It’s been a week since Google announced its Gmail systems had been breached by cyber criminals based in China, but the scope of the attack is just now being appreciated.
It looks as though the attack was part of a large corporate and political phishing ploy that leveraged security flaws in e-mail attachments to break into the networks of at least 34 companies including Yahoo, Symantec, Rackspace, Adobe and Northrop Grumman.
According to Google, the hackers accessed the Gmail accounts of Chinese human rights advocates around the world, as well as other human rights groups that shape the national debate on human rights in China.
Google has threatened to retaliate by pulling out of China altogether.
The attacks were more sophisticated than their predecessors, according to security experts, in that they simultaneously exploited flaws in many software programs.
“Usually it’s a group using one type of malicious code per target,” Eli Jellenc told the Washington Post. Jellenc, the head of international cyber-intelligence for VeriSign’s iDefense Labs, added that “in this case, they’re using multiple types against multiple targets. That’s a marked leap in coordination.”
The standoff between Google and China creates a headache for federal officials, since it cuts to the heart of many current issues in U.S.-China relations: from human rights and censorship to intellectual property protection and access to military technology.
Since it entered the Chinese market in 2005, Google has clashed with the Chinese government about which search topics should be censored. The company’s service has been blocked when it defied government wishes.
News about Google’s public rebuke was censored in China, other than an op-ed piece in People’s Daily which called the search giant a “spoiled child” and predicted it would eventually back-off its threats.