Santa Clara, California:
Last month, when Google engineers at their vast campus in Silicon Valley began to suspect that Chinese intruders were breaking into private Gmail accounts, the company began a secret counteroffensive.
It managed to gain access to a computer in Taiwan that it suspected of being the source of the attack. Peering inside that machine, company engineers actually saw evidence of the aftermath of the attacks, not only at Google, but at least 33 other companies, including Adobe, Northrup Grumman and Juniper Networks. Seeing the breadth of the problem, they alerted U.S. intelligence and law enforcement officials and worked with them to assemble powerful evidence that the masterminds of the attack were not in Taiwan, but on the Chinese mainland.
But while much of the evidence, including the sophistication of the attack, strongly suggested an operation run by Chinese government agencies, or at least approved by them, company engineers could not definitively prove their case. Despite that uncertainty, Google has threatened to close its China-based operations and stop cooperating with Chinese censors.
Today that uncertainty, and concerns about confronting the Chinese without strong evidence, has frozen the Obama administration's response to the intrusion, one of the biggest cyberattacks of its kind, and to some extent its response of other targets, including some of the most prominent American companies.
President Barack Obama, who has repeatedly warned of the country's vulnerability to devastating cyberattacks, has said nothing in public about one of the biggest examples since he took office. And the White House, while repeating Obama's calls for Internet freedom, has not publicly demanded a Chinese government investigation, though a senior administration official, when pressed on Thursday, said, "We expect the Chinese to explain what happened."
On Thursday, China's Foreign Ministry deflected questions about Google's charges and dismissed its declaration that it would no longer "self-censor" searches conducted on Google.cn, its Chinese search engine. A ministry spokeswoman said simply that online services in China must be conducted "in accordance with the law."
In interviews in which they disclosed new details of their efforts to solve the mystery, Google engineers said they doubted that a nongovernmental actor could pull off something this broad and well organized, but they conceded that even their counterintelligence operation, taking over the Taiwan server, could not provide the kind of airtight evidence needed to prove the case.
The murkiness of the attack is no surprise. For years, the National Security Agency and other arms of the U.S. government have struggled with the question of "attribution" of an attack; what makes cyberwar so unlike conventional war is that it is often impossible, even in retrospect, to find where the attack began, or who was responsible.
The questions surrounding the attack have companies doing business in China scrambling to confirm that they were victims. Symantec, Adobe and Juniper acknowledged in interviews that they were investigating whether they had been attacked. Northrup and Yahoo, also described as subjects of the attack, declined comment.
Besides being unable to firmly establish the source of the attacks, Google investigators have been unable to determine its objective.
Was it to gain commercial advantage; insert spyware; break into the Gmail accounts of Chinese dissidents and American experts on China who frequently exchange e-mail messages with administration officials; or all three? In fact, at least one prominent Washington research organization with close ties to administration officials was among those hacked, according to one person familiar with the episode.
Even as the United States and companies doing business in China assess the impact, the attack signals the arrival of a new kind of conflict between the world's No.1 economic superpower and the country that, by year's end, will overtake Japan to become No. 2.
It makes the tensions of the past, over China's territorial claims or even the collision of a U.S. spy plane and Chinese fighter pilots nine years ago, seem as outdated as a grainy film clip of Mao reviewing the May Day parade. But it also lays bare the degree to which China and the United States are engaged in daily cyberbattles, a covert war of offense and defense on which the United States is already spending billions of dollars a year.
Computer experts who track the thousands of daily attacks on corporate and government computer sites all report that the majority of sophisticated attacks seem to emanate from China. What they cannot say is whether the hackers are operating on behalf of the Chinese state or in a haven that the Chinese have encouraged, because it serves many of China's interests.
The latest episode illuminates the ambiguities.
To throw investigators off the scent, the servers that launched many of the attacks were based in Taiwan, though a Google executive said "it only took a few seconds to determine that the real origin was on the mainland."
At Google's headquarters in Moutain View, there is little doubt that China's government was behind the attacks. Partly that is because at the same time Obama was hailing a new era of cautious cooperation with China, Google was complaining about mounting confrontation, chiefly over Chinese pressure on the company to make sure Chinese users could not directly link to the American-based "google.com" site, which would evade much of the censorship the company had reluctantly imposed on its main Chinese portal, google.cn.
"Everything we are learning is that in this case the Chinese government got caught with its hand in the cookie jar," said James A. Lewis, a senior fellow at the Center for Strategic and International Studies in Washington.
Lewis, who was a consultant to the White House on its cybersecurity strategy last spring, added: "Would it hold up in court? No. But China is the only government in the world obsessed about Tibet, and that issue goes right to the heart of their vision of political survival and putting down the separatists movements."
Over the years, there have been private warnings issued to China, notably after an attack on the computer systems used by the office of the secretary of defense two years ago. A senior military official said in December that that attack "raised a lot of alarm bells," but the attacker could not be pinpointed. The administration privately cautioned Chinese officials that attacks seemingly aimed at the national security leadership of the United States would not be tolerated, according to one American who took part in delivering that message.
It managed to gain access to a computer in Taiwan that it suspected of being the source of the attack. Peering inside that machine, company engineers actually saw evidence of the aftermath of the attacks, not only at Google, but at least 33 other companies, including Adobe, Northrup Grumman and Juniper Networks. Seeing the breadth of the problem, they alerted U.S. intelligence and law enforcement officials and worked with them to assemble powerful evidence that the masterminds of the attack were not in Taiwan, but on the Chinese mainland.
But while much of the evidence, including the sophistication of the attack, strongly suggested an operation run by Chinese government agencies, or at least approved by them, company engineers could not definitively prove their case. Despite that uncertainty, Google has threatened to close its China-based operations and stop cooperating with Chinese censors.
Today that uncertainty, and concerns about confronting the Chinese without strong evidence, has frozen the Obama administration's response to the intrusion, one of the biggest cyberattacks of its kind, and to some extent its response of other targets, including some of the most prominent American companies.
President Barack Obama, who has repeatedly warned of the country's vulnerability to devastating cyberattacks, has said nothing in public about one of the biggest examples since he took office. And the White House, while repeating Obama's calls for Internet freedom, has not publicly demanded a Chinese government investigation, though a senior administration official, when pressed on Thursday, said, "We expect the Chinese to explain what happened."
On Thursday, China's Foreign Ministry deflected questions about Google's charges and dismissed its declaration that it would no longer "self-censor" searches conducted on Google.cn, its Chinese search engine. A ministry spokeswoman said simply that online services in China must be conducted "in accordance with the law."
In interviews in which they disclosed new details of their efforts to solve the mystery, Google engineers said they doubted that a nongovernmental actor could pull off something this broad and well organized, but they conceded that even their counterintelligence operation, taking over the Taiwan server, could not provide the kind of airtight evidence needed to prove the case.
The murkiness of the attack is no surprise. For years, the National Security Agency and other arms of the U.S. government have struggled with the question of "attribution" of an attack; what makes cyberwar so unlike conventional war is that it is often impossible, even in retrospect, to find where the attack began, or who was responsible.
The questions surrounding the attack have companies doing business in China scrambling to confirm that they were victims. Symantec, Adobe and Juniper acknowledged in interviews that they were investigating whether they had been attacked. Northrup and Yahoo, also described as subjects of the attack, declined comment.
Besides being unable to firmly establish the source of the attacks, Google investigators have been unable to determine its objective.
Was it to gain commercial advantage; insert spyware; break into the Gmail accounts of Chinese dissidents and American experts on China who frequently exchange e-mail messages with administration officials; or all three? In fact, at least one prominent Washington research organization with close ties to administration officials was among those hacked, according to one person familiar with the episode.
Even as the United States and companies doing business in China assess the impact, the attack signals the arrival of a new kind of conflict between the world's No.1 economic superpower and the country that, by year's end, will overtake Japan to become No. 2.
It makes the tensions of the past, over China's territorial claims or even the collision of a U.S. spy plane and Chinese fighter pilots nine years ago, seem as outdated as a grainy film clip of Mao reviewing the May Day parade. But it also lays bare the degree to which China and the United States are engaged in daily cyberbattles, a covert war of offense and defense on which the United States is already spending billions of dollars a year.
Computer experts who track the thousands of daily attacks on corporate and government computer sites all report that the majority of sophisticated attacks seem to emanate from China. What they cannot say is whether the hackers are operating on behalf of the Chinese state or in a haven that the Chinese have encouraged, because it serves many of China's interests.
The latest episode illuminates the ambiguities.
To throw investigators off the scent, the servers that launched many of the attacks were based in Taiwan, though a Google executive said "it only took a few seconds to determine that the real origin was on the mainland."
At Google's headquarters in Moutain View, there is little doubt that China's government was behind the attacks. Partly that is because at the same time Obama was hailing a new era of cautious cooperation with China, Google was complaining about mounting confrontation, chiefly over Chinese pressure on the company to make sure Chinese users could not directly link to the American-based "google.com" site, which would evade much of the censorship the company had reluctantly imposed on its main Chinese portal, google.cn.
"Everything we are learning is that in this case the Chinese government got caught with its hand in the cookie jar," said James A. Lewis, a senior fellow at the Center for Strategic and International Studies in Washington.
Lewis, who was a consultant to the White House on its cybersecurity strategy last spring, added: "Would it hold up in court? No. But China is the only government in the world obsessed about Tibet, and that issue goes right to the heart of their vision of political survival and putting down the separatists movements."
Over the years, there have been private warnings issued to China, notably after an attack on the computer systems used by the office of the secretary of defense two years ago. A senior military official said in December that that attack "raised a lot of alarm bells," but the attacker could not be pinpointed. The administration privately cautioned Chinese officials that attacks seemingly aimed at the national security leadership of the United States would not be tolerated, according to one American who took part in delivering that message.
Track Latest News Live on NDTV.com and get news updates from India and around the world
