I have an article up on Asia Times about the Google hack entitled Winner of the Google-China feud is – India.
In the article I speculate that Google might have hoped to leverage international outrage over Chinese hacking in order to get better treatment from the PRC (more aggressive pursuit of hackers and reduced filtering for its Google.cn search engine in order to put it on a better competitive footing vis a vis archrival Baidu).
However, as the issue became an international human rights/open society/US government cause celebre, Google may have gotten more than it bargained for.
A few interesting data points that I didn’t cover in the article:
1. The main hack—sometimes known as the Aurora exploit or Trojan.hydraq—exploited a vulnerability in Microsoft’s Internet Explorer that enabled the command-and-control server to inject a shell and run its application on the target computer unmolested after the victim opened the trick e-mail attachment that directed his computer to the hacker’s URL.
2. According to the UK’s Register, an Israeli computer security firm, BugSec, reported the vulnerability to Microsoft on August 26, 2009. Microsoft had planned to grunt out a patch in February 2010, but the worldwide kafuffle compelled it to rush an “out of band” patch to users on January 21.
3. Symantec’s Security Response Blog took an attitude of “meh” to the Google incident, implying that the only thing new about this intrusion was Google’s decision to go apesh*t about it:
The story of the attacks went public following the announcement from Google, with news media organizations worldwide choosing to place the story prominently on the front pages of numerous Web sites and printed publications. Far from being confined to security-related mailing lists and blogs, the story became part of the week’s headlines with its news of potentially politically motivated “information warfare” in conjunction with the possibility of significant change ahead for one of the world’s most prominent companies.
The Trojan.Hydraq incident was no different and was almost textbook in its execution of a targeted attack. While there is much talk of the most recent incident, we observed a Trojan.Hydraq based attack in July 2009. …
Trojan.Hydraq itself is very much a standard backdoor Trojan. Considering the efforts that the attackers put into staging the attack as a whole, the end malware is not so sophisticated. It doesn’t use any anti-debugging or anti-analysis tricks. It just uses some basic obfuscation in the form of spaghetti code on some of its components.
4. The Aurora exploit seems to have been a big hack. If what’s leaking out of Google is accurate, perhaps 30 Silicon Valley companies were targeted. But to me it’s open to question whether the scale of the hack was an escalation of Chinese attacks, or merely an opportunistic, organized attempt to exploit the “day zero” IE vulnerability with a simultaneous, multi-enterprise attack, knowing that the flaw would get patched soon after the assault occurred. China’s interest in industrial espionage, conducted directly and through hacker cutouts, is undeniable and the Aurora incident was perhaps just business as usual.
5. There have not been a lot of full-throated support of Google by the high-tech community. On the other hand, Bill Gates pooh-poohed the intrusion on Good Morning, America and John Chambers of Cisco seemed less than impressed. Maybe all they care about is shoveling Beijing’s bloody coin into their pockets but maybe the hack wasn’t all that remarkable.
6. Microsoft is, of course, the main target of Chinese hacks. In contrast to Google’s chest-thumping, Microsoft goes for low key engagement with Chinese entities. Its efforts are chronicled in a very interesting blog called “Dark Visitor” (English translation of the characters for “hacker” – 黑客. The Chinese government obliged Microsoft (while eliciting squeals from the Chinese high tech community) in August 2009 by arresting one Hong Lei, the author of Tomato Garden, the pirated version of Windows XP retailing for about US$ 0.70 that enjoys sizable market share inside the PRC. Also in August 2009, Microsoft participated in a conference of Chinese “security researchers” a.k.a. hackers, apparently hoping to bring hackers over from the dark side with the lure of financial incentives. In the case of the Aurora exploit, however, Microsoft apparently didn’t receive a useful heads-up from its Chinese friends.
7. I’m wondering if Google went public in the hope that aroused Chinese netizens and the international IT community would flock to its support and force a climbdown by the Chinese government on Google.cn results filtering, as Beijing was forced to do last summer in the case of the “Green Dam Youth Escort”, a porn and violence filtering software it tried to mandate for installation on all PCs. Difference is, Green Dam was apparently a poorly conceived, easily circumvented kludge that, allegedly, relied on 3000 lines of stolen code from Cybersitter (the Chinese creator is now looking at a US$2.2 billion lawsuit). When the Green Dam mandate was announced in June 2009, Chinese media watcher Imagethief did a good, snarky takedown on this doomed effort to deprive Chinese netizens of their porn privileges.
8. Presumably anybody in China who cares about open Internet access is getting their daily dose of porn, Tibetan nationalism, and whatever through one of the many Great Firewall workarounds promoted by the open society crowd. Green Dam would have endangered these users at their PCs—not only blocking images but, presumably firing off messages to the mothership about what was getting blocked. Loosening the filtering restrictions on Google.cn, on the other hand, could never substitute for untrammeled access to the global Internet through a proxy. So I don’t think Google, whose Google.cn is solidly in second place behind Baidu in China’s in-country search engine business, is tapping into a lot of pent-up demand for a slightly liberalized but still porn-free local search engine.
9. After Google’s threat to stop filtering its search engine results became front-page news around the world, the Chinese government is probably not in the mood to do Google lots of favors. There is brave talk about how China needs Google but the Chinese government may not see it that way. Current reports indicate that Google is negotiating to retain its R&D center inside China and I would expect that’s just a way for Google to keep its mangled foot in the door until some major regime liberalization occurs in the currently unforeseeable future.
Update: According to an insider account in the Jan. 14 Wall Street Journal, Google co-founder Sergey Brin, who came from the Soviet Union, put his anti-totalitarian foot down and ordered the public pushback against China over the objections of CEO Eric Schmidt.