Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Attackers Identified as Chinese Government

Posted by ryuzaki0 on from the well-this-isn't-good dept.

forand writes Researchers, examining the attacks on Google and over 20 other companies in December, have determined 'the source IPs and drop server of the attack correspond to a single foreign entity consisting either of agents of the Chinese state or proxies thereof.'"

32 of 651 comments (clear)

  1. Finally above ground by mejogid · · Score: 5, Interesting

    It's hardly a secret that governments conduct cyber-espionage - what seems shocking in this instance is that they have been caught and that a major company, a telecoms giant and the US government have all gone on the offensive. This seems like a pretty dramatic shift, and you have to wonder what China's really done to provoke such a reaction after everyone's spent the last decade quietly appeasing them to try and get a foothold in their markets. It sounds like reading the subject lines of a few Chinese activists' emails is only the tip of the ice berg in this case, it'll be interesting to see what else has yet to be revealed.

    1. Re:Finally above ground by Delwin · · Score: 2, Interesting

      Copenhagen.

    2. Re:Finally above ground by Anonymous Coward · · Score: 2, Interesting

      I couldn't agree more. Something else is clearly going on here. The response by government officials is a marked difference from previous instances of espionage conducted by China. My wild speculation is that the information which was sought was of a different calibre than previously seen, that is they wanted to use the information to quash internal strife. The US has been playing along with China in the belief that given a long enough time they will succumb to a free market capitalism. Perhaps the US government is finally realizing that to change China needs to have information more widely available.

  2. Our response is? by zero_out · · Score: 4, Interesting

    So what are we going to do about it? By we, I mean we as:

    1. a body of corporations (those 20 or so affected)
    2. a nation
    3. a global community of nations (UN)
    4. a cybercommunity

    What can we do, and what is most likely to happen?

    1. Re:Our response is? by Remus+Shepherd · · Score: 2, Interesting

      1. Corporations will leave China, and forgo any possible profit there, or they won't. Up to them. Google seems to have made their choice.

      2. The nation has some soul-searching to do. I expect that the US government will do exactly nothing for a long time, while pleading that other crises are taking up all their attention. (Which, actually is a pretty good excuse right now.)

      3. The UN will do nothing. Cyberwarfare is not something the UN is chartered to police, and not something they care about, and even if it were they already know what China is and they're not going to risk making them tantrum.

      4. The cybercommunity? Well, if the non-chinese cybercitizens want to start a war over this, the chinese cyberwarriors will gladly take part. But this might not be much different than the status quo.

      Revealing China as corporate espionage hackers surprises exactly no one. So nothing will change. Everyone already lives with the truth of chinese malfeasance. All that will change will be one or two companies deciding that they've had enough and they're pulling out of that broken country.

      --
      Genocide Man -- Life is funny. Death is funnier. Mass murder can be hilarious.
    2. Re:Our response is? by Anonymous Coward · · Score: 2, Interesting

      the American populace is too apathetic to sacrifice any amount of convenience.

      I hear this quite often. I'm still under the impression that when presented with the information and an alternative, most will take it.

      For example take chocolate. Lots of chocolate is made through unfair labor, including child labor. Then there's fair trade chocolate. If you walk up to somebody and say, "you can have the slave-produced chocolate for $5 or the fair trade chocolate for $6," do you honestly believe people will still go for $5?

      But again, it requires two things: the information about what's going on and the alternative that is at least in a competitive range.

  3. No, Seriously... by RobotRunAmok · · Score: 5, Interesting

    If a foreign government had attacked non-digital assets of any US corporation, you would expect some kind of formal reprisal. Maybe not an airdrop of Marines, but certainly something more than Hilary Clinton threatening to write a stern letter.

    What I have not doped out yet to my own satisfaction is whether the tepid response from Washington is the fault of the current administration, confusion regarding the digital nature of the breach and assets, or a little of both.

    1. Re:No, Seriously... by Anonymous Coward · · Score: 2, Interesting

      Although it's something of a sign of the administration holding conflicting opinions (increasing the legal value of digital content in copyright cases, while still being more dismissive of it in corporate espionage), I think it's just human nature to treat intangible digital assets differently from physical property, even when their differences are slight from a practical standpoint (secret documents, for example).

      It's somewhat similar to the problem that the big media companies are having: most people who download content illegally probably don't really feel that they're "in the right", but they don't really care that much either. The intangible nature of the product seems to contribute to that - we're wired to place value on things we can hold, or stand on, or whatever. Making a big purchase in cash feels far more real than putting it on a card, too, for that matter. If someone had physically gone into Google's offices and looked through their filing cabinets people would have much more of a gut response to the issue.

      One question that does raise, however: is it the case that we under-respond to issues without that gut reaction, or that we are simply over-responding in other cases?

    2. Re:No, Seriously... by Neoprofin · · Score: 5, Interesting

      The problem with this theory of winning the new cold war simply by buying the opponent is that it doesn't, and can't, lead to any kind of victory. By investing in US debt China has bound themselves in an unholy blood pact to the U.S. economy. We on some level need them to continue pouring money into the economy to pay for poorly thought out foreign policy, they on the other hand need us to continue to prosper or all of their investments become worthless. If one side wins both sides win, if one sides loose both sides loose. The Chinese have already shown their realization of this in their effort to keep interest rates low to prevent inflation from devaluing their assets.

    3. Re:No, Seriously... by DaveV1.0 · · Score: 3, Interesting

      In circulation, maybe.

      But, they hold the vast majority of the U.S. federal debt obligations. The federal government is reliant on China to finance it's operations because of the massive deficit in the budget. If China were to stop buying the federal debt instruments, interest rates in the U.S. would soar and the value of the dollar would drop.

      If China dumped all the U.S. federal debt instruments it owns on to the open market, it would take a hit in the wallet, but the United States would experience hyperinflation on par with Zimbabwe. The U.S. would be bankrupt and it will take thousands to millions of dollars to buy a cup of coffee.

      It is not the circulating dollars they hold that is the problem. It is all the paper they hold that says we owe them trillions of dollars.

      --
      There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
    4. Re:No, Seriously... by Anonymous Coward · · Score: 1, Interesting

      The problem with this theory of winning the new cold war simply by buying the opponent is that it doesn't, and can't, lead to any kind of victory.

      By investing in US debt China has bound themselves in an unholy blood pact to the U.S. economy. We on some level need them to continue pouring money into the economy to pay for poorly thought out foreign policy, they on the other hand need us to continue to prosper or all of their investments become worthless. If one side wins both sides win, if one sides loose both sides loose. The Chinese have already shown their realization of this in their effort to keep interest rates low to prevent inflation from devaluing their assets.

      The U.S. can win by refusing to pay their debt and leaving China holding the bag. Sure it would cause chaos and put some serious damage on the reputation of the country, but there's no reason why the U.S. could not do this. So technically the U.S. can win and completely destroy China and the rest of the world economically becoming a tiny bubble above a rising tide of debt

    5. Re:No, Seriously... by Joey+Vegetables · · Score: 4, Interesting

      Hyperinflation, though likely in my opinion, is still not inevitable, nor can any foreign power unilaterally cause it; it is caused by massive and accelerating expansion of the money supply, which is completely within the control of the Federal Reserve and hence the federal government. The reason we will likely get it is that it is the politically easier of the only two options available for addressing the massive debt, including off-book future liabilities, of the U.S. government.

      The other option would be for the central government to accept that in order to survive, it must accept an eventual return to rule of law and to Constitutional principles. It must accept a much smaller role in the economy. It must accept that the only way for its share of the pie to grow bigger is to let the pie itself grow, which requires, at least in the short term, getting its hands out of that pie, and allowing the economy to grow bereft of any regulations at the federal level save, at most, those that are necessary to protect basic human rights. It must forever give up its present role of purposely enriching some at the expense of all others. It must forever give up its alleged "right" to manipulate the economy through the Federal Reserve. None of this seems likely to happen on its own, but, like all institutions, governments value their own survival above all else, and as the economy collapses and the prospect of widespread revolt and even civil war looms large, it will adapt (or it will die, and the states will take over).

      --

      Nonaggression works!
    6. Re:No, Seriously... by Alpha830RulZ · · Score: 5, Interesting

      he reason we will likely get it is that it is the politically easier of the only two options available for addressing the massive debt, including off-book future liabilities, of the U.S. government.

      Oh, for mod points. This person gets it. Historically, one of the major drivers for government laxity towards inflation (Argentina, Mexico, Pre WWII germany, etc) is that the government owes more in nominal terms than it can fund through taxes. Allow a few years of 10% inflation, and that burden is eased significantly, as tax revenues rise with inflation, while the size of the debt remains the same. We will see 6-10% inflation for 3 to 8 years sometime in the next 15 years, because that is the ONLY way the US government can get out of the financial hole we are in. This will in turn hurt the Chinese, who are holding vast amounts of dollar demoninated debt.

      --
      I was taught to respect my elders. The trouble is, it's getting harder and harder to find some.
    7. Re:No, Seriously... by thesolo · · Score: 1, Interesting

      What I have not doped out yet to my own satisfaction is whether the tepid response from Washington is the fault of the current administration, confusion regarding the digital nature of the breach and assets, or a little of both.

      Oh for fuck's sake...

      What you see as tepid, I see as extremely diplomatic. There's an open investigation into this, the Dept. of State surely doesn't have all the details yet. What would you prefer they do, issue a hawkish, threatening letter? Or perhaps demands?

      8 years of poor foreign policy and unnecessary demands got us very little sympathy or friends on the global stage. I think maybe you should give the Dept of State time to process all the details before they issue an ultimatum.

    8. Re:No, Seriously... by Rich0 · · Score: 2, Interesting

      This is a circular argument. Supply of basic consumer goods in the US is at this point nearly entirely based upon imports

      Yes and no. The US produces quite a few basic consumer goods - food in particular. A plastic toy supply shortage will not cripple the US. Granted, the US does depend on imports for a number of fairly critical practical things. But...

      The world's economy is at these days pretty much a gigantic Ponzi scheme whereby "value" of currencies and goods is in its entirety based on make-believe wishful thinking. US currency has "value" only because enough people globally wish to pretend that it is so.

      Arguably, then the US is in the best place of all. For the last decade we've been receiving useful and practical basic goods in exchange for pieces of paper that you believe are worthless. Is it any surprise that US companies don't want to bother making these goods if others are willing to do so just for pieces of paper?

      As long as supplies of these goods were not cut off overnight, the US could make them on its own. Right now manufacturing in the US tends to not be as cheap as it is elsewhere, but it isn't like the US couldn't build enough cars or whatever for its own needs. Oil is probably the most critical imported resource, but the problems of oil aren't so much that the US depends on foreign supplies so much as that the entire world depends on a resource that will be limited everywhere at some point. If anything the relatively untapped US local oil reserves will put the US in a good strategic position when everybody else is running out.

      As far as all the stuff about controlled versus natural currencies and that - every system has its pros and cons. A well-managed paper currency has a lot of advantages over something like gold in that you can actually regulate the supply of money in accordance with its demand to keep prices stable. Virtually all currencies tend to be artificial - at least since they stopped paying people in salt. It isn't like a lump of gold has any practical use. If there is ever a nuclear winter the guy who will be able to barter isn't the guy with all the gold bricks in his basement, but rather the guy with a lot full of functional cars/fuel (that he can defend) or the guy who knows how to perform basic surgeries. Anything other than a truly practical item or skill is just a currency of convenience, and there is nothing wrong with that either.

  4. SHOCKING by Monkeedude1212 · · Score: 4, Interesting

    Who didn't see that one coming from a mile away? I called it the moment I read that there was a sophisticated attack on Google.

    Whether its all fabricated or not, I like the idea of Google pulling out of China. Google is one of the leading innovators in the western world - and by keeping their services out of China it sends a message to the government: Stop Oppression.

  5. Re:can't say i'm surprised by system1111 · · Score: 1, Interesting

    Private companies, private matters right? Thats my first thoughts for sure when I think of something like this. But when you think about it where is the line? Where is the line when its one nation is funding and fostering corperate espionage against companies of another nation. When does some like this become an "economic" attack when doesn't it. If it deemed an attack on the economics of one nation whet kind of defenses or protocols do we have? I don't know the answers and I'm not saying its the case here but it certainly questions I think governments are going to ask themselves as these types of attacks become more and more public

  6. Re:can't say i'm surprised by dnoyeb · · Score: 5, Interesting

    What did China do when they found all the bugs the US government put in the plane we sold them?

    Nothing.
    http://articles.latimes.com/2002/jan/20/news/mn-23796

  7. still no evidence linking the goverment by Anonymous Coward · · Score: 2, Interesting

    After RTFA it seems the only thing solid is that command server was located in China, them belonging to "agents of the Chinese state or proxies thereof" remain pure speculation at this point unless some one come out and provide evidence that links to the government ,such as registration records or money trail etc. This could still well be the works by some local hacker groups, and since the servers being attacked is outside of China they are not even breaking local laws there. Though I wouldn't be surprised they have a wink-wink relationship with the local police.

  8. Unleash the hounds by dave562 · · Score: 5, Interesting

    The Wall Street Journal had a great article about some of the details behind the scenes of this particular incident, and also another article that did a good job of summarizing what has been discussed here over the last couple of years. The main stream media is openly stating that the People's Liberation Army is actively encouraging "citizen cyber militias" to conduct "cyber attacks" (good Lord how I hate that term) against foreign (read, United States) corporations. Although they haven't gone so far as to state that those militias have active backing of the government, they have said that the government is turning a blind eye to their activities. Furthermore, the WSJ goes on to state that there are United States agencies involved in similar espionage activities.

    Given that background, it seems like hacking Chinese companies should be fair game for up and coming "security researchers" here in the United States. In the 1990s the United States government made it quite clear that they were going to come down hard on people who mess with government and Fortune 500 systems. Given the option between really securing the systems and punishing those who exploit the lack of security, they went with the latter. A lot of people, myself included, decided that once we turned 18 and faced the threat of real Federal prosecution, the wise move was to turn off the war dialers, stop snarfing ESN/MIN pairs out of the air, and stop trying to run exploit code against computers that we don't control.

    We can't hone our craft in the United States anymore. Although there is a whole market for securing IT resources against attack, there isn't a playground to pick up skills in. My suggestion is that China is that playground. My suggestion is that Chinese corporations in the United States are the targets. I mean lets face it, there are hundreds of thousands of compromised computers in the United States. The United States government can't be held accountable for malicious activity directed toward Chinese corporations. It would be unfortunate for those entities to be DDoS'd. It would be unfortunate for their internal workstations to be the target of vulnerability research.

  9. Re:What if *google* was was being used for espiona by Jeng · · Score: 2, Interesting

    Gmail, the aspect of Google that was being hacked is not available in China.

    --
    Don't know something? Look it up. Still don't know? Then ask.
  10. Why would China do this? by MobyDisk · · Score: 3, Interesting

    The premise is that China hacked Google to access the accounts of these Chinese Human rights activists. Given that Google already complies with Chinese law, why did China not openly contact Google over this?

  11. Re:can't say i'm surprised by maxume · · Score: 2, Interesting

    Ridiculous. Both the EU and the U.S. have much larger economies than China. We are witnessing them gaining some footing, not taking over.

    --
    Nerd rage is the funniest rage.
  12. Re:Of course they are "proxies of the government"! by Locke2005 · · Score: 2, Interesting

    If they are using something like a NAT Gateway with port mapping, then the actual IP address would not be visible outside of China. I thought it was standard operating procedure for hackers to route through several intermediates rather than connecting directly, thus increasing the time and effort needed to find the actual endpoint. I'm sure these hackers were smart enough to do that as well; the IP address seen from the outside may have nothing to do with the IP address the hackers was actually originating from.

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
  13. Re:But... by heson · · Score: 2, Interesting

    How sure are we this whole article isn't propaganda (from PNAC)? /Trust no one

  14. Re:This is probably why by jgtg32a · · Score: 1, Interesting

    Actually I think they removed the filters because they want to leave China but it will hurt they stock, so they're trying to get kicked out. Then they can blame China for it and get the good will of various groups.

  15. Identified by a US asset. by Anonymous Coward · · Score: 1, Interesting

    Identified by a US asset.

    don't forget that.

  16. No Big Surprise by jrbirdman · · Score: 2, Interesting

    Web server log entries from the past 8-9 years show 95% of the attempted break-ins originating from China. They've been checking the locks on the doors and windows for along time. But, when I suggest that we simply block all IPs from that part of the world (I usually added a course explicative that conveyed that they could make sex with themselves), management says no. I'm a full-blooded capitalist and believe in the power of a free market and society, but this is ethics, pure and simple. If I were Google, I'd be spinning off large team of people to start working on hacking into anything in the PRC they can find. If the "Law of the Land" condones computer breaking-and-entering then, by God, full steam ahead!

  17. Re:World War III - The Cyber War by instagib · · Score: 2, Interesting

    Holy shit. You just gave governments the ultimate idea for complete Internet control.

  18. Re:can't say i'm surprised by labradore · · Score: 2, Interesting
    Want to stimulate the economy and bring jobs back? Announce that as of next month all imported goods and services are goods and services are required to be produced under the same regime of labor laws, environmental protection regulation, product safety standards, liability laws and accounting standards used by US companies. Any company that wants to sell to US markets must be accessible to US investors. Anything not meeting these standards will be subject to a tariff that will begin at 10% and escalate by 1% each month until the 200% tariff rate is reached. There's no reason why we should lose the quality of life that our parents, grandparents and the generations before them worked and fought for just because someone somewhere else can cut corners and externalize costs to make things cheaper. We are losing everything because we are compromising our standards for marginally cheaper products and service.

    One major reason that health care is growing to such a huge percentage of our expenses is that it is a service that is not exportable and relies mainly on products and technologies that are highly developed and thus only come from the developed world where things are expensive. Everything is cheap in China: Goods, services and lives are all had for a pittance. If we fail to rely on our own industry in our own regime of regulation, we will ultimately reduce the value of what we own and who we are to the same level as the Chinese or the Cambodians or the Malaysians or whoever else pops up as the next country stable enough to build factories in to exploit wage slaves and ruin the local lands and seas. China has had a tremendous stimulus by sucking the money out of us for over 20 years. They will have the rest of the world to as their market and they will have most of our technology to use to continue their ascension. Without the tidal wave of money flowing from our coffers, they will have to figure out how to grow in organic, sustainable ways and how to do it without outlandishly rewarding their upper class while exploiting their lower classes. They may even decide that the one-party system isn't all it's cracked up to be. Whatever happens will be better for us and better for them. We wont have lead or cadmium infested toys and jewelry. We won't have toxic drywall, or deadly dried milk or malware-infected routers. If we don't wake up and start doing this, we're going to have to stop trying to live in a developed nation with all of the rules and regulations that we put upon ourselves because no one is going to be able to afford it. You're about to travel to the third world. Just sit back on your couch and watch the decent continue. When you go out the front door in 10 years. It will be your neighborhood. Thank you George, Bill, George and Barak.

  19. blatant Chevrolet copy by hugorxufl · · Score: 2, Interesting

    This would have been the Chery QQ which GM accused the manufacturer of copying the Chevrolet Spark/Daewoo Matiz.
    Check out
    http://paultan.org/2006/02/18/chery-qq-crash-test/
    and http://en.wikipedia.org/wiki/Daewoo_Matiz

  20. Re:Fight China -- the capitalist way! by Froomb · · Score: 2, Interesting

    Since China is a full-fledged member of the WTO, MFN has now become a right of China, guaranteed by multilateral treaty. Attempting to enact trade sanctions against China would result in the U.S. being sanctioned in the WTO dispute process.