Google threatens to leave China after attacks on activists' e-mail

By Ellen Nakashima, Steven Mufson and John Pomfret
Washington Post Staff Writers
Wednesday, January 13, 2010; A01

Google said Tuesday that it may pull out of China because of a sophisticated computer network attack originating there and targeting its e-mail service and corporate infrastructure, a threat that could rattle U.S.-China relations, as well as China's business community.

The company said it has evidence to suggest that "a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists," but it said that at least 20 other large companies, including finance, media and chemical firms, have been the targets of similar attacks. Google said it discovered the attack in December.

"It's clear that this attack was so pervasive and so essential to the core of Google's intellectual property that only in such a situation would they contemplate pulling the plug on their entire business model in China," said James Mulvenon, a China cyber expert with Defense Group Inc.

Congressional sources said the other companies include Adobe and possibly Northrop Grumman and Dow Chemical. Industry sources said the attacks were even broader, affecting 34 firms.

The hackers directed the attacks on the companies through six Internet addresses linked to servers in Taiwan, which sent commands to targeted computers in the firms, said Eli Jellenc, head of international cyberintelligence for the Silicon Valley-based cybersecurity research and forensics firm Verisign iDefense, which is helping companies investigate the penetrations. The hackers were sending the data to a large Internet data center in San Antonio called Rackspace, he said.

They appeared to be after information on weapons systems from defense firms and were seeking companies' "source code," the most valuable form of intellectual property because it underlies the firms' computer applications, he said.

U.S. authorities, including the National Security Agency, are involved in investigating the attacks.

Several of the Internet addresses correspond to those used in malicious attacks against the defense industry last year and that are thought to be linked in some fashion to the Chinese government or proxies, Jellenc said.

David Drummond, Google's senior vice president and chief legal officer, said the attacks had led the company to conclude that it should "review the feasibility" of its Chinese operations. "We recognize that this may well mean having to shut down, and potentially our offices in China," he said.

Drummond also said that the company has decided to stop censoring its search results on Chinese Google sites. Over the next few weeks, he said, the company will discuss with the Beijing government how it may operate "an unfiltered search engine within the law, if at all."

Google's threat to pull out of China follows years of tension over the company's service, which is designed to provide quick, unfettered access to information, and over the Chinese government, which wants to restrict its citizens' access to politically sensitive topics and to monitor their activity. The confrontation also comes just before a Jan. 21 policy speech on Internet freedom by Secretary of State Hillary Rodham Clinton, who dined last week with a handful of top technology executives, including Google's chief executive, Eric Schmidt.

Clinton said Google had briefed her on the issue, but in a statement late Tuesday she demanded an explanation from China. "The ability to operate with confidence in cyberspace is critical in a modern society and economy," she said.

Based on its investigation to date, Google said, it does not believe the cyberattack on its accounts succeeded. "Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves," the company said in a blog posting.

Google has also been embroiled recently in a dispute over the copyrights of Chinese authors whose works it had published in its online library Google Books. Chinese writers have accused it of copyright infringement. The company apologized to Chinese writers this week.

Privacy advocates applauded Google's move to disclose the cyberattacks and reverse its stand on censorship of its China search engine results.

"Google has taken a bold and difficult step for Internet freedom in support of fundamental human rights," said Leslie Harris, president of the Center for Democracy and Technology. "No company should be forced to operate under government threat to its core values or to the rights and safety of its users."

In China, reaction on the Web was critical of both the Chinese government and Google.

One blogger, identified only as "Crossing the river with eyes closed," said, "They'd better cut the cable under the sea so that they don't have to worry at all." The late Chinese leader Deng Xiaoping famously said that reform was like crossing a river one stone at a time.

Others worried that the potential loss of access to Google would make it harder to obtain technical information.

"Of course, as a business they have the right to make this decision," Ran Yunfei, a dissident writer based in Sichuan province, said on Twitter, which is blocked in China but which many Chinese reach through proxies. But, he added, even censored, Google is "much better than Baidu," a popular Chinese-owned search engine.

In a phone interview, he said Google should "not abandon" China but rather apply pressure through the World Trade Organization and U.S. government.

Google officials said the company found that the Gmail accounts of dozens of China human rights advocates in the United States, China and Europe "appear to have been routinely accessed by third parties." The hacking most likely occurred through phishing scams -- luring users to download malicious software by opening innocent-looking e-mails -- or malware placed on users' computers, rather than by breaking into Google's corporate infrastructure, the company said.

The implications for U.S. businesses in general loom large.

"Google is an extreme example, but this action is consistent with the sentiment among many foreign companies that doing business in China is increasingly difficult as the country becomes more wealthy and powerful," said James McGregor, senior counselor for Apco Worldwide in China.

China is among a handful of countries considered to have impressive cyber-offensive capabilities, but U.S. officials have refrained from publicly accusing the country because of the difficulty of determining with certainty who is behind an attack.

Attacks on China rights activists have been growing, however, and suspicion has fallen on the Beijing government.

China -- or its broad army of proxies -- has been the suspected aggressor behind a series of attacks on U.S. and other countries' computer systems dating from the late 1990s. Those events include Titan Rain, a campaign of cyberattacks against the Pentagon, nuclear weapons labs, NASA and defense contractors from 2003 to 2005; penetrations of the Commerce and State department networks in 2006; and GhostNet, a widespread spying operation targeting supporters of Tibetan independence in 2008.

When Google set up a subsidiary in China in 2005 and purchased servers hosted in the country, it agreed to censor its search results. But the company and the government officials trolling the Internet have continued to clash over what content should be blocked.

The conflicts escalated in June when Beijing blamed Google for smut on the Internet, saying that some search results could be considered pornographic. China temporarily blocked and Gmail in what was believed to be a punishment.

The State Department has set aside funds to help companies get around Internet firewalls put up by China and other countries. One potential recipient is run by the Falun Gong sect, which is banned in China, but it has yet to receive any such funding. "The Chinese would go ballistic if we did that," said one U.S. official.

Mufson reported from Beijing, Nakashima from Washington. Pomfret, traveling with Clinton, reported from Honolulu. Staff writers Ariana Eunjung Cha and Cecilia Kang and staff researcher Julie Tate in Washington contributed to this report.

View all comments that have been posted about this article.

© 2010 The Washington Post Company