U.S. intelligence officials have concluded that December's mass cyber attack against 33 American companies was most likely the result of a coordinated espionage campaign endorsed by the Chinese government.
Google's revelation that they'd been hit was deemed a "watershed" moment by security industry analysts, but the other 32 companies who were hit have not followed suit and have begged the government to keep their identities a secret. The government has no choice but to protect their identities -- even as U.S. policy encourages greater transparency about the scope of such attacks.
The attackers exploited security vulnerabilities in at least two widely used software programs to gain information about dissidents as well as proprietary information. Reports suggest
that the penetration of Google allowed the hackers to get a good look at how the FBI and the National Security Agency sift through information gleaned from warrants served to Google.
recent cyber intrusion that Google attributes to China is troubling and the
U.S. government is looking into it," said Nicholas Shapiro, a White House spokesperson. "We read Google's statement and are
strongly opposed to the practices it describes, particularly the illicit
targeting of private email accounts for political reasons. We welcome Google's
decision to discontinue censorship of search results on google.cn. The
United States has frequently made clear to the Chinese our views on the
importance of unrestricted Internet use, as well as cyber-security. We
look to the Chinese for an explanation of what happened," he said.
On Thursday, Secretary of State Hillary Clinton will speak on cyber power
and she is expected to address, in some fashion, the attack. Administration
officials have said that a variety of responses are on the table,
including the lodging of a formal protest to a request to the World
Trade Organization to investigate. Behind the scenes, there is panic in
the cyber world.
"Some people hint by saying these attacks are from China, that they are very sophisticated, and that the attackers are looking for information from Chinese human rights advocates," a U.S. official said. "What is left unsaid is that the attacks are likely sponsored by the Chinese government."
Google has no contact with Chinese authorities about censorship.
Unofficially, it has engaged in a war of attrition with the government.
In March of 2009, China blocked YouTube from being accessed in the
country and never acknowledged its action. The reasons for its decision
were spurious. Traffic dropped off dramatically. And then, half a year later, YouTube access in China was suddenly restored. In September,
YouTube was taken away again -- and the presence of pornography
was cited as the reason. Google could not find the pornography. Porn
-- and national security information -- seem to be the de facto public
excuses that China provides for its capricious and unpredictable
James Fallows has provided us with an extensive examination
how China censors the net. Google's experience brings to light some new
details, and reveals the banality of the entire enterprise. According
to sources with knowledge of the process, the State Council Information
Office sends lists of censored sites and words to companies operating
search engines. The companies passively accept the lists. If there are
small updates, Chinese officials will communicate via instant messenger
to companies to keep them up to date on the latest banned sights. In
China, this process itself is considered a state secret. Any active
role that China plays in banning IP addresses directly is denied -- the
world's worst kept secret is the existence of the Great Firewall.
Prove it to yourself. Go to this Web site
It allows you to experience what search is like for the Chinese. I
tried it out -- and about half of the websites I was browsing are
suddenly no longer available.
Google-dot-com is available in China and is
not filtered on the back end. Google's China site, Google.CN, is
subject to the laws of the local authority. On Google.com, the Chinese
government cannot prevent Google from returning search results. But
clicking on those results often leads to content that is not
available. As Fallows has explained, the government employs "packet
sniffing" after the Google search results come back through the
firewall to weed out objectionable content. China has variously
blocked Google's basic search engine, its Gmail, a proprietary music search
and other Google apps -- often for hours, sometimes for days, without
explanation or comment. In July, China publicly accused Google of
providing links to pornography; Google responded by voluntarily
disabling several of its high-profile search features.
are at least seven different agencies responsible for Internet policing
in China. They often fight with one another for bureaucratic territory.
Companies like Google are left to their own devices to figure out how
to comply with the law--and whatever specific emanations the law
requires. Google employees in China really never know what they can and
cannot do. Violating the law means, potentially, prison.
after Google's announcement last week, reports circulated that Google
had stopped filtering its Google.CN site; that would directly violate
Chinese law. Not true. The truth is more insidious. Enterprising
consumers decided to see if results that were previously blocked had
suddenly become unblocked. Somehow, pictures of the Tiananmen Square
massacre were able to be accessed. Google unblocked! But no -- in this
case, Google hadn't done anything. There were no changes to the filter
and no updates that day. The truth is that, in this instance, the
Chinese users of the Google.CN domain were censoring themselves; it had
not occurred to them to search for such pictures before. To be clear,
Google.CN is censored (by Google, "voluntarily,") but the lack of
transparency in the process can grind down the will of even the world's
largest Internet company, if not the intellectual interests of millions
Given this context, it's easy to why Google's had enough.
Then there are the U.S. network security rules of
engagement. Defend, don't attack -- unless there's a secret
presidential finding, which, to the best of knowledge, there isn't one
For example, if a U.S. site comes under attack from a
Chinese site, the site -- assume it's an intelligence agency -- can
defend it by trying to block the attacks, and it can offensively
attempt to figure out who's behind them -- but once that threshold is
crossed, it cannot attack the sites. The Chinese have no such rules.
In fact, the Chinese government teaches attack techniques to a large
group of state-sponsored hackers, and part of the classroom work is for
them to conduct actual attacks on sites around the world, including the
The question is natural: if China is so intent on stealing stuff from us, why haven't we responded?
we may well have responded, in ways that are classified. But the U.S.
has an extraordinarily complex and vital economic relationship with
China - one that China would never compromise. There is no fear among
U.S. officials that China would ever mount a crippling cyber attack
against U.S. infrastructure, even though they have mapped
electrical grid and probably left behind some malware that could be
triggerable at a later date. (For what it's worth, the U.S. has also
mapped China's electrical grid.)
fact, needs a secure and stable U.S. infrastructure to do business. (As
James Lewis of the Center for Strategic and International Studies puts
it, "Since they own Wall Street, the last thing they want to do is
crash it.") But China also wants to control the information flowing in
and out of its country. In the absence of an international treaty
defining what cyber sovereignty consists of, it is hard to figure out
the boundaries, much less police them effectively. Third, the U.S. is
aware of a debate within the Chinese government about whether it should
pursue a globalist or nationalist technology policy; should China
depend on the rest of the world for its cyber needs; should it become a
part of the grid; should it pursue its activities independently? This
is linked to a central organizing question of modern Chinese society:
will it be open, modern, forward-looking? Or forever consigned to a
The geopolitics of
cyber power suggests that centrally directed government
espionage is...tolerated by U.S. officials. A 2007 intrusion, where
Chinese hackers broke into classified Department of Defense computer
databases, alarmed officials -- but the response, largely, was
defensive. There is a reason; ambiguity provides more policy options
for the U.S., and the lack of an offensive reaction -- aside from
Clinton's comment -- prevents the situation from escalating.
the next few weeks, Google will determine whether to suspend its
business operations entirely. Very quietly, through intermediaries, it
has engaged the Chinese government. The U.S. government is informally
advising the company and is being kept in the loop.
We want to hear what you think about this article. Submit a letter to the editor or write to firstname.lastname@example.org.
is a contributing editor at The Atlantic
. He is also a senior contributor at Defense One
, a contributing editor at GQ, and a regular contributor at The Week