China Hacks Google, Etc.

By Gadi Evron
Gadi Evron

Many news sources are reporting on how Google and other corporations were hacked by China.

The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day.

Unlike my colleagues (save for the ones reporting), I rather not discuss this too much before more data is available.

Regardless of what really happened, which I hope we will know more on later, these things are clear:

1. Unlike GhostNet, which showed an interesting attack, but unfortunately many of us jumped to conclusions without evidence that it was China behind them — based on Ethos alone I'd like to think that when Google says China did it, they know. Although being a commercial company with their own agenda, I am saving final judgment.

2. The 0day disclosed here shows a higher level of sophistication, as well as m.o. which has been shown to be used by China in the past.

3. If this was China, which some recent talk seems to make ambiguous, but still likely; they would have more than just one weapon in their arsenal.

4. This incident has brought cyber security once again to the awareness of the public, in a way no other incident since Georgia has succeeded, and to political awareness in a way no incident since Estonia has done.

Update: Text corrected as per comment below.

By Gadi Evron, Security Strategist. Visit the blog maintained by Gadi Evron here.

Related topics: Censorship, Cyberattack, Cybersecurity, Email, Malware, Privacy

Comments

Ghostnet Report Ron Deibert  –  Jan 15, 2010 11:05 AM PDT

Mr. Evron apparently has never read the Ghostnet report, or is misinformed.  Either way, what he says above about us drawing the conclusion that "China was to blame" is factually incorrect. 

On the contrary, we go to great lengths in our report to draw out alternative explanations, which can be found beginning on page 46:

here

I suggest you read the report, Mr. Evron, before you make such a misinformed statement.

Ron Deibert, Director, the Citizen Lab, Principal Investigator, Information Warfare Monitor.

Ron,You are absolutely right, I am wrong.In Gadi Evron  –  Jan 15, 2010 11:17 AM PDT

Ron,

You are absolutely right, I am wrong.
In fact, my respect for your work is exactly why you are mentioned as item #1, before the current incident.

What I wrote:
"1. Unlike GhostNet, which showed an interesting attack but jumped to conclusions without evidence that it was China behind them"

What was supposed to be written:
".. an interesting attack, but unfortunately many of us jumped to conclusions without evidence that it was China behind them", which is what I said at the time, and which also highlights the same thing happening now as I discuss in item #3.

I apologize for this error, and it will be corrected shortly. If such an unfortunate error occurs again, please drop me a line.

thanks Ron Deibert  –  Jan 15, 2010 7:12 PM PDT

Mr Evron

Thanks for the explanation — I understand how this could happen and I appreciate the clarification.

Best wishes
Ron