Maybe you’ve heard -  Google has recently discovered a rash of China-based malware attacks targeting not only Google, but dozens of other major US companies (and certain gmail users) as well.  In response, the company has decided that the practice of censoring Google.cn search results - a practice the company had previously accepted as part of doing business in China since 2005  -  is no longer quite so acceptable.  Google’s decision to defy the Chinese government at the expense of the sizable investment the company has already made in the world’s most rapidly growing internet market was  remarkable - and it was announced in an equally remarkable fashion: via a post on the official company blog written by Google’s chief legal officer David Drummond.

China, for its part, is not blinking.

As Strother Martin once told Paul Newman, what we’ve got here is a failure to communicate.

Will Google leave China?  It now seems almost as likely as Conan leaving NBC.

A lot of the coverage of the Google-China standoff has focused on the censorship issue.  However, we feel the recently discovered attacks alone are responsible for Google’s decision (again, the company had already accepted the ‘censored-search-results/fastest-growing-internet-market’ tradeoff several years ago).

In fact, reading between the lines of the Google announcement, it’s not difficult to come away with the feeling that:

1. Google is pretty spooked by the level of sophistication behind the recent attacks.
2. The Google intellectual property compromised was more than a few Gmail accounts.
3. Google has some evidence implying the attacks could have well been launched with either the tacit approval or the active participation of the Chinese government.
4. Google is, well, pretty ticked off.

While ostensibly drawing a line in the sand with China over censorship, Google is also taking additional security precautions.  For example,  in reaction to the successful breach of several users’ Gmail accounts, the company has just taken the (transparent to the user) step of encrypting all Gmail traffic via the same technology used to protect online banking and e-commerce sites - that’s what the ‘https‘ prefix you might have seen means (it’s still worth noting, though, that TLS would have done nothing to protect a user in the event malware of the type used in the recent attacks successfully compromised her gmail username and password).

Although it’s likely that these attacks - the seriousness of which we can only infer - were really the underlying cause of Google’s change of heart regarding search result censorship, the level of Chinese government involvement is still open for speculation.  However, it’s clear from Drummond’s blog post (and from Conan’s announcement regarding NBC, come to think of it) that party A considers the situation with party B to be unworkable at best.

And the  circumstantial evidence linking the Chinese government to the attacks doesn’t bode well for the relationship, either:

• It appears that the recent attack exploited vulnerabilities in Adobe Acrobat via malicious code embedded within  PDF files sent to employees as attachments in emails spoofed to appear to be from known sources - when the recipient opened the PDF, the embedded code executed.  This is commonly described as a ‘Trojan Horse’ attack, and is precisely how the similarly China-based ghostnet attack of last year was implemented.
• Another victim of an identical attack just this week?  Gipson Hoffman & Pancione, the law firm representing US software vendor Cybersitter in a $2.2 billion patent infringement lawsuit against the Chinese government, several Chinese software vendors, and several (non-Chinese) PC makers.
• Notable among the Gmail accounts targeted were those owned by Chinese human rights activists and Tibetan human rights activists.
• There’s also the long history of  internet-based attacks originating from China to consider.  Proxy servers and dynamic DNS make tracing the source of such attacks beyond the country of origin difficult without in-country help, though, and to date the Chinese government has been non-cooperative:
  • Spring 2009, US: The Pentagon reveals their $300 billion Joint Strike Fighter program was compromised in an attack originating from China; an unknown amount of data downloaded (fortunately, the more sensitive data was safely stored on non-internet exposed machines).
  • April 2009, worldwide: 1,295 computers in 103 countries are discovered to be infected by a sophisticated rootkit malware attack dubbed ‘Ghostnet,’ again originating from China.
  • November 6, 2008: US Newsweek reports that several computers on the campaign office networks of both Obama and McCain were compromised during the summer - Trojan malware sends an unknown amount of data detailing candidate policy positions to a “foreign entity”.  FBI launches investigation.
  • June 11, 2008: US Virginia Representatives (and longtime China human rights critics) Frank Wolf and announces that four of his Capitol Hill PCs were compromised by malware which copied and transferred an unknown amount of data.  FBI announces attack originated from China, declines to comment further.
  • December, 2007:  UK Director-general of British intelligence agency MI5 sends letter to 300 British companies warning that their networks are under attack.  Announcement explicitly names “Chinese state organizations” as source.
  • December, 2007: US 37,000+ attempted attacks on both government and private networks reported for the year, US Congress is informed that Chinese espionage represents “the single greatest risk to the security of American technologies”.  New 40,000 person US Air Force unit created to combat problem.
  • September 24, 2007: US FBI announces that the  Department of Homeland Security network had been attacked by malware originating (and communicating with) China.  Although from an “unclassified” network, an unknown amount of data copied and transferred  over the past 2 (!) years.  IT contractor Unisys denies any fault,  FBI investigates.
  • August 27, 2007: Germany While on a state visit to China, German newsweekly Der Spiegel reports that “many” computers in  Chancellor Angela Merkel’s office (as well as those in several other ministries) were found to be infected with trojan malware communicating back to Chinese-registered URLs. A 160GB data transfer stopped in progress, how much data lost previously remains unknown.  China denies involvement.

Conan and NBC?  We don’t know if those two crazy kids can work it out.  What we can say, though, is that it appears likely that the question of  whether China’s authoritarian political culture and anything-goes attitude towards intellectual property rights can ultimately coexist with its increasingly western/capitalist financial and social cultures will be answered not on the streets of Beijing, but rather on the internet - and due to the nature of the internet itself, it could affect us all - not just the Chinese.