Google is latest target of aggressive hacking from China

An attempt to break into Chinese activists’ Google Gmail accounts echoes last year’s massive Ghostnet attack, which spied on 1,000 computers worldwide. Both attacks originated in China and, some experts suspect, were linked to the government.

Flowers presented by Chinese Google users are seen on a sign outside the Google China headquarters in Beijing on Wednesday.

Vincent Thian/AP

January 13, 2010

Google was careful not to accuse the Chinese government directly of the cyberattacks that the company said it had detected against human rights activists’ Gmail accounts. But the implications were clear.

If Google’s engineers thought that some random hackers had been snooping, Google’s top legal officer would hardly have said that the incident “goes to the heart of a much bigger debate about freedom of speech.”

Ghostnet ops

Rafal Rohozinki has his suspicions, too. He was a principal investigator on the Canadian team of cyber-detectives that last year laid bare the existence of “Ghostnet” – a spying operation controlled from computers in China that infiltrated other computers in 103 countries – many in embassies, ministries, and the Dalai Lama’s offices.

“Google’s disclosure is another admission that there is systematic targeting of individuals by parties unknown but strongly suspected to be linked to the Chinese government,” he says.

The men who unraveled “Ghostnet” did not say conclusively that Beijing was behind the botnet that infected at least 1,295 computers around the world, allowing its controllers to read and copy files and even to turn on the audio and video functions of an infected computer so that they could see and hear what was going on around it.

A Chinese government spokesman dismissed the report when it came out last March, saying its authors were “bent on fabricating lies of so-called Chinese computer spies.”

The “Ghostnet” report relates the case of a young Tibetan woman who was arrested on her return to Tibet from two years in India, where she had been working for a group making Internet contact between Tibet and the outside world. That group’s computers had been infected by the spy operation.

During her interrogation, Chinese police showed the woman a log of her Internet correspondence, indicating they had had full access to it

Support from free-speech activists

Google said that “these attacks [on its servers] and the surveillance they have uncovered,” combined with recent attempts to limit free speech on the Chinese Web even further, had convinced the company to no longer self-censor its search results as mandated by the government.

This principled stand has drawn widespread plaudits from free speech activists. Google accepted censorship in order to set up its search engine in China in 2006. But the company has not offered any services involving personal or confidential data, which could easily be stolen from Chinese-based servers. Bearing in mind Yahoo's mistakes, it does not offer Chinese Gmail or user-generated content services that could allow surveillance of participants

Danny Sullivan, who runs Search Engine Land, a California-based website monitoring the search engine industry, also offers a somewhat sly explanation for Google’s sudden decision to defy censorship.

“Google is an engineer-dominated company,” he says. “They may understand an attack on their Web servers more than an attack on free speech. When they see their kids, their own programs, being attacked, they behave like an angry mother.”