Cyberwarfare has started but not between countries.
Everyone seems to be missing the really interesting aspects of the Google-China events this week.
Most of the emphasis has been on the idea that Google is going to leave China. While Google does state that they may end up closing shop in China, that is not the whole story. It is not even the most interesting part of what is going on here.
First, what happened in this cyber attack?
Well according to Google, source in China attacked their computer system and stole intellectual property. In studying the attack, Google discovered that it really seemed to be aimed at getting information from the accounts of Chinese human rights activists.
“Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.
First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.” –Official Google Blog
Google also discovered that the Chinese attackers targeted at least 20 other companies.
While I haven’t seen any news about the other companies, there has been some new released by Google on the attack of their system. While some of their intellectual property was stolen (look for it to show up on Baidu the Chinese government run search engine) Google claims that Google app and their cloud was secure. They have also discovered Gmail accounts of the Chinese human rights activists have been accessed by a third party. Google Enterprise Blog
Google’s response has impressed me.
They have decided they will not have a censored search engine in China. Either there will have to be way for it to me uncensored or they will leave. This is where I think everyone misses the point.
It’s not that Google is leaving China.
They are telling the Chinese government “no more”. It remains to be seen how this is going to go. Will China let Google go uncensored? Will Google just leave? Will Google just decide to let things keep running after they leave and turn the censor off? Google is standing up to the communist government.
Who has the power in Cyberwar?
While it may be possible for a government to turn off the internet in their country, a running search engine could really make a difference. Imagine, if during the recent demonstrations in Iran, a running search engine turned all searches into results that aided the opposition. Will the internet works, and the search engine is running, the outcome could be changed if the search engine took sides (and probably even if it remained neutral-truth is the enemy of despotism).
But Google has shown a bit more this time than just it’s ability to search the web and return results.
They even admit that they are letting a bit more information out this time than normal. They know where the attack came from. They know what the attack was targeting. They know who they are blaming. They aren’t insinuating anything. They are telling the world who did it and why. Google is ticked off.
For those who have any doubt left, Google knows what is happening on the internet.
Google has so many bots and so much code, that there is not much that can happen without them knowing about it. They know where the traffic is coming from. They know where the traffic is going to. Google’s move into DNS hosting only further strengthens that knowledge. You really don’t want to be cheating on your Adsense ads. They will catch you.
For the first time, I am glad to see Google using that knowledge.
They exposed an attack by the Chinese government on computers in other countries. An attack that threatens your privacy as well. They attacked companies (including Google) that you may have accounts with.
It’s a cyberwar.
It’s not between countries. It’s between countries and companies. Right now, between Google and China.
Why does the title of this post include Adobe?
Near the beginning of December, a zero day exploit was announced in Adobe PDF products. This means that the exploit was already being used. Adobe decided to wait about a month before releasing a fix. Now, to me, you would have to be an idiot to allow an exploit in your software to go on for a month. That, or you have a reason for that exploit to exist for a full month damaging your customers computers and your reputation. At the moment, I’m leaning towards idiot, but…
The Adobe PDF exploit was used in some way with the Google attacks.
Did whoever make the decision at Adobe want to wait till these attacks were finished? What were they thinking? Were they taking advice from the Chinese government -maybe promised some advantage in China in return? It makes you wonder.
Have you updated Adobe PDF products on your computer yet?
Are you aiding the communists? It does not matter what operating system you use, make sure you have updated it (version 9.3 of Adobe reader was released 1-12-10). Do it now and make sure you are completely updated (I’ve had problems with versions 8 and earlier not wanting to update all the way).
I have just one more question about this whole attack. I think it is kinda cool. It really proves my point about Google knowing what goes on in the Internet. Maybe they should start a network security service.
How did Google know that 20 other companies were attacked? And before they knew.
The power in cyberwarfare has shifted.