The curious case of the Chinese Goooogling


When does the act of a nation state take on the specter of war? Consider if you will that at some point a transgression most assuredly has the emotional and physical manifestations of war. The Japanese attack against United States interests in Pearl Harbor most assuredly was war. The Gulf of Tonkin incident precipitated the expansion of a conflict but was never considered a war. As a corrolary the events of 9/11 has led to a “war on terrorism” but there has been no declaration of war against another nation state. The concept of war itself has become muddied. With a war on drugs, war on poverty, various other wars and strenuous debates it is not unusual to see the term war used as a common in sentences where there should be more periods. So, as to China v. Google was it war? Doubtful, but the incident is very interesting.

Google by their statement refer to the incident as an attack. So, for this scenario we have a nation state accused by an international corporation of an attack against their services.  In Googles statement they say the allege the following 1) multiple corporations were attacked; 2) The goal was to gain information on Chinese citizen activists; 3) Non-Chinese citizen activists were also targeted.  As to whether this rises to the state of war the Secretary of State Hillary Rodham Clinton in her statement did not suggest this.

The best-detailed analysis I have been able to find is by Nart Villeneuve on his blog. In his report he suggests that a variety of exploit methods may have been used.  Whether an Internet Explorer zero-day, a Adobe zero-day, delivering a Trojan (pay load) the pattern of the attack is pretty consistent.

There are a variety of examinations on details within the attack. The path to an attack is fairly simple to discuss and much harder to actually do;

  1. Determine a scope and objective for the attack.
  2. Create an acquisition mechanism.
  3. Determine a delivery and propagation mechanism.
  4. Using a varied path (heterogeneous) select targets of opportunity.
  5. Place the exploit code into the wild with the propagation and acquisition mechanism in place.
  6. Diversity of the delivery mechanism across the largest target population is important.
  7. Exfiltration of information and tuning of the attack after contact with targets increases the risk substantially.

Change a few words here and there and you have the components of how an intelligence operation is prepared, executed, and closed with information gained. In other words the Google attack looks a lot like espionage and very little like war. We’re talking about active attack to by hostile act exfiltrate information from a subject not willing to give it up. As such done by a nation state and the kind of information that was gathered looks a lot like what the United States has used systems passively to do in the past. Specifically Echelon, Carnivore and currently Einstein 2 are technologies that monitor communications. Carnivore is packet sniffer software all of the targets network traffic.  Einstein 2 is similar to Carnivore as an intrusion detection program versus monitoring program. The Einstein 2 tool is supposed to only be used on government networks though some security and privacy advocates worry about expansion of it’s use. Echelon was used internationally to sniff and capture “all” traffic or signals worldwide. Nobody in the United States has stated that these programs are acts of war.

In an interesting twist it appears according to one report that the exploit used the internal intercept system required by United States law enforcement to snoop emails for search warrants. In analysis, if true, then the Chinese will have used the exploit to facilitate what they state is their law enforcement response. In other words the exploit used the system the way it was designed. China has not refuted the allegations and has responded to the Google assertions of censorship.

There are some open questions after the exploit. Can you have any expectation of privacy when using a hosted solution by an international company if some host countries are willing to exploit that company? The CIO of the United States government has been pushing for a swap to Gmail, which at this point looks absurd. As other have said you shouldn’t be using Gmail if secrecy or privacy is of any concern. Schools and other organizations with federal and state regulation should stay away from Gmail. Consider the case of an academic who active with any group of political activism or human subjects concerns. We now have proof that there is risk in using these solutions. I imagine Yahoo and others have similar issues.

This appears to be an interesting point where many would say that I am taking the side of China against Google. Though I have zero love for the privacy squandering practices of Google I bare them no enmity. My concern is the substantial use of the terms “cyber war” instead of the actual terms that might describe this situation. Espionage is bad enough. It is good to live in interesting times. Have a comment, suggestion, link, be my guest in the comments section below. Registration required but just like reading this article it costs nothing.

2 comments for “The curious case of the Chinese Goooogling

Leave a Reply