In Rebuke of China, Focus Falls on Cybersecurity

[Cees Binkhorst]

REPLY TO: D66 at nic.surfnet.nl

"Neither the sequence of events leading to Google’s decision nor the
company’s ultimate goal in rebuking China is fully understood."
Dat is volgens mij een understatement ;)

En geen 'viruses or malware detected' dus niet via laptop, en dús via
Google (als er een inbraak was).

Groet / Cees

http://www.nytimes.com/2010/01/14/technology/14google.html
January 14, 2010
In Rebuke of China, Focus Falls on Cybersecurity
By MIGUEL HELFT and JOHN MARKOFF

SAN FRANCISCO — Even before Google threatened to pull out of China in
response to an attack on its computer systems, the company was notifying
activists whose e-mail accounts might have been compromised by hackers.

In a world where vast amounts of personal information stored online can
quickly reveal a network of friends and associates, Google’s move to
protect individuals from government surveillance required quick action.
In early January, Tenzin Seldon, a 20-year-old Stanford student and
Tibetan activist, was told by university officials to contact Google
because her Gmail account had been hacked.

Ms. Seldon, the Indian-born daughter of Tibetan refugees, said she
immediately contacted David Drummond, Google’s chief legal officer.

“David informed me that my account was hacked by someone in China,” Ms.
Seldon said in a telephone interview. “They were concerned and asked
whether they could see my laptop.”

Ms. Seldon immediately changed her password and became more careful of
what she wrote. She also allowed Google to examine her personal computer
at the company’s request. Google returned it this week, saying that
while no viruses or malware had been detected, her account had indeed
been entered surreptitiously.

Google confirmed Ms. Seldon’s account of events, but declined to say
whether it had notified other activists who might have been victims of
hacking.

Mr. Drummond said that an attack originating in China was aimed at its
corporate infrastructure.

While the full scope of the attacks on Google and several dozen other
companies remains unclear, the events set off immediate alarms in
Washington, where the Obama administration has previously expressed
concern about international computer security and attacks on Western
companies.

Neither the sequence of events leading to Google’s decision nor the
company’s ultimate goal in rebuking China is fully understood. But this
was not the first time that the company had considered withdrawing from
China, according to a former company executive. It had clashed
repeatedly with Chinese officials over censorship demands, the executive
said.

Google said on Tuesday that that in its investigation of the attacks on
corporations, it found that the Gmail accounts of Chinese and Tibetan
activists, like Ms. Seldon, had been compromised in separate attacks
involving phishing and spyware.

Independent security researchers said that at least 34 corporations had
been targets of the attacks originating in China.

Adobe, a software maker, said it had been the victim of an attack, but
said that it did not know if it was linked to the hacking of Google.
Some reports suggested that Yahoo had been a victim, but a person with
knowledge said that Yahoo did not think that it been subject to the same
attack as Google.

The decision by Google to draw a line and threaten to end its business
operations in China brought attention to reports of Chinese
high-technology espionage stretching back at least a decade. But despite
Google’s suggestion that the hacking came from within China, it remained
unclear who was responsible. Nevertheless, it presented the Obama
administration with a problem of how to respond.

Google’s description of the attacks closely matches a vast surveillance
system called Ghostnet that was reported in March by a group of Canadian
researchers based at the Munk Center for International Studies at the
University of Toronto. They found that an automated espionage system
based in China was using targeted e-mail messages to compromise
thousands of computers in hundreds of governmental organizations. In
each case, after the computers were controlled by the attackers, they
were able to scan for documents that were then stolen and transferred to
a digital storage facility in China.

The researchers stopped short of directly accusing the Chinese
government of masterminding the attacks. However, for years there have
been reports of attacks planned by so-called patriotic hackers in China,
and many American security specialists argue that these are simply
irregular elements of the People’s Liberation Army. At the same time,
hackers frequently use so-called false flag espionage or denial of
service attacks to route their activities through the computers of a
third country and hide their identity.

One of the Canadian researchers said that fellow computer security
researchers suspected that the attack on Google and other recent
intrusions relied on hackers sending booby-trapped documents that were
stored in Adobe’s Acrobat Reader format, which then infect victims’
computers. This method was seen in a recent wave of attacks on the Dalai
Lama’s computers. “We’ve seen a huge upsurge in attacks using Adobe
Acrobat,” said Greg Walton, an editor at Information Warfare Monitor, a
publication of the Canadian research group.

A spokeswoman for Adobe said the company was investigating the reports,
but could not confirm that the Adobe software was linked to the most
recent attacks.

For Google, the attacks appeared to have been the final straw in a
series of confrontations with Chinese authorities.

Top Google executives, including the chief executive, Eric E. Schmidt,
and the co-founders, Larry Page and Sergey Brin, were ambivalent about
the decision to go into China in 2006, which involved agreeing to censor
some search results on the company’s local search engine, according to a
former executive with knowledge of the discussions. The resistance was
strong from Mr. Brin, who had grown up in the Soviet Union.

But after discussions and internal lobbying from Chinese and
Chinese-American employees inside Google, as well as some of the
company’s sales executives, Google’s top executives came around. They
were particularly swayed by the argument that even a censored version of
Google’s search engine would provide Chinese people more access to
information and help promote free expression in that country.

Once the decision was made, however, Google began expanding its
operation in China, which it expected would grow to be one of the
largest Internet markets. During Mr. Schmidt’s 2006 visit to China,
shortly after Google introduced the company’s China-based search engine,
Google.cn, he told reporters that it would be “arrogant” to try to
change China’s censorship laws.

But repeated clashes with Chinese authorities caused Google to
reconsider its decision on many occasions, the former executives said.
Things almost collapsed in 2008, when Chinese government officials asked
Google to censor results not only on Google.cn but also on Google.com.
the company’s English-language search engine. Google refused, and after
the 2008 Olympics, Chinese officials dropped the issue.

Google now says it thinks that its attempt to help bring openness to
China has failed.

“We were looking at an environment that is more difficult than it was
when we started,” Mr. Drummond said in an interview on Tuesday. “Far
from our presence helping to open things up, it seems that things are
getting tighter for open expression and freedom.”

Robert Gibbs, the White House press secretary, said Wednesday that the
White House had been briefed by Google on the company’s decision.
However, he declined to describe what actions the government might take
in response to the claims of Chinese-directed Internet attacks.

“The recent cyberintrusion that Google attributes to China is troubling,
and the federal government is looking into it,” said a White House
spokesman, Nicholas Shapiro. He said that the president had stated that
Internet freedom was a central human rights issue on a recent China
trip. He also said that the president had made Internet security a
national priority.

Gabriel Stricker, a Google spokesman, said Google’s decision to
publicize the attacks was motivated in part by its desire to alert
activists that their accounts could have been compromised.

The attacks present a challenge for the Obama administration, which last
year debated the role of a federal Internet security adviser. The
administration is grappling on how to balance stricter security controls
and the freedom of technology companies to innovate.

Several Internet security specialists were quick to point out that a
group within the White House led by Lawrence H. Summers, the national
economic adviser, had pointed to Google in debates on the appointment as
an example of an innovative Silicon Valley company that might be
hamstrung by strict new Internet security restrictions.

“It’s ironic that the new economy folks at the White House were pushing
back against faster movement on cybersecurity to protect companies like
Google from stricter regulations,” said James Lewis, an Internet
security specialist at the Center for Strategic and International
Studies in Washington. Last year, Mr. Lewis led a bipartisan study
calling for the creation of a strong Internet czar reporting directly to
the president to combat a rash of new security threats.

The White House said on Tuesday that Howard A. Schmidt, a compromise
candidate who was chosen last month to be the Internet security adviser,
would not start in the position until later in the month.

**********
Dit bericht is verzonden via de informele D66 discussielijst (D66 at nic.surfnet.nl).
Aanmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SUBSCRIBE D66 uwvoornaam uwachternaam
Afmelden: stuur een email naar LISTSERV at nic.surfnet.nl met in het tekstveld alleen: SIGNOFF D66
Het on-line archief is te vinden op: http://listserv.surfnet.nl/archives/d66.html
**********