Skip to Content

How a Simple Google Search Unmasked a Chinese Cyber Espionage Network

In a new book, a leading researcher tells how cyber forensic work investigates militarization and espionage.

Cyber warfare and espionage has been a top national security concern for several years, with senior U.S. officials recently accusing the Chinese military (see “Pentagon Points Finger at Chinese Army Over Computer Attacks”).  But for all the sophistication of these attacks, there have been growing indications that the attackers are often amateurish (see “Exposé of Chinese Data Thieves Reveals Sloppy Tactics”).

One of the major centers for forensic work into computer espionage has been the Citizen Lab, an interdisciplinary research center at the University of Toronto. A new book, Black Code: Inside the Battle for Cyberspace, by lab director Ron Deibert is shedding further light into how espionage artists have been unmasked–as well as how the technologies developed by western companies have been so readily adapted to violate human rights (see “Regimes Use U.S. Tech to Censor Citizens, Study Finds”).

Deibert told me today that one big surprise was indeed how easy it sometimes was to see exactly what the Chinese hackers were doing.   For example, four years ago researchers at the lab tried to discern exactly how hackers–starting with some compromised networks in the Tibetan exile capital of Dharamsala, India–had managed to penetrate Indian national security agencies as well as collect extensive data on Tibetan, Indian, and human-rights figures (see “Moore’s Outlaws”).  It turns out that the key to the puzzle was a Google search.  As the researchers sniffed traffic from compromised computers, a 22-character string kept appearing.  So they entered the term into the Google search bar and saw that it was the address of a Chinese website.  They then visited the site and found open directories, lacking password protections, that showed everything else the network was doing, if not who they actually were.  “China-based espionage networks are actually very sloppy. We’ve seen this over and over again–sloppy careless steps that allowed us to see what they were doing. There is a huge outsourcing of the cyber criminal underworld, and it is not as sophisticated as one might assume, which may mean it’s not that closely directed by the government – at least not the ones that we see.”  And it also said something about the level of hyperbole by security companies.  “A lot of companies like to trumpet their unique investigative powers, but cracking one of the cyber espionage networks came down to a researcher in a university lab Googling something,” he added. 

Keep Reading

Most Popular

individual aging affects covid outcomes concept
individual aging affects covid outcomes concept

Anti-aging drugs are being tested as a way to treat covid

Drugs that rejuvenate our immune systems and make us biologically younger could help protect us from the disease’s worst effects.

Europe's AI Act concept
Europe's AI Act concept

A quick guide to the most important AI law you’ve never heard of

The European Union is planning new legislation aimed at curbing the worst harms associated with artificial intelligence.

Uber Autonomous Vehicles parked in a lot
Uber Autonomous Vehicles parked in a lot

It will soon be easy for self-driving cars to hide in plain sight. We shouldn’t let them.

If they ever hit our roads for real, other drivers need to know exactly what they are.

crypto winter concept
crypto winter concept

Crypto is weathering a bitter storm. Some still hold on for dear life.

When a cryptocurrency’s value is theoretical, what happens if people quit believing?

Stay connected

Illustration by Rose WongIllustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.