Still, it’s difficult to overstate the significance of this decision, especially given the morally murky nature of most relationships between Chinese authorities and major Internet players that has served as the status quo over the last decade. Will it have an impact on free speech in China? Probably not much. But Google has taken a stance, which only makes it easier for other companies to start doing the same.
But the flurry of analysis and news reports on the issue has only briefly touched on what I consider to be the larger problem underneath all this: China’s growing prowess in the art of the cyberattack. I’ve expressed my skepticism of doom-and-gloom scenarios of cyberattacks bringing down electrical grids and water supplies before, but breaches of privacy, cyber espionage, and denial-of-service attacks are common and effective. Google’s public statement released on Tuesday describes the reach of the attacks that led up to their decision to reconsider working in China:
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses—including the Internet, finance, technology, media and chemical sectors—have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant US authorities.
Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.
Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.
Reports have surfaced that Adobe, Northrop Grumman, and Yahoo could have been other victims of similar security breaches as well.
True, there is no hard evidence to prove that these recent attacks were caused by Chinese governmental authorities themselves (although nobody is shy in suspecting as much). Concerns over China’s increasing expertise in cyberattacks – especially in probing other countries’ networks – is not new. Last October, the US-China Economic and Security Review Commission released a report entitled “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.” Part of the report notes:
General James Cartwright, while serving as the Combatant Commander of US Strategic Command, testified before a Congressional commission that China is actively engaging in cyber reconnaissance by probing the computer networks of U.S.
government agencies as well as private companies. He further noted that the intelligence collected from these computer reconnaissance campaigns can be used for myriad purposes, including identifying weak points in the networks, understanding how leaders in the United States think, discovering the communication patterns of American government agencies and private companies, and attaining valuable information stored throughout the networks.
A review of the scale, focus, and complexity of the overall campaign directed against the United States and, increasingly, a host of other countries around the world strongly suggest that these operations are state-sponsored or supported.
The report goes on to detail the level of sophistication reached by the PLA’s efforts to build their information networks and exploit that of others.
Simply put, China’s use of cyber attacks has reached such a problematic point that even a major company like Google sits up and sounds the alarm to the point of threatening to pull out entirely. The silent discomfort between U.S. and China over the consistent probing of American networks may finally break into vocal protest.