology is so important in individual lives.”
She also called for more cooperation across jurisdictions when fighting Internet crime. “Countries or individuals that engage in cyber attacks should face consequences and international condemnation,” she said.
Although Google has not released details of the attacks it detected, security researchers have begun piecing information together. Though the search giant stopped short of blaming the Chinese government directly for the attacks, its decision to end cooperation with state censorship requests strongly implies that the company suspects government involvement.
Independent researchers have also begun gathering evidence that pinpoints the source of the attacks. Joe Stewart, director of malware research for the counter threat unit at an Atlanta-based security company called SecureWorks, went public this week with research suggesting a link between the malware used in the attack and research into algorithms posted on Chinese-language websites.
Stewart was analyzing the Hydraq Trojan, the worm believed to be responsible for accessing internal corporate networks at the companies that were attacked, when he found that the software used an unfamiliar algorithm to check for errors in stored or transferred data. Stewart investigated it and found that this particular implementation had only been described on Chinese-language sites, suggesting a link to hackers in mainland China.
Stewart notes that “reverse-engineering an executable binary is never conclusive,” but adds that the Trojan’s behavior also fits with that of other attacks that originated from China. However, he says he hasn’t noticed any features of the malware that suggest sophistication beyond other recent attacks.