WikiLeaks Names China As Source Of Google Attacks
A diplomatic cable revealed on Wikileaks indicates that the Chinese government might have been behind the cyber attacks on Google earlier this year.
Wikileaks, which has earned its reputation by anonymously publishing classified documents, captured more than 250,000 U.S. diplomatic cables since 2002, some of which were written as recently as late February 2010, according to The New York Times. The cables comprise daily communications between the U.S. State Department and 270 international embassies around the world.
In what will be the first of many installments, Wikileaks posted about 220 cables, some of which were redacted to protect sources.
Among the slew of cables was one indicating that the comprehensive attack on Google and 30 other corporations was part of a coordinated computer sabotage campaign carried out by national officials, private security and cyber criminals recruited by the Chinese government.
Specifically, the cables indicated that China's Politburo had authorized the Google cyber attack on its computer systems after a senior level official had found information about himself while using the search engine, according to The Telegraph.
The coordinated attack was also responsible for breaking into U.S. computer networks, as well as those of Western allies, the Dalai Lama and other American corporations, the cables said.
China denied involvement in any attacks targeting Google and other multinational corporations. "Accusations that the Chinese government participated in cyber-attacks, either in an explicit or inexplicit way, is groundless and aims to denigrate China," a Ministry of Industry and Information Technology spokesman told the Chinese national newspaper Xinhua on Sunday.
Meanwhile, the U.S. government publicly criticized the publication of what it termed "stolen cables," warning that the information could disrupt U.S. military and commercial operations domestically and abroad, and put the lives of diplomats and America travelers at risk.
"We condemn in the strongest terms the unauthorized disclosure of the classified documents and sensitive national security information," the White House said in a statement.
Days before the cables' disclosure, WikiLeaks.org was hit with a massive denial of service attack that shut down the site on Sunday.
Prior to the release of the WikiLeaks report, the U.S. government and businesses had frequently pointed to China as a possible source of numerous cyber attacks, although accusations usually fell short of directly fingering the Chinese government.
In what many have considered the biggest and most significant malware attack in corporate history, search giant Google and more than 30 other corporations, including Intel and Adobe, suffered a serious malware attack in January appearing to be sourced from China that enabled hackers to infiltrate corporate networks to steal critical assets such as intellectual property.
Next: Google's Operation Aurora Kicks Off China Tet-A-Tet
During the attack, dubbed Operation Aurora, victims received a link delivered via e-mail or IM from what appeared to be a "trusted source." Victims clicked on the link, which redirected them to a malicious Website hosted in Taiwan that exploited a zero-day Internet Explorer vulnerability and downloaded malware. The malware then created a backdoor that connected their computers to command and control servers based in Taiwan. The malicious servers turned the machines into drones and gave the attackers access to the crown jewels of all internal corporate systems.
Later that same month, another round of cyber attacks pummeled Gmail account holders.
Three months after the attack, Google began redirecting traffic from its China-based google.cn to the less-regulated google.hk, citing censorship issues, among other things. However Google executives were prompted to reconsider the move when Chinese government officials threatened to let Google's contract expire.
Earlier this month, a U.S. government report indicated that security experts discovered that an undetermined portion of global Web traffic traveling over about 15 percent of Internet routes was redirected through Chinese servers for about 18 minutes in April before reaching its intended destination. The data in question had been traveling over networks of the U.S. military and government, such as the U.S. Senate, NASA and U.S. Secretary of Defense, as well as NGOs, multinational corporations, and U.S. allies such as South Korea, India and Australia.
In addition, the redirect enabled e-mails, instant messages and VoIP calls to be intercepted and logged, and even altered as they were en route to its final destination, raising the question within the security community as to whether any classified information was harvested.
Security experts contend that the recent news regarding the Google attacks likely won't lead to a decline of malware or security threats coming out of China. Meanwhile, the focus on intellectual property by hackers-- whether by nation states or organized cyber crime rings -- won't experience a slow down any time soon, they say.
"I would definitely say that we're seeing an ever present stepping up of the desire and effort to get sensitive information," said Matt Fairbanks, McAfee senior vice president of product and solutions marketing. "I would suspect that with increased awareness, that tactics may shift and tactics may change. If history teaches us anything, there is going to be an insatiable appetite and more and more means. I wouldn't bet on a slowing down or subsiding."