Thursday, January 14, 2010

Google Throws Down the Gauntlet to China - Maybe

A flood of news reports have come out concerning the looming battle between Google and China over intrusions into the accounts of human rights activists ala Ghostnet.

To add to the confusion are almost simultaneous reports of alleged attacks by Iranians on China's largest search engine, Baidu, and the inevitable counterattacks of Iranian websites with pro-Chinese graffiti. What remains to be answered is why anyone in Iran would be motivated to attack and deface the Baidu website with pro-Iranian messages and graphics. The timing of these attacks are interesting as well.

As usual, there is plenty of speculation concerning the Google - China attacks and their motivations but little factual information available for analysis. Of course there is the usual problems with accurate attribution and sourcing of attacks and determining exact motivations and potential external influences including whether the Chinese government may have a role in the breaches.

However there are many other unanswered questions in the Google - China standoff. To name a few:
  1. Are these attacks related to, or a continuation of, the Ghostnet attacks? In an official blogpost, David Drummond, Google's Chief Legal Officer, pointed specifically to the Ghostnet report but didn't explicitly link them;

  2. Mr. Drummond's post also stated that "[a]s part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses--including the Internet, finance, technology, media and chemical sectors--have been similarly targeted." A full list of these companies has not been made public to date but it would be very informative to understand the exact relationship between the Google attacks (believed to target human rights activists) and the other companies. Is someone in China targeting human rights activists in chemical companies?!?;

  3. What are Google's and China's next steps? It's obvious that both entities have merely set up negotiating positions: Google did not close nor has it (yet) stopped censoring Chinese Internet searches; China's initial, official responses have been muted. Obviously, both sides don't want to do anything rash and there may be other agendas in play.
One of the biggest problems in understanding these attacks is the disjointed approach to investigating. These attacks span the world (The US, China, Iran, EU countries, Japan, Taiwan...) each with its own agenda and political and economic considerations. Additionally, there is no central coordination of information or analysis. Even within the US, some victims will cooperate; others will not. Among those that cooperate, some will have good monitoring and data collection capabilities; others will not. It's most likely we will never fully understand these attacks and if we don't understand them it will be next to impossible to effectively counter them.

Iranian Hackers Deface Top China Website
Hackers in Frontline of China's Cyberwar
A New Approach to China
China gives first response to Google threat

No comments: