The Washington Post

How Chinese hacking makes it tougher for the U.S. to stop old-fashioned spies

(li xin/AFP/Getty Images)

In 2010, Chinese hackers infiltrated a special database within Google's systems that would have identified which user accounts had been flagged by the FBI or court orders for investigation, the Washington Post's Ellen Nakashima reports. Around the same time, they also tried to break into a similar database on Microsoft's servers.

The hackers didn't explain what they were up to, but it seems most likely that their goal was to figure out which Chinese agents within the United States had come under U.S. investigation. Any Chinese agents who'd had their Gmail accounts flagged for FBI investigation, they could reasonably conclude, were being watched.

If successful, this would have been an enormous blow for U.S. counterintelligence efforts to track and thwart Chinese agents. “Knowing that you were subjects of an investigation allows them to take steps to destroy information, get people out of the country,” a former official told Nakashima, adding that the agents could even toy with U.S. investigators by using their compromised accounts to convey false or misleading information.

While China's hacking campaign mostly attracts attention for the ways it skirts international norms – by targeting U.S. media organizations and stealing vast amounts of intellectual property for financial gain – the 2010 attack on Google was in many ways just another round in the long-running game of spy-vs-spy counterintelligence. Russia's recent arrest of an American embassy official it says was a spy was a reminder that even decades after the Cold War these sorts of cat-and-mouse chases go on.

"If you think about this, this is brilliant counterintelligence," a Microsoft official recently said of the Chinese attacks. And he's right: the hackers realized that however tight the FBI might keep security, the agency can't make the same guarantee about third-party companies such as Google that help it monitor suspected foreign agents. Just as the foreign agents expose themselves to the FBI by using Google, so must the FBI.

That dynamic puts Google and similar U.S. tech companies in the middle of the world's two richest countries and their presumably persistent efforts to spy on one another and on each other's spies. And it also means that U.S. counterintelligence efforts to track foreign agents, and thus whatever U.S. secrets those agents are trying to crack, rely to some extent on tech companies' ability to keep out Chinese hackers. Google and other Silicon Valley firms are good at security, no one doubts that. But China has one of the best-funded militaries in the world, which includes a cyber-espionage program that is racking up bigger and bigger victories. It's going to take more than two-step verification to keep them out.



Success! Check your inbox for details. You might also like:

Please enter a valid email address

See all newsletters

Show Comments

Sign up for email updates from the "Confronting the Caliphate" series.

You have signed up for the "Confronting the Caliphate" series.

Thank you for signing up
You'll receive e-mail when new stories are published in this series.
Most Read



Success! Check your inbox for details.

See all newsletters

Your Three. Video curated for you.
Next Story
Max Fisher · May 20, 2013

To keep reading, please enter your email address.

You’ll also receive from The Washington Post:
  • A free 6-week digital subscription
  • Our daily newsletter in your inbox

Please enter a valid email address

I have read and agree to the Terms of Service and Privacy Policy.

Please indicate agreement.

Thank you.

Check your inbox. We’ve sent an email explaining how to set up an account and activate your free digital subscription.