Page 2 of 2   <      

Google China cyberattack part of vast espionage campaign, experts say

People sympathetic to Google have been leaving flowers and candles at the firm's Chinese headquarters.
People sympathetic to Google have been leaving flowers and candles at the firm's Chinese headquarters. (Vincent Thian/associated Press)
  Enlarge Photo    

"This is a big espionage program aimed at getting high-tech information and politically sensitive information -- the high-tech information to jump-start China's economy and the political information to ensure the survival of the regime," said James A. Lewis, a cyber and national security expert at the Center for Strategic and International Studies. "This is what China's leadership is after. This reflects China's national priorities."

Adobe, a software maker, confirmed on Wednesday that it learned of the attacks on Jan. 2 but said there was "no evidence to indicate that any sensitive information . . . has been compromised," while Symantec, which makes security software, said it is investigating to "ensure we are providing appropriate protection to our customers."

Dow Chemical said that it has "no reason to believe that the safety, security and intellectual property of our operations are in jeopardy." Yahoo and defense contractor Northrop Grumman declined to comment on the attack.

The attackers, experts said, followed the familiar "phishing" ruse: A recipient opens an e-mail that purports to be from someone he knows and, not suspecting malicious intent, opens an attachment containing a "sleeper" program that embeds in his computer. That program can be controlled remotely, allowing the attacker to access e-mail, send confidential documents to a specific address -- even turn on a Web camera or microphone to record what is going on in the room.

In many cases, a user does not know he has been the victim of an attack.

One type of attack exploits a flaw in Adobe Reader, a popular free program that allows e-mail users to read .pdf document files. The flaw was made public Dec. 15 but fixed only on Tuesday -- the day Google announced that its systems had been compromised.

Sara L.M. Davis, executive director of New York-based Asia Catalyst, which assists charities in developing countries, said she began to receive these fake e-mails shortly after the new year. The senders all appeared to be people with whom she regularly communicates. The subject lines contained topics -- "AIDS in China" or "Some photographs of you and Dr. Gao" -- that suggested familiarity with her and her organization.

"If I weren't already paranoid, I would have already opened one," Davis said.

Google declined to provide details on what exactly the attackers took and whether it included any information about super-secret search engine technology that drives the company's profits.

Nart Villeneuve, a research fellow at the University of Toronto, has analyzed attack e-mails sent to human rights groups over the past few months. Villeneuve, who works at Citizen Lab, which focuses on Internet and politics, helped research GhostNet, a vast cyberspying operation revealed last year that apparently originated in China and targeted the office of the Dalai Lama, foreign embassies and government offices.

He said the GhostNet attack resembles the strategy used against Google, other U.S. companies and human rights groups this time around. The attack e-mails to the human rights organizations could mostly be traced to "command and control" computers in mainland China. However, Jellenc said, the two attacks do not appear to have been carried out by the same group.

In August, someone obtained a list of 5,000 subscribers to the China Leadership Monitor, a respected quarterly publication from the Stanford University's Hoover Institution.

The subscribers received a fake e-mail from a Gmail account purportedly from the publication but with an attachment that would take over their computers. Alice Miller, a visiting professor at Stanford and the publication's editor, said she had worked with U.S. government investigators and said the attack originated in China.

Staff writers Cecilia Kang and John Pomfret contributed to this report.

<       2

© 2010 The Washington Post Company