Thursday, January 14, 2010

China Hacks Google And Others, Pursuing... What?

UPDATE Thurs. afternoon: WSJ says the attack exploited a heretofore unknown security gap in Internet Explorer. (Which versions? not mentioned.)  Reuters says Microsoft has yet to patch the flaw. The Guardian says Verisign's iDefense Labs has stated that IP addresses indicate that the Chinese government "or its proxies" are responsible for the attack. Fun times a'comin', friends; fun times a'comin' ...

I'm not a security specialist. I have the basic knowledge a competent tapper of code has to have to avoid the most common hacks... you can't work in the industry without that basic knowledge... but I'm no specialist, and beyond the level of coding to protect a running app from a malicious user, I don't know very much.

Even so, China's hack of Google (and apparently a couple of dozen other U.S.-based companies) bugs the crap out of me. For one thing, it is not clear from public statements just how much was obtained, or what malevolent uses are being made of it. Hacks of TSP data seem particularly pernicious to me, though again, I don't know the details; it's all a gut feeling for me. Read the linked article by bmaz on Emptwheel/FDL; it's one of the more thought-provoking. And be sure to read the comments; some of the commenters appear actually to be experts in the field.

What does it all mean? It means that China's exports of tainted food are not isolated incidents of shoddy products to the larger world: they are part of a systematic effort to subvert our nation's integrity. If a country deliberately sends us dangerous foods, all the while spying on private government documents (never mind whether those documents ought to be private; National Security Letters are an issue unto themselves), what are we to take away from that country's actions?

The reaction on the part of most of the businesses involved seems to be "but there's soooo much money to be made in China!" Yes, there is... and if you're going to sell your grandchildren's future for that money, I certainly hope you got a price sufficient to ease your conscience.

Is China's behavior worse than the U.S.'s so-called counterterrorism measures? Does one nation ever deserve more contempt than another for its behavior on the international stage? I don't know. China looks pretty bad to me these days; so does America. But if we don't take adequate steps to defend ourselves... something more than collecting copies of everyone's phone calls and emails, torturing alleged terrorist suspects, etc. ... I think we may look forward to a very unpleasant future.


  1. Good (and scary) list, ellroon. Everyone in America who ever eats Chinese food should read it.

  2. I think Google is really PO'ed because they cut a deal with the Chinese government that cost them a lot of good will, and the Chinese have ignored it.

    I also think that Google is coming out because they know, not simply suspect, but know that the Chinese government hacked them. This would lead me to suspect that some of what happened led back to privileged accounts on Google's system that were given to the Chinese, i.e. the attacks came from inside the normal defenses. The attacks were also against resources that are separate and distinct from Google realizes that it can't trust the Chinese within its outer defenses, and the Chinese won't accept anything less.

    At this point, the Chinese operation has become a threat to Google worldwide, and no one can accept that.

  3. Bryan, if I ran Google, I'd be out of there ASAP, and not just to prove a point. As with poisonous foodstuffs, some things China thrusts upon us are toxic, and this is one of them. China is in essence trying to set Google's business practices policies. Uh-uh. I believe the appropriate reply is "Fuck that, and no, you can forget about profiting from your association with us." They must do what they have to to get out of that relationship, using lawyers, defensive technology and whatever else it takes. Google run by China, in principle or in actuality, is completely unacceptable. What China has already done IMHO comes damned close to an act of war.



• Click here to view existing comments.
• Or enter your new rhyme or reason
in the new comment box here.
• Or click the first Reply link below an existing
comment or reply and type in the
new reply box provided.
• Scrolling manually up and down the page
is also OK.

Static Pages (About, Quotes, etc.)

No Police Like H•lmes