Google Engages China with Cyber Vigilantism

January 17, 2010 by ADMIN

Share |

By Richard Stiennon, Chief Research Analyst, IT-Harvest

Last week’s revelation by Google that they had been hacked by China is an important event in two dimensions.

First the moral dimension. When you play nice with totalitarian states you are going to get burned.

Google has long maintained that by providing their search, hosted blogging, and email services to the people of China they were supporting access to information and community that would be a long term benefit.

A benefit that outweighed the evil of blocking or redirecting searches on “Tibet” and “Falun Gong” and “democracy” at the behest of the Chinese Communist rulers.

Well that is wrong.

Can you imagine Google blocking search terms on making bombs or jihadist recruiting sites in the US? Well why not?

It is pretty transparent that Google has been motivated by the potential for business in a country that has the largest population of Internet users.

Google should pull out of China until they are allowed to operate there with no government interference.

Now the attack dimension.

According to Google’s official statements the attacks against them followed a very familiar MO, one that is indeed associated with other attacks from China that were probably used to compromise email servers at Whitehall in the UK, the Chancellery in Germany, and the US Pentagon.

Custom Trojans are attached to emails and sent to particular email addresses within the target.

This is the exact technique used by China to compromise the Office of the Dalai Lama as uncovered by SecDev and published in the ground breaking GhostNet report by InfoWarMonitor.

While vulnerabilities in Adobe’s PDF reader may be associated with the attack it is important to note that a zero-day vulnerability is not needed to get a custom Trojan installed; any old un-patched vulnerability will do.

The “customization” is there to avoid detection by AV products.

As Google discovered they have been caught up in a massive espionage effort that goes well beyond their operations. Every enterprise should learn from this incident.

If Google can succumb to this simple method of attack what can your organization do to protect its information and IT assets?

Read this blog and I will tell you as I research my next book: Cyber Defense: Countering Targeted Attacks.

Google Engages in Cyber Vigilantism

Recently I related communications I had with The Jester, an individual who has decided to express his outrage at Jihadist organizations by systematically taking down their web sites.

This week we learned that engineers at Google had been engaging in their own form of cyber vigilantism by hacking into a command and control server in Taiwan.

In what is rapidly turning into a game-changing story we are getting reports that 33 or more organizations have succumbed to what many experts are claiming to be very sophisticated attacks against their networks with the intent of stealing intellectual property, and in the case of Google, targeted the identities of outspoken Chinese activists.

Even from the first announcement it was apparent that Google engineers had tapped into a server that was involved with the attacks they had witnessed. How else would they have discovered the other targets?

This is a familiar story. It is how Shawn Carpenter got embroiled in Titan Rain in 2004.

It is how the Israeli police uncovered the Israeli Trojan fiasco. It is how the SecDev researchers traced the extent of GhostNet.

I can think of two ways that Google could have hacked into a server in Taiwan without engaging in legally questionable activity.

1. They contacted the owner of the server and asked. Or

2. They were the owners of the server.

Either way there are some un-answered questions in the Google-China affair.

* * *

Stay Informed With ISR News Alerts:

* * *

Announcing the birth of Cyber Defense Weekly, a newsletter created to give participants in this new category a comprehensive summary of the week’s news, product announcements, and escalations in cyber threats.

Simply provide your email address here to become a subscriber.

Comments and input are welcome as always on this critical new category.

Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He recently re-launched the security blog ThreatChaos.com and is the founder of IT-Harvest, an independent analyst firm that researches the 1,200 IT security vendors. He was Chief Marketing Officer for Fortinet, Inc. the leading UTM vendor. Prior to that he was VP Threat Research at Webroot Software. Before Webroot, Mr. Stiennon was VP Research at Gartner Inc. where he covered security topics including firewalls, intrusion detection, intrusion prevention, security consulting, and managed security services for the Security and Privacy group. He is a holder of Gartner’s Thought Leadership award and was named “One of the 50 most powerful people in Networking” by NetworkWorld Magazine.

The Publisher gives permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author and to Information-Security-Resources.com

These icons link to social bookmarking sites where readers can share and discover new web pages.