Was the Google China Hack An Inside Job?
Posted by Alex_Pasternack on Thursday, Jan 14, 2010
Not long after Google threw down the gauntlet on Tuesday for the China-originated hack attacks that hit it over the holidays, a rumor popped up on Wikileaks: “Gossip from within google.cn is Shanghai office used as CN gov attack stage in US source code network.”
That, coupled with Google’s description of the way it got hacked and its threat to close its offices in China, made it seem like the company’s fury wasn’t just about censorship and human rights, but involved something much more personal. News today that Google China has asked its workers to go on holiday only turns the drama knob up to 11.
And it might get turned up to 12. In his blog post on the hack, Google VP David Drummond said that the hackers never managed to get into Gmail accounts except for some “account information (such as the date the account was created) and subject line.” According to an article in Macworld,
“That’s because they apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press.
“Right before Christmas, it was, ‘Holy s***, this malware is accessing the internal intercept [systems],’” he said.
In other words: these daft Chinese hackers may have been accessing the backend infrastructure that deals with government requests for information under the US Terrorist Surveillance Program.
The implications of that possibility aside, could such an attack — which Drummond called “highly sophisticated” — have reached Google’s database and password list without a Google China turncoat? “The intellect and resources required to pull off such a surgical attack are staggering considering the defenses Google has put in place to protect digital assets,” Amichai Shulman, CTO of data-security company Imperva, told Technology Review.
Meanwhile, a report says the hackers were using IPs and a drop server that corresponded “to a single foreign entity consisting either of agents of the Chinese state or proxies thereof.” Apparently, there are major similarities between these new attacks and a few carried out in July against a large number of US companies.
As Hillary Clinton’s entry into the Google-China fray underscored today, this isn’t about Chinese hackers vs. Google. This is starting to sound like the opening salvo in a corporate espionage war (to say nothing of continuing political espionage). Makes me wonder what US government hackers are up to, and how strong China’s cyber defenses are right now. And it makes me nostalgic for the good ol’ days, when hackers were just some underground punks trying to subvert the dominant paradigm and turn the man’s systems upside down.
Filed under:
About the author
Email: alexp at motherboard dot tv. @pasternack,
