The Context of China's Google Hack, and How I Was (Maybe) Hacked Too
Exclusive from Motherboard
Over the holidays, Google got a present from China: a furious barrage of hack attacks. The primary targets were apparently the Gmails of human-rights activists and their friends.
Right now lots of people are scrambling to deal with the potential of a Google-less China -- Google executives, China's freedom-of-speech lovers, maybe a few Chinese officials.
But someone, somewhere, is letting out one of those deep evil laughs, in between sips of green tea. With or without Google.cn, China's firewall and censorship rules will only disappear when another outfit leaves China: the Communist Party. Sorry to those who believe the freedoms of the global economy and the internet and Google could set China on a Hills-Are-Alive skip fest through the hills, lifting its skirts. It's safe to say the Party's not gonna end anytime soon.
I made a mental Gmail search back to the middle of a summer day in 2007. While working in Beijing as a freelance journalist, I logged out of Gmail and called my friend from a landline, somewhat amused with myself, somewhat frantically, after I published a blog post on what I witnessed during a Beijing drug bust gone horribly brutal and racist.
Now my cell phone signal was punctuated by a clicking sound and I was having trouble logging into Gmail. In the months prior, from time to time I had noticed a couple of logins to my account from strange IP addresses. But I hadn't changed my password, perhaps in the hopes of collecting more evidence of possible hackers. Now I'd connected the dots. "Neil, can you change my password to your password?" I asked my friend in a near whisper. I happened to know his password, and was banking on the hope that if anyone was listening in they wouldn't. "Uhhh. Okaaay?" was the reply. He did it. And I haven't changed it since.
Of course, I was probably overreacting. But that's what happens when you spend enough time in China. Like Jeremy Bentham's Panopticon, China's nasty spy tech regime works so well precisely because you never know when you're the target of Communist surveillance. And for all we know, the guards in the tower have laser-guided listening devices, thermal goggles and the largest army of hackers on the planet.
Back to last month, when some particularly capable hackers took a stab at Google. Now there's no shortage of beef between Google and China, of course. Google has been perceived as a threat to China's homegrown search engines, first among them Baidu. Once, when Google went down in China, users looking for google.cn were redirected to the latter. Nationalist sentiment also seemed to play a role when Beijing basically accused Google of distributing porn in China. And that's of course related to the whole censorship smackdown: Google is subject to Chinese law, which means a Google search in Chinese won't give you the truth about Tiananmen, Tibet, Taiwan and other T words.
But the hack on Google had nothing to do with China-Google tensions. It has a lot to do with Chinese censorship.
Writes David Drummond, Google senior vice president and chief legal officer, about the hacks -- which also apparently targeted twenty other large companies,
We have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
... as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users' computers.
And then he threatens to break up with China.
These attacks and the surveillance they have uncovered -- combined with the attempts over the past year to further limit free speech on the web -- have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.
Even if Google packs up -- and I highly doubt even the "do no evil" company would leave the world's fastest growing economy -- would the move change China's censorship regime, or prevent further hacking?
There's little indication that Beijing would be willing to let up on the censorship front. But if Google's threat could be backed up by other foreign companies -- Microsoft and Yahoo! -- the effect could be similar to what happened when multinationals spat on China's demand last year to install its Green Dam filtering software on every computer sold in the country. The backlash from these companies led Green Dam to a quiet death for the time being, even as China continues to, presumably, upgrade its firewall.
And the Green Dam snafu highlighted other potentially strong Google allies: Chinese computer users. The possibility of losing Chinese Google would be unthinkable to many in China, including government officials. If Gmail (which may not be affected by a Google pull-out) is crucial to China's activists, it's also essential to the work of business and bureaucracy too. A potential exit already has some Chinese rallying in support of Google, in demonstrations at their headquarters and on Twitter.
In any case, no company is safe from Chinese hack attacks, which are, evidence suggests, the work not only of a growing army of government hackers but of proud Chinese civilians. (There's a rumor on Wikileaks that the attacks came from inside Google's Shanghai office, which given the depth of the hack, seems plausible.)
The era of strategic hacking, chronicled by a project called the Information Warfare Monitor, got serious earlier this year, when researchers uncovered what's now known as GhostNet. This global network of super-sophisticated spyware, run from IPs on China's Hainan island, where its Navy is based, is mainly focused on computers of ministries of foreign affairs, embassies, international organizations, news media, and NGOs. Among other things, it can apparently turn on computers' webcams and get full frontals of presumably unsuspecting Tibetan rights campaigners and diplomats in their underwear.
I should mention here that after returning from China in 2009 (after a final trip to Tibet) my laptop's webcam has a funny habit of switching on at random times.
But maybe I'm just going crazy. Maybe, like Google, I've just spent a little too much time in China.