Inside Google's Secret Struggles With Chinese Cyber Power

U.S. intelligence officials have concluded that December's mass cyber attack against 33 American companies was most likely the result of a coordinated espionage campaign endorsed by the Chinese government.  

Google's revelation that they'd been hit was deemed a "watershed" moment by security industry analysts, but the other 32 companies who were hit have not followed suit and have begged the government to keep their identities a secret. The government has no choice but to protect their identities -- even as U.S. policy encourages greater transparency about the scope of such attacks. 

The attackers exploited security vulnerabilities in at least two widely used software programs to gain information about dissidents as well as proprietary information. Reports suggest that the penetration of Google allowed the hackers to get a good look at how the FBI and the National Security Agency sift through information gleaned from warrants served to Google.

"The recent cyber intrusion that Google attributes to China is troubling and the U.S. government is looking into it," said Nicholas Shapiro, a White House spokesperson.  "We read Google's statement and are strongly opposed to the practices it describes, particularly the illicit targeting of private email accounts for political reasons.  We welcome Google's decision to discontinue censorship of search results on google.cn. The United States has frequently made clear to the Chinese our views on the importance of unrestricted Internet use, as well as cyber-security.  We look to the Chinese for an explanation of what happened," he said.

On Thursday, Secretary of State Hillary Clinton will speak on cyber power and she is expected to address, in some fashion, the attack. Administration officials have said that a variety of responses are on the table, including the lodging of a formal protest to a request to the World Trade Organization to investigate. Behind the scenes, there is panic in the cyber world. 

"Some people hint by saying these attacks are from China, that they are very sophisticated, and that the attackers are looking for information from Chinese human rights advocates," a U.S. official said.  "What is left unsaid is that the attacks are likely sponsored by the Chinese government."

Officially, Google has no contact with Chinese authorities about censorship. Unofficially, it has engaged in a war of attrition with the government. In March of 2009, China blocked YouTube from being accessed in the country and never acknowledged its action. The reasons for its decision were spurious. Traffic dropped off dramatically. And then, half a year later, YouTube access in China was suddenly restored.  In September, YouTube was taken away again -- and the presence of pornography was cited as the reason. Google could not find the pornography.  Porn -- and national security information -- seem to be the de facto public excuses that China provides for its capricious and unpredictable censorship. 

James Fallows has provided us with an extensive examination of how China censors the net. Google's experience brings to light some new details, and reveals the banality of the entire enterprise. According to sources with knowledge of the process, the State Council Information Office sends lists of censored sites and words to companies operating search engines. The companies passively accept the lists. If there are small updates, Chinese officials will communicate via instant messenger to companies to keep them up to date on the latest banned sights. In China, this process itself is considered a state secret. Any active role that China plays in banning IP addresses directly is denied -- the world's worst kept secret is the existence of the Great Firewall.  

Prove it to yourself. Go to this Web site. It allows you to experience what search is like for the Chinese. I tried it out -- and about half of the websites I was browsing are suddenly no longer available.

Google-dot-com is available in China and is not filtered on the back end. Google's China site, Google.CN, is subject to the laws of the local authority. On Google.com, the Chinese government cannot prevent Google from returning search results. But clicking on those results  often leads to content that is not available.  As Fallows has explained, the government employs "packet sniffing" after the Google search results come back through the firewall to weed out objectionable content.  China has variously blocked Google's basic search engine, its Gmail, a proprietary music search and other Google apps -- often for hours, sometimes for days, without explanation or comment.  In July, China publicly accused Google of providing links to pornography; Google responded by voluntarily disabling several of its high-profile search features. 

There are at least seven different agencies responsible for Internet policing in China. They often fight with one another for bureaucratic territory. Companies like Google are left to their own devices to figure out how to comply with the law--and whatever specific emanations the law requires. Google employees in China really never know what they can and cannot do. Violating the law means, potentially, prison. 

Soon after Google's announcement last week, reports circulated that Google had stopped filtering its Google.CN site; that would directly violate Chinese law. Not true. The truth is more insidious.  Enterprising consumers decided to see if results that were previously blocked had suddenly become unblocked.  Somehow, pictures of the Tiananmen Square massacre were able to be accessed. Google unblocked! But no -- in this case, Google hadn't done anything. There were no changes to the filter and no updates that day. The truth is that, in this instance, the Chinese users of the Google.CN domain were censoring themselves; it had not occurred to them to search for such pictures before. To be clear, Google.CN is censored (by Google, "voluntarily,")  but the lack of transparency in the process can grind down the will of even the world's largest Internet company, if not the intellectual interests of millions of Chinese.  

Given this context, it's easy to why Google's had enough.

Then there are the U.S. network security rules of engagement. Defend, don't attack -- unless there's a secret presidential finding, which, to the best of knowledge, there isn't one on China.  
For example, if a U.S. site comes under attack from a Chinese site, the site -- assume it's an intelligence agency -- can defend it by trying to block the attacks, and it can offensively attempt to figure out who's behind them -- but once that threshold is crossed, it cannot attack the sites. The Chinese have no such rules.  In fact, the Chinese government teaches attack techniques to a large group of state-sponsored hackers, and part of the classroom work is for them to conduct actual attacks on sites around the world, including the U.S.

The question is natural: if China is so intent on stealing stuff from us, why haven't we responded?

One, we may well have responded, in ways that are classified.  But the U.S. has an extraordinarily complex and vital economic relationship with China - one that China would never compromise. There is no fear among U.S. officials that China would ever mount a crippling cyber attack against U.S. infrastructure, even though they have mapped our electrical grid and probably left behind some malware that could be triggerable at a later date. (For what it's worth, the U.S. has also mapped China's electrical grid.)

China, in fact, needs a secure and stable U.S. infrastructure to do business. (As James Lewis of the Center for Strategic and International Studies puts it, "Since they own Wall Street, the last thing they want to do is crash it.")  But China also wants to control the information flowing in and out of its country. In the absence of an international treaty defining what cyber sovereignty consists of, it is hard to figure out the boundaries, much less police them effectively.  Third, the U.S. is aware of a debate within the Chinese government about whether it should pursue a globalist or nationalist technology policy; should China depend on the rest of the world for its cyber needs; should it become a part of the grid; should it pursue its activities independently? This is linked to a central organizing question of modern Chinese society: will it be open, modern, forward-looking? Or forever consigned to a second-rate status? 

The geopolitics of cyber power suggests that centrally directed government espionage is...tolerated by U.S. officials. A 2007 intrusion, where Chinese hackers broke into classified Department of Defense computer databases, alarmed officials -- but the response, largely, was defensive. There is a reason; ambiguity provides more policy options for the U.S., and the lack of an offensive reaction -- aside from Clinton's comment -- prevents the situation from escalating.