Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Business Impact

Google Reveals Chinese Espionage Efforts

After an attack that required staggering skill and resources, the company threatens to quit China.

Google’s threat to withdraw its operation from China has shed more light on a remarkably sophisticated computerized espionage network originating from the country, experts say.

Exit strategy? Flowers are seen placed in front of the headquarters of Google’s offices in Beijing.

Last night Google announced that it would no longer participate in government censorship of the Chinese version of its site, Google.cn, and threatened to shut down its operations in China altogether. In a blog post, David Drummond, senior vice president of corporate development and chief legal officer at Google, wrote that the decision was taken in response to a series of Internet attacks against Google and other companies, as well as covert Internet surveillance of human-rights activists.

This story is part of our July/August 2010 Issue
See the rest of the issue
Subscribe

Though Google has not disclosed the exact nature of the attacks, Drummond wrote: “In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.” He added that the company has gathered evidence that 20 other large Internet, finance, technology, media, and chemical companies were also attacked.

In Google’s case, the attackers tried to get into Gmail accounts belonging to Chinese human-rights activists, Drummond said. The company believes that the efforts were not successful, but that hackers have been targeting human-rights activists based in other parts of the world through a range of hacking techniques.

Amichai Shulman, CTO of Imperva, a data-security company based in Redwood Shores, CA, says Google probably called the attack “highly sophisticated” because the hackers got into the heart of its database and password list. “The intellect and resources required to pull off such a surgical attack are staggering considering the defenses Google has put in place to protect digital assets,” he says.

The hackers probably used “social engineering” techniques to breach Google’s defenses, suggests Nart Villeneuve, chief research officer for the Canadian company SecDev.cyber, and the director of operations for a censorship circumvention tool called Psiphon.

In March 2009 Villeneuve uncovered “GhostNet,” a cyber-spying operation originating in China that was said to have targeted the Dalai Lama and other human-rights activists. Though Villeneuve has no direct knowledge of the attacks discovered by Google, he says it’s likely that they match the methods he has been monitoring.

Villeneuve says the hackers he has studied start by sending users within a target network system a carefully crafted e-mail full of personal information. This isn’t the same as a spam message, he says–instead it’s “someone crafting an attack.” The attacker will attach a PDF or Word document loaded with malware that compromises the user’s computer when it’s opened. Users can protect themselves to some extent with antivirus software, but Villeneuve says that such programs only identified about six out of 41 of the infected documents he has checked. Once a PC has been infected, the attacker can command it remotely.

Once the attackers control one computer on a network, they branch out from there, probing other computers on the same network and raiding e-mail accounts to get more ammunition for social engineering attacks. “They’re basically tricking users into exploiting themselves,” Villeneuve says, adding that perimeter defenses are useless if attackers can trick humans into handing over information or infecting themselves.

However, since many hacking groups operate using these tactics, Villeneuve says it can be devilishly hard to trace attacks back to their source. “We often don’t know [the exact details of attackers’] relationship with the Chinese government,” he says. Still, Villeneuve believes that the Chinese government would certainly stand to benefit from the activity.

Ross Anderson, a professor of security engineering at the University of Cambridge, agrees that “the sort of tricks” used against the Tibetan movement likely provide clues to the recent attacks against Google and other companies.

Shortly after Google made its announcement, Adobe posted an announcement of a “computer security incident involving a sophisticated, coordinated attack against corporate network systems managed by Adobe and other companies.” Adobe says it learned of the attack on January 2 but did not confirm that this attack was the same as the one that struck Google.

Google plans to negotiate with the Chinese government over the next few weeks to see if it is possible to run a standard version of its search engine in China. “These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the Web–have led us to conclude that we should review the feasibility of our business operations in China,” Drummond wrote.

No other major U.S. search engine has so far said it would change its operations in China. A Yahoo spokesperson said in a statement, “We stand aligned with Google that these kinds of attacks are deeply disturbing and strongly believe that the violation of user privacy is something that we as Internet pioneers must all oppose.” But the search engine was silent on the question of whether it would make any changes to its own policies. A Microsoft statement read, “We have no indication that any of our mail properties have been compromised.”

Hear more about security from the experts at the EmTech Digital Conference, March 26-27, 2018 in San Francisco.

Learn more and register
More from Business Impact

How technology advances are changing the economy and providing new opportunities in many industries.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.