6 Comments

Summary:

In the last week at least four major newspapers have each run their own original reporting about the hacking that led Google to threaten it may significantly alter its business in China (which it hasn’t). But the anonymously sourced stories don’t paint a clear picture.

In the last week at least four major newspapers have each run stories about the hacking that led Google to threaten that it might stop censoring results in China (which it hasn’t, yet). All of the stories were based on anonymous sourcing from security researchers and intelligence officials, but they don’t exactly paint a cohesive picture of what happened. Here are the key (sometimes conflicting) details that have emerged:

New York Times, Feb. 18: The online attacks, which used malware sent through email attachments, were traced to Shanghai Jiaotong University and the Lanxiang Vocational School. The latter is closely tied to the Chinese military. Before this information came to light, the investigation had implicated servers in Taiwan.

Washington Post, Feb. 20: Investigators have narrowed an exploit of an Internet Explorer 6 vulnerability down to six potential hackers, including contractors based at Chinese and U.S. tech companies in China. The code used in the attacks “was developed by a diverse group of Chinese hackers” and used Chinese servers.

Financial Times, Feb. 21: “A freelance security consultant in his 30s wrote the part of the program that used a previously unknown security hole in the Internet Explorer web browser to break into computers and insert the spyware.” Further, Chinese officials have privileged access to this researcher’s work, which he had also posted in part to a “hacking forum.”

Wall Street Journal, Feb. 22: A “prominent Asian hacking group,” with a tendency to “use the same type of attack code to pilfer data in every scheme it executes” is implicated. Investigators aren’t necessarily likely to pinpoint an individual, according to the report. The group is known to surgically attack a small set of machines rather than collecting massive amounts of data.

The Chinese government, meanwhile, has denied any involvement in the hacking attacks on Google and others, suggesting that Google is a pawn in U.S. diplomatic strategy and that the concept of “Internet freedom” that Google and the U.S. say they want to protect is a fallacy.

Related from GigaOM Pro (sub req’d):

Is Google’s China Problem a Groundswell of the Closed Internet?

Image by Flickr user googlisti.

  1. [...] up is the story that the Google hack has been tied to China but not conclusively. I’ll just note here that 90% of the brute force SSH attacks I see on my servers here are [...]

    Share
  2. Facts about Shandong Lanxiang Vocational can be found online easily, including complaints about their poor student accomodations, and tacky late night infomercial to attract attendance.

    Does that sound like a “front operation”? It’s a vocational school for junior high and highschool dropouts.

    Fact are Lanxiang has no computer courses beyond Word and Excel operation, and its tacit connection with the military is 38 students from their culinary and mechanical program enlisting since 2006.

    Share
  3. Good work at researching the blurry flurry of ‘facts’ in the media on this.

    I followed the story on Twitter as it rolled out. US ‘intelligence sources’ pointed to China on day 2, but no evidence was offered. No independant sources have commented except a short statement from Citizen Lab they they were surprised Google went public.

    The myriad of conjunctures in the articles you quote suggest a series of planted leaks through-out US media.

    Reminds me of disinformation tactics from the Iraq war build up.

    @m_holloway

    Share
  4. [...] of all search engines in that country) in retaliation for a hacking attempt that Google suggested was related to government attempts to track and monitor Chinese dissidents. In March, the company started [...]

    Share
  5. [...] of all search engines in that country) in retaliation for a hacking attempt that Google suggested was related to government attempts to track and monitor Chinese dissidents. In March, the company started [...]

    Share
  6. Companies like Goofle often don’t want to go public about this type of issues because:
    1. it indicates that their G-Mail databases are not very secure (meaning: their programmers & DBAs do not know how to do their jobs).
    2. Goofle is very keen to keep its brand on “religion” level.

    However Goofle probably felt safe to go public about this particular case because:
    A. popular opinion in USA would support Goofles claims of a Bad China that does things like this.
    B. Goofle could claim it was done by the Chinese MILITARY and not some scriptkiddies (thus making it possible that Goofle G-Mail is actually “secure”, they just had a very potent adversary).

    Later of course Goofle came with the claim that this was Microsofts fault.

    Bottom line is that the reason we heard about it in the news was because someone somewhere thought that it can be used for some-sort-of-PR or perhaps “testing the ice”.

    Share

Comments have been disabled for this post