Chinese leaders ordered Google hack, U.S. cable quotes source as saying

By Ellen Nakashima
Washington Post Staff Writer
Saturday, December 4, 2010; 9:59 PM

A brazen series of computer intrusions into Google networks in China announced by the search engine company earlier this year were directed by the highest levels of the Chinese government, a "well-placed" Chinese source told U.S. Embassy officials in Beijing in January.

The revelation was contained in a classified State Department cable, part of a cache of cables leaked to the site WikiLeaks and disclosed Saturday.

"A well-placed contact claims that the Chinese government coordinated the recent intrusions of Google systems," the cable said. "According to our contact, the closely held operations were directed at the Politburo Standing Committee level."

The penetrations resulted in the theft of "significant" intellectual property, Google officials said. The company surprised many by publicly reporting the hacking, and further by saying its investigation found that the attacks originated in China. But the company stopped short of saying the attacks were directed by the government.

U.S. officials have not verified the report. "There is a single-source report that the attack was directed by the Chinese government," said a senior U.S. official, who was not authorized to speak on the record. "We have never been able to corroborate that."

Senior State Department officials raised concerns about the attack on multiple occasions and asked China to investigate, spokesman P.J. Crowley said.

China has said it would look into the allegations.

Many experts said then and now that an attack of this scale and sophistication was most likely directed by the Chinese government. The hacking affected more than 30 other large U.S. corporations in addition to Google.

"This was a big collection program - it was more than Google, so it was probably authorized by the standing committee," said James A. Lewis, a senior fellow and cyberpolicy expert at the Center for Strategic and International Studies. "It was the equivalent of a presidential finding for covert action. The Chinese have been good at mixing economic and political espionage."

The contents of the January cable and others, if confirmed, would begin to pull back the curtain on the operation.

According to the January cable, a source told an embassy political officer that "the closely held Chinese government operations against Google had been coordinated out of the State Council Information Office," which reports directly to the Politburo Standing Committee, the nine most powerful members of the government.

The New York Times, which received access to the unredacted cables, reported Saturday that according to a May 18, 2009, cable, Li Changchun, a member of the standing committee, was disturbed to learn that he could conduct Chinese-language searches on Google's international site. When he Googled himself, he found "results critical of him," according to the cable.

According to the January cable, Li himself ordered up or helped coordinate the attack, the paper reported.

But the Times said that another person cited in the cable, who apparently is the source of the information on Li, acknowledged that Li "personally led a campaign against Google operations in China," but to his knowledge "had no role in the hacking attack."

According to the Times, the January cable states that the Google intrusions were coordinated with the oversight of Li and another Politburo member, Zhou Yongkang, China's top security official. Both Li's and Zhou's names were redacted from the memos posted by the two newspapers.

The January cable also cites a source as saying that the operations "against Google 'were one hundred percent' political in nature.' " Some analysts at the time speculated that the attacks were motivated by a desire to undermine Google in favor of Baidu, the Chinese search engine that is far less powerful but has far more market share in China.

Google spokeswoman Jill Hazelbaker declined to comment. A spokesman for the Chinese Embassy in Washington did not respond to a request to comment.

After discovering the Chinese hacking, Google threatened to pull out of China unless officials agreed to let it run an uncensored search engine in the country.

In April, after failing to reach an agreement with authorities on the censorship issue, Google redirected its search traffic to servers in Hong Kong. The company still has marketing, advertising and engineering operations in Beijing and Shanghai.

China has been probing and breaking into U.S. computer systems for the better part of a decade. One of the earliest intrusions reported was code-named Titan Rain - attacks by government-sponsored hackers, disclosed in 2005, that over a number of years stole massive amounts of data from military and other systems.

A November 2008 cable posted by WikiLeaks revealed that since late 2002, government organizations have been targeted by hackers in China using e-mail messages intended to fool recipients into downloading malicious software in an operation dubbed Byzantine Candor. That, in turn, is a part of a larger operation called Byzantine Hades, the cable stated.

Targets include the U.S. Army and the Department of Energy, as well as private-sector networks. The goal, the cable said, is to "exfiltrate massive amounts of sensitive data from the networks."

In November 2008, Shanghai-based hackers linked to the Chinese military penetrated several computer systems of a commercial Internet service provider inside the United States. According to investigators, the hackers used the compromised systems to facilitate incursions into U.S. and foreign systems, including at least one U.S. government agency.

Staff researcher Julie Tate contributed to this report.

© 2010 The Washington Post Company