More Sources Claim Chinese Government Involvement in Cyberattacks on Google, Others
More sources are now claiming the Chinese government is behind the recent cyberattacks against Google and 33 other Silicon Valley companies, reports security firm Verisign iDefense. The attacks, revealed yesterday via a posting on Google's official blog, were hacking attempts on the technology infrastructure of Google and other major corporations in sectors that included finance, technology, media and chemical, said Dave Girouard, president of Google Enterprise.
Although Google's politely-worded blog post doesn't come out and directly blame the Chinese government for these attacks, many have suspected that is the case, including, apparently, Secretary of State Hillary Clinton. Now even more sources are coming out to confirm the Chinese government's involvement. According to Verisign, their sources within the defense-contracting and intelligence-consulting communities also believe "agents of the Chinese state or proxies thereof" are to blame for these recent attacks.
About the Attacks
Google has stated that the attackers unsuccessfully attempted to access the Gmail accounts of Chinese human rights activists. However, only two Gmail accounts were accessed and only account information and the email subject lines were seen, not the content of the emails themselves. The company also said that at least 20 other large companies were attacked as well. Now Verisign reports that number is 33.
In light of these attacks, Google boldly declared they are reconsidering their decision to do business in China - a surprising turn for the Internet giant who once claimed that operating in China didn't violate the company's motto, "Don't be evil," despite the fact that it required censoring search results according to the Chinese government's wishes. That controversial act, though hotly debated at the time, was not all that surprising. Many Western firms ultimately have to cave in to Chinese demands in order to gain access to the 300 million plus Internet users the country holds. Google, for all their proclaimed high ideals, appeared to be no exception.
Until now.
The company has changed its course, stating that they will no longer censor the search results for their Chinese portal google.cn, launched in 2006 with the lofty goal of providing reliable access to information, albeit filtered information, for millions of Chinese citizens. Google is leaving the next move up to the Chinese government. If officials do not accept Google's decision to provide unfiltered information, Google says they will have to withdraw from the country.
Policy Change Hints at Government Involvement in Attacks
So what has changed between then and now? The Chinese government hasn't altered their position on Internet censorship, nor have they asked Google to make any changes to the agreement already in place. Many immediately suspected that the sole reason for Google's decision has to do with the attacks themselves - attacks that hint at government involvement.
According to Verisign's sources, that does appear to be the case. The company says they've confirmed with two independent sources that both the source IPs and drop server (the server used to host malicious code and store the stolen files) of the attack correspond to a single foreign entity consisting of either agents of the Chinese state or those acting on their behalf.
Verisign also notes that these recent attacks resemble a similar July 2009 incident against 100 or so IT-focused companies. At that time, the hacks involved an emailed PDF file that contained an unpatched Adobe Reader vulnerability, which allowed the attackers to deliver the malicious code. That vulnerability remained unpatched until just yesterday, notes Rick Howard, director of security intelligence for VeriSign iDefense.
While July's attacks were detected early and were largely uneventful, December's attacks did find some success. In addition, these same sources claim that the files in both cases share similar characteristics. For example, both attacks used a backdoor Trojan in the form of a Windows DLL, and both share two similar hosts for the command-and-control (C&C) communication. In layman's terms, if the cyberattack was a ground assault during a war, the C&C would be the general barking out the orders. Also in both incidents, the IP addresses used for C&C are in the same subnet and only six addresses apart from each other. That means both attacks are likely to have been instigated by the same entity and may imply that the recent victims' technology infrastructure has been compromised since July.
While none of these findings are a true smoking gun pointing to the Chinese government, it is believed that China encourages their hacker community to attack foreign entities while publicly denying any involvement in such attacks. That may be the case now. Or it could be that this time, the attacks are not just being state-permitted, they're being state-directed.
UPDATE: iDefense has now issued the following retraction:
"In iDefense's press announcement regarding the recently discovered Silicon Valley compromises, we stated that the attack vector was likely "malicious PDF file attachments delivered via email" and suggested that a vulnerability in Adobe Reader appeared to have been exploited in these attacks. Upon further review, we are retracting our initial assessment regarding the likely use of Adobe vulnerabilities. There are currently no confirmed instances of a vulnerability in Adobe technologies being used in these attacks. We continue to investigate this issue."
Share
Facebook
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
I think Google's so-called withdraw is nothing but a sign of total defeat, not by the hands of the communist Chinese government, but by the mighty home grown search giant Baidu.com
So if Google does indeed withdraw using the excuse of "doing no evil", it's just a "face saving" excuse for total business failure.
Do you really think Google is really "do no evil" as they claim if their business is as strong as that in the US?
LOL
Google's interests lie in increasing network usage. I believe that network usage is decreased by censorship, that is; if information is censored and only 'approved' information is available, information's value is undermined, thus google's value is undermined.
Supporting censorship is not in google's interests.
@Rob, shut-up already with the Google conspiracy crap. Go use Yahoo or Bing or whatever floats your boat.
Poor Google as well as employees in China.
I think Google's so-called withdraw is nothing but a sign of total defeat, not by the hands of the communist Chinese government, but by the mighty home grown search giant Baidu.com
Except for the part where Google has completely ripped Baidu apart in the past 6 months, you mean? Statcounter (http://gs.statcounter.com/#search_engine-CN-monthly-200906-200912) shows that Google is now up to 43% of Chinese search (from 27% in August), and that's all at the expense of Baidu (dropped from 70% to 55% in that period).
In just four months, Google cut Baidu's lead from 44%, to 12%. Someone is being totally defeated here, but it's not Google. Seems much more likely that Baidu, seeing itself being eviscerated by Google, asked the government for illegal help.
Chinese Hackers Targeted GOOG's Internal Spy System - http://bit.ly/8K5kbd
And now Google is using 'human rights' as excuse to leave China.
the situation is intense
Google will not leave China - the biggest Internet market. They have just threaten.
See http://googlegazer.com/2010/01/14/googles-stand-against-china/ for a discussion of Google's stand on Chine and the tepid response from the US government and business leaders.
i don't think so~
you do not know well about china and chinese goverment
@Rob, I suspect I know why you hate google so much.
1) You spent 47$ on Adwords.
2) 32 clicks and no coversions.
3) You need money to pay rent to your mom next week.
This is a brilliant marketing move by google
Baidu is the 3rd biggest search engine in the world. Google is basically saying to the world: "Baidu is in the Chinese Government’s pocket; we’re not."
In the short term this move may make Google lose in the chinese market but it will reward them tenfold in the free world.
Google has gained the moral high ground in the free world and this will be more than enough what they may be losing by retreating from china.
It's all threats, there is no way they could possibly leave that market considering the potential for growth. The Chinese market already has more online users than the US and with only about 26 - 27% saturation, compared to the us which has almost 75% saturation.
Google's revenues from China may not be massive now, but as a business they cannot ignore their shareholders best interests and those interests cannot be served by pulling out of such a major and growing market.
Fuck your stupid white man! Chinese will rule the whole world!