Tuesday, January 26, 2010

Google v China - a war of words

As the row between Google and China enters its second week the political temperature has risen with both the US and China making stronger statements. China has released dozens of statements with the story carefully managed through state owned media outlets. The US meanwhile has been just as noisy with long speeches and accusatory statements coming from Washington. There are also fresh revelations which seem to give more credence to the theory that China was behind the cyber-attacks on Google, something China hotly dispute.

In the first clear statement from China, a spokesman from the Ministry of Information told Xinhua that recent criticisms were an attempt to "denigrate China". While not referring directly to Google or Secretary of State Hillary Clinton's speech on Internet Freedom, the spokesperson said, "Any accusation that the Chinese government participated in cyber-attacks, either in an explicit or indirect way, is groundless and aims to denigrate China. We are firmly opposed to that." [Guardian]

An article on the Xinhua website said that China was itself victim to cyber-attacks. "China is the biggest victim country of hacking as its Internet has long been facing severe threats of hacker and online virus attacks," the spokesman insisted. According to Xinhua, official data showed more than one million IP addresses were under control by overseas sources and the number of Web sites tampered by hackers exceeded 42,000 last year. The article also cited the Conficker worm virus wich it said had infected 18 million computers per month in 2009, the most in the world, or 30% of the global total infected. According to the Internet Society of China, the number of cyber-attacks from abroad saw a year-on-year increase of 148% in 2008, Xinhua said.

It is interesting that the article particularly refers to Conficker a computer virus that surfaced in 2008 and which some believe may have even originated in China. Im March last year BKIS, a Vietnamese security firm that makes the BKAV antivirus software, said that they had found clues that the virus might have originated in China [CNET]. The firm's conclusion was based on its analysis of the virus' coding. It found that Conficker's code is closely related to that of the notorious Nimda, a virus that wreaked havoc on the Net and e-mail in 2001. At that time, BKIS determined that Nimda was made in China, again based on the firm's own data. Of course the findings alone do not prove that China, or the hacking community within the country were responsible, but there is a growing feeling amongst many in the computer security industry that many threats are indeed originating from within the PRC.

The havoc brought about by such viruses is widespread. Computers in Britain and across Europe as well as the US have been affected. In China too millions have been affected, in many cases by home-grown attacks. In 2003 the BBC reported that a lack of understanding about Internet security as well as a failure to run anti-virus software were the main reasons that people became susceptible. 

Official figures quoted by the Xinhua state news agency showed that about 85% of computers were infected with a computer virus during 2003. At that time there were only 68 million Internet users, a figure that has almost quadrupled in the last 6 years. In 2008 computer virus stats from Rising Anti-Virus showed a significant rise in the number of virus attacks. From Jan-Nov of 2008, their figures showed a 12.16% increase over the same time period the year before. Rising intercepted over nine million new virus samples with 83.4% of the sample comprising of trojans (5,903,695 samples) and back door viruses (1,863,722 samples). The majority of these viruses were used by hackers to steal virtual property. 

Some of the Trojan Horses may be or a greater worry not only to the average computer user, but also the military. An insidious computer virus discovered on digital photo frames in early 2008 was identified as a powerful new Trojan Horse from China that collects passwords for online games, but it has been suggested its designers might have larger targets in mind. The authors of the Trojan Horse are well-funded professionals whose malware has "specific designs to capture something and not leave traces," Grayek, from Computer Associates said at the time. "This would be a nuclear bomb" of malware. By studying how the code was constructed and how it was propagated, Computer Associates traced the Trojan to a specific group in China. While Grayek would not name the group of "well-funded professionals" many speculate it would likely be the Chinese military [SFGate].

Mocmex, as it has been named, recognizes and blocks antivirus protection from more than 100 security vendors, as well as the security and firewall built into Microsoft Windows. It downloads files from remote locations and hides files, which it names randomly, on any PC it infects, making itself very difficult to remove. It spreads by hiding itself on photo frames and any other portable storage device that happens to be plugged into an infected PC.

While protection given by leading security software has generally eradicated the threat posed by these examples, it is clear the attacks are likely to continue. And military analysts are particularly concerned about China and its motives. In November 2008 it was reported that the largest US military base in Afghanistan was hit by a computer virus affecting nearly three quarters of the computers on the base. According to US News it was not the first such cyber-attack, and officials said that earlier incarnations of the virus had exported information such as convoy and troop movements. Officials familiar with the computer attack characterized it as extremely aggressive and said that it originated in China. However, they were unable to determine whether the viruses were part of a covert Chinese government effort or the work of private hackers. US military spokesmen at Bagram declined to comment, citing operational security but privately, US military officials expressed grave concerns. The Chinese "learn a lot from these attacks," said one US military intelligence official. "Like how our logistics and other systems work."

One year later and the USCC released a report outlining China's preparedness for a so-called cyber-war [PDF]. According to another report the PLA [People's Liberation Army] is investing in computer network operations such as network attacks, network defenses, and network exploitation [PDF]. "The PLA sees [computer network operations] as critical to achieving 'electromagnetic dominance' early in a conflict," said the report, adding that China is focused on developing the ability to disrupt battlefield information systems. The DOD also reported that while China is focused on preparing for potential conflict in the Taiwan Strait, it's also "surveying the strategic landscape beyond Taiwan." 

While China claims it is just as much the victim of virus and computer attacks as other countries, these seem to mostly affect individuals. Around 42,000 Chinese websites were said to have been hacked last year according to China. However, figures released by authorities are often difficult to reconcile or verify. Statements released by officials are verging on double-speak with comments like China having an "open" Internet. Ma Zhaoxu, spokesman for the Foreign Ministry claimed that, "China's Internet is open and managed in accordance with law." In addition she claimed China was a country most active in developing the Internet and that Chinese citizens' freedom of speech was protected by the Constitution [Xinhua]. Unless of course it conflicts with government opinion.

In further revelations today, the Financial Times reported that personal friends of employees at Google, Adobe and other companies were targeted by hackers in a string of recently disclosed cyber-attacks raising privacy concerns and pointing to a highly sophisticated operation. The paper said cybersecurity experts analysing the attacks said the hackers spied on individuals and used other sophisticated techniques making them extremely difficult to stop. Whether the attacks were initiated by China and its army of government sponsored hackers is unclear, but it seems more than a coincidence.

McAfee discovered that a previously unknown flaw in Microsoft's Internet Explorer had been used in the attacks. George Kurtz, chief technology officer at security firm McAfee, said the attackers also used one of the most popular instant messaging programmes to induce victims to click on a link that installed spy software. Another element of the attack code used a formula only published on Chinese language websites, said Joe Stewart, a researcher for security firm SecureWorks. Stewart also found that some of the code had been assembled in 2006, suggesting that the campaign had been not only well organised but enduring [CNET].

Google has been very quiet since its bold statement back on 13th January. China claims not to have spoken to Google about the issues, and Google has only said it is seeking meetings. As regards today's revelations a Google spokesperson said, "We are not going to comment on the specifics of the attack in more detail than we have already done because our investigation is ongoing. We also can't comment on what McAfee may have observed from other affected companies." In the only clear reference as to whether insiders at Google China played a role, the company seemed to confirm it was at least investigating the possibility. "While we continue to investigate this targeted and sophisticated attack, to date we have seen no indication of any insider involvement," the spokesperson said.

The end-game is far from clear. China is unlikely to capitulate and relax its tight grip on the Internet. Google's position remains tenuous. Since the statement two weeks ago there appears to have been no movement on either side. Google.cn remains up and running, and searches remain as restricted as ever. In this high tech game of poker, other companies are also looking to gain advantage if Google were to follow through. Microsoft's Bill Gates raised eyebrows on ABC's Good Morning America when he said that "Chinese efforts to censor the Internet have been very limited." For the most part, users can easily go around the firewall, Gates said [Atlantic]. He also delivered a veiled criticism of Google saying businesses need to decide if they want to "obey the laws of the countries you're in" or "not end up doing business there." Yahoo in the US have meanwhile backed Google's stance, even if it did earn it criticism from Alibaba who hold 61% of Yahoo China [BBC].

The war of words is likely to go on for some time yet. As to whether it will develop into a full blown cyber-war, trade war or worse, only time will tell.

tvnewswatch, Beijing, China

No comments: