Wednesday, January 13, 2010

Google gives a little pushback to the Chi-coms

In order to do business in China, Google made some ethical compromises, one such was to censor its product (i.e., search results). The iconic example of this is the results you receive when doing an image search for the term "Tienanmen square". Here is a screencap of the result from google.com:





And the result if you use google.cn:





Google is now reconsidering, and has actually thrown a gauntlet down. They will no longer censor:


We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

Google has not disabled filtering yet, as you can see from the above screencaps. Why the change of heart? Cyber-attacks:

In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident--albeit a significant one--was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.



This is the latest in a decade or so of such attacks originating from China:



Some of the 'highlights':

November 2004: US media reports that Chinese hackers attacked multiple
unclassified US military systems at the U.S. Army Information Systems
Engineering Command at Fort Huachuca, Arizona, the Defense Information
Systems Agency in Arlington, Virginia, the Naval Ocean Systems Center in San
Diego, California and the United States Army Space and Strategic Defense
installation in Huntsville, Alabama.


July 2006: US media reports that intruders penetrate the US Department of State
(DoS) networks, stealing sensitive information and user login credentials, and
install backdoors on numerous computers, allowing them to return to the systems
at will. DoS systems administrators are forced to limit Internet access until the
investigation is completed. While China’s involvement is not obvious, problems
were especially acute at the Bureau of East Asian and Pacific Affairs, responsible
for policy coordination on China, North Korea and Japan.


August 2006: Pentagon officials state hostile civilian cyber units operating inside
China have launched attacks against the NIPRNET and have downloaded up to 20
terabytes of data.

August 2006: A Member of Congress who is a vocal critic of China’s human rights
record claims Chinese hackers penetrated his office computers and those of their
staff.

November 2006: Chinese hackers attack the US Naval War College computer
infrastructure, possibly targeting war game information on the networks. The
College’s Web and emails systems are down for at least two weeks while the
investigation takes place.

June 2007: Media reports indicate approximately 1,500 computers are taken offline
following a penetration into the email system of the Office of the Secretary of
Defense (OSD).

October 2007: US media reports that China is suspected as the source of at least
seven versions of socially engineered email targeting 1,100 employees at the Oak
Ridge National Lab in Oak Ridge, Tennessee. Eleven staff possibly opened the
malicious attachment, allowing the attackers to gain access to, and potentially
steal, sensitive data, including a database at the nuclear weapons laboratory
housing personnel records going back to 1990.

November 2008: Media sources report that Chinese hackers penetrate the White
House information system on numerous occasions, penetrating for brief periods
before systems are patched.135
November 2008: Business Week magazine publishes a report on significant cyber
intrusions dating back several years at some of NASA’s most critical sites including
the Kennedy Space Center and Goddard Space Flight Center. The operations to
prevent the attacks from China are codenamed, “Avocado.” Attacks included
socially engineered emails launched at top officials. Among the data stolen are
operational details of the Space Shuttle including performance and engine data.



This list of attacks includes only those aimed at American interests and does not include numerous attacks against Japan, Taiwan, the UK, Germany, and other countries.

What is the purpose of these attacks? Clearly, one purpose is acquisition of information that will enable the Chicoms to benefit from the R and D of American business without having actually carried it out themselves. Also, intelligence gathering is an obvious purpose. From nuclear site info, to State Dept. information, to similar attacks on foreign governments, it looks like the Chinese are attempting to remove the veil of ignorance by hacking into computer systems that are at the heart of all our vital infrastructure, and at the heart of defense. How to counteract, and how to deal with it if they also have the intention of disabling our computer infrastructure should they decide to?

We should never entirely abandon low-tech ways of communicating and carrying out the day-to-day tasks of business, government and the military. Teach those mids how to navigate using charts, some trig, and a pencil. Have back up in place if the GPS system goes down. Shortwave radio will do in a pinch for worldwide com. Back up sensitive files of State on that substance known as 'paper.' Redundancy.

These are all defensive measures. How about offensive? Set up dummies or traps for known hackers. Without letting on that we know what they are doing, let them back in, and lead them down primrose paths. If we discover their backdoors, make sure that when they re-enter through those back doors, they become infected themselves, with code that will assure the information and computers they have back home becomes useless, or drives or folders erased or altered in some way. In the meantime, fight fire with fire. We should play their game as well. (I would be very surprised if we are not already doing so.)

Google also has a powerful weapon, Thor's economic hammer. If we were to dramatically curtail or eliminate trade with China, that would hurt. Would they stop the shenanigans? No, of course not, but why look the other way, as we have for some time, in the interests of economics? Look what it has gotten us so far. Google has finally had enough. So, perhaps on a larger scale, should all of us.