All Fingers Keep Pointing to China
The word that Google experienced numerous break-ins to its systems spread quickly last week. Not only were numerous Google systems breached, but as considerable amount of intellectual property was also stolen. The attackers exploited a zero-day vulnerability in Microsoft’s Internet Explorer as well as variety of other vulnerabilities. Google was not the only organization targeted by these attacks, however; reports indicate that approximately 30 other organizations (but most probably many more than this) also fell victim to the same type of attacks that started a little over one month ago and ended the first week in January this year.
The most recent round of attacks are really nothing new, and all fingers keep pointing to China as the source of the attacks. Why?
1. Compromised machines sent information gleaned from them to servers in China. The fact that this happened is, of course, no proof that the origin of the attacks was from China, as a group of attackers from another country could have broken into and gained control of these servers. Still, the fact that Chinese servers were involved in the malicious activity is one fact that points to China.
2. Google brought in an information security consultancy to determine what had happened. A consultant from this company reported that the sophistication of the attacks is very high—that the malicious code used in the attacks is far more complex than mainstream attack tools. By all appearances, the author(s) of this code must have obtained financing to be able to obtain the time needed to develop code of this level of sophistication; it is a well-known fact that China has financed such efforts in the past.
3. The malicious code discussed in 2. above incorporated a rarely found algorithm used to determine whether data corruption has occurred when it sends information. This algorithm’s source code has so far been found only on Chinese systems, another fact that implicates China.
4. Google reported that numerous attacks targeted the gmail accounts of human rights activists in China. The Chinese government has carried on a running battle with these activists for years and is highly motivated to find information about them and their activities.
5. Several Google employees with ties to China may have aided the attackers in their efforts. The employees suspected of having done this have had their network access suspended while an investigation is being conducted.
Interestingly, the US government announced that it would lodge a formal protest to China over the break-ins to US systems. Additionally, Google’s initial reaction was to announce that it was considering not doing business in China any more. I doubt whether anything either entity does with respect to China will make much of a difference because China is the proverbial 1000 pound gorilla. It is in many ways the enemy of the US and other free-world countries, yet these countries have a huge potential market in China and they can also obtain very affordable labor there. What everything boils down to is a cost-benefit analysis where the costs (e.g., constant break-ins into US systems, theft of trade secrets by bugging rooms, and more) are hugely outweighed by the benefits (e.g., gigantic sales opportunities and considerably cheaper labor). So, protests or not and threats to discontinue doing business or not, China is firmly in the driver’s seat, something with which the US government and the US commercial sector have had to come to grips.
Here is a final thought—who is the biggest provider of cloud computing services? Google is the correct answer. And the latest round of break-ins was by no means the first for Google. One might thus think that Google might not exactly be a world leader in the practice of information security. So once again we have a great example of just how great the risks associated with cloud security are.