China Hacks Google In Latest Round of Cyberattacks

Google announced last week that they were ending all search result censorship in China, following a concentrated attack on their servers with the goal of accessing the Gmail accounts of Chinese human rights activists and increased Chinese government restrictions on freedom of speech. The company acknowledged that this might mean they'd have to close their offices in China, perhaps shut down Google.cn. Though stories about the decision were quickly downplayed and in some cases censored, China's internet user community is deeply concerned, with Google having gained 80 million users since they began operating there in 2006.

Google's announcement also mentioned something else, that they had "discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted."

Over at ZDNet, Ryan Naraine and Dancho Danchev offer a detailed blow-by-blow of malware used and the Zero Day programming flaw exploited by the attackers. Also noted, the US government is backing these allegations, and the Indian government says that they faced a concentrated series of attacks on government departments on the same day the Google attacks occurred, which India's national security advisor says originated in China. Naraine and Danchev close by noting that it's possible the attacks are perhaps government-tolerated rather than government-sponsored, though they admit that this is a fine line.

How fine a line it can be is covered in further detail in the 2009 Report To Congress of the U.S.-China Economic and Security Review Commission [pdf]. Google referenced the report in their announcement and I have a handy copy of it sitting right here, where right in the beginning of Section 4, I can read that ...

... In April 2009, reports surfaced that attacks on defense contractor information systems in 2007 and 2008 allowed intruders--probably operating from China--to successfully exfiltrate "several terabytes of data related to design and electronics systems" of the F35 Lightning II, one of the United States' most advanced fighter planes. A large body of both circumstantial and forensic evidence strongly indicates Chinese state involvement in such activities, whether through the direct actions of state entities or through the actions of third-party groups sponsored by the state. ...

In other words, it can be hard to say whether the actual hackers were directly working for the Chinese government, unknowingly working for them, or perhaps fishing for information with the intention of passing it on to the government after the fact. And the way the Chinese have set up their information warfare capacity, it's probably even harder to determine the answer, Naraine and Danchev's points about the Chinese government's longstanding tolerance of a significant 'grassroots' hacker community of pernicious sophistication, notwithstanding.

Several pages later, after outlining what's known of the operational and aspirational plans of the People's Liberation Army's (PLA) work on Integrated Network Electronic Warfare, the report describes the origin of what are suspected to be at least 33 likely information warfare militia units run by the PLA:

... The efforts of the PLA regarding computer network warfare are not limited solely to its active duty forces. The PLA has been forming cyber militia units since the late 1990s, "comprised of personnel from the commercial information technology sector and academia ... represent[ing] an operational nexus between PLA [computer network operations] and Chinese civilian information security professionals."

The first such unit formed may be one created on an experimental basis in Datong City, Shanxi Province, in early 1998. According to Chinese press reports, at the time of its creation the Datong unit contained 40 personnel and was located within "a certain Datong City state-owned enterprise." The unit relies upon "the resources of the local area's scientific talent, information technology, and facilities," with personnel drawn from "all over the city's 20 scientific research institutes, universities, and information occupations."

In 2006, the authoritative Chinese Academy of Military Science published an article that explicitly endorsed the information warfare militia concept and directed the PLA to make the creation of such units a priority. ...

Past "patriotic hacker" attacks described in the report include a series of GhostNets of spyware infecting embassy, government ministry and activist groups in 103 different countries. As the report notes, the concentrated linguistic talent required to exploit the gathered information, and the lack of financial value of the data, pointed to a state actor guiding the data collection, regardless of who carried it out. The targeting of items such as the internet chats of Tibetan exile activists, given to them as a reason for denial of entry to the country by Chinese officials, is an example of the sort of circumstantial evidence pointing to China as that state.

Is there any other government with a deep and abiding interest in the online chats of Tibetan exiles? Similarly, in these recent attacks, who else cares about trawling the email of Chinese human rights activists? The Chinese government is, by anyone's estimation, the very likeliest customer for this information.

There's no point being naive about whether or not the US government has been cultivating similar cyber espionage capabilities. Indeed, the information warfare capacity of US forces was cited by the Chinese as a motivating force for starting up their own information militia efforts, nor is Google any stranger to its services being used for intelligence community purposes. Currently, the US intelligence community is even known to be actively monitoring social media, which a person could argue is really their job, to know what's going on in the world so the government can respond.

The question comes down not to one of whether a capacity exists, but how the power leveraged from it is likely to be used. I suspect that concern over warrantless wiretapping in the US has been minimal compared to its clear violation of the Constitution because US citizens by and large don't expect to wake up tomorrow in a proto-Soviet style police state (and I would argue that this is a bad thing, not to be encouraged, though that's another conversation.) Whether a government should do something is always going to resolve into a question of trust and character, not an eternal, Platonic principle about an ideal government that never existed.

As things stand, China appears to be engaging in all-out corporate- and government-targeted information warfare that includes US entities amongst some of its prime targets, in addition to engaging in mercantile trade policies amounting to a ful on beggar-thy-neighbor strategy for capturing market share.

Yes, they're struggling for what could rightly be called peer status with other long-established powers. Yes, if they don't continue to boost their citizens' standard of living and vista of opportunity, their government is very likely to collapse. It's of no particular benefit, nor morality, to say that China should either remain a backwater or collapse into chaos. Though the US government's responsibility is to advance the interests of its own citizens, which while it's possible to do that without pulling other countries down, obviously requires them to protect us from harm.

China's cyber espionage against the US and companies like Google, which has become a critical part of our communications infrastructure, can't go unanswered. The US government must direct adequate funding to protect our information networks.

And maybe, just maybe, the US government should look at making their hiring and personnel policies a little more geek-friendly. They could take a page from Google, whose HR practices are no secret.

Views expressed on this page are those of the authors and not necessarily those of Campaign for America's Future or Institute for America's Future