back to article Security experts dissect Google China attack

The hacking attacks against Google that prompted the search engine giant to consider pulling out of the country are far more frequent than is commonly thought. Security experts are surprised at Google's response, rather than the attacks themselves, which analysts reckon relied on exploit-ridden PDF attachments in emails. These …


This topic is closed for new posts.
  1. Anonymous Coward

    What the "Security experts" are overlooking

    And Google is not, is that there is only one entity on the planet that would target Chinese human rights activists - namely, the Chinese Government.

    1. Angus 2


      Were the "Security experts" were overlooking the targets of the attacks. I didnt get that from this article.

  2. Anonymous Coward

    Blame Adobe

    They still default Adobe Acrobat & Acrobat Reader to enable javascripts to run. There is no excuse for this. (Edit/Preferences/JavaScript and then uncheck the "Enable Adobe JavaScript" box.)

  3. Anonymous Coward
    Anonymous Coward

    Why quit China?

    Why would Google quit China?

    It's not the country that is to blame but hackers from all over the world.

    Most likely the good old US of A itself.

    Plus why would the NSA want this feed terminated?

    It' would mean less control for them!

    What are the advantages of quitting China, censorship on the part of whom?


    1. Fred Flintstone Gold badge

      It's make believe - the reason is money

      Google is reportedly not doing very well against the local Chinese search engine Baidu - I don't know why but it appears it has more users than Google. The result of this is much less profit than Google wants, and there are two solutions to that:

      1 - get rid of censorship, it's costly and a moving target, and the reputation of being uncensored would drive more traffic to Google and make it appear to the great unwashed the hero. Profit!

      2 - pull out entirely, but in that case Google needs a reason so it doesn't look like it lost in that market. Not "profit" but "less losses" and out before it damages their golden boy reputation.

      Both solutions are greatly helped by having arguments with the Chinese government. Even the egos at Google realise they can't win that one, so this is their way of blaming others for not conquering the market.

      In short, it's kicking a fuss in the hope everyone will buy the "do no evil" story once more and it can make some more profit on the back of it. No surprises there, but we need an Evil Google icon now as there will be more to come.

  4. Glyph

    next step

    At first I figured that the cost of dealing with the malware problem was just surpassing the amount of profit they made in the country, but Google must be smart enough to know that whether it was actually China's government or the "feces youth", that neither will stop their behavior simply because google left the country.

    If Google is upset then they should not just retreat, but retaliate. They are in a unique position to create a set of moving proxy/vpn servers to allow those inside the firewall access to free(er) information. They could use sites like youtube (that will now have to be accessed through a proxy) to distribute the next ip address hop by inserting them in media that their advertising engine decides are interesting to those in mainland china.

    This wouldn't just be out of goodwill or in retaliation, it would allow them to still get their advertising to china's growing market without having to put up with the rules of that market.

  5. JC 2
    Black Helicopters

    @ What the "Security experts" are overlooking

    AC wrote: "there is only one entity on the planet that would target Chinese human rights activists"

    I can think of a few others, entities that want it to appear like it was the Chinese government behind it, but for that matter if the government owns blocks of IPs used by a library or other community 'site, what better place for a hacker to remain anonymous?

  6. 46Bit

    It's like a joke

    It really is a joke that even now it seems politicians aren't willing to come out and roast China over this.

  7. Stan 2
    Black Helicopters

    Am I missing something?

    Where does china come into it? The attack's came from servers based in the US, no? Ok, folks that could be considered an enemy of the peoples republic of China where targeted but that doesn't mean China is behind them. Whats the clue, the PDF's where badly translated?

    Could just have easily been from, to pick a name out of the hat, the US. They have been baking up plenty of FUD over China, even spent shitloads on a study of where all the networked badness was coming from to prove commies and ex commies where craping on our systems. Shame the results showed the vast majority of net nasties came from the US.

  8. Anonymous Coward

    A general remark

    As a person who once wrote a program to spoof email addresses, and also time (hehe, I can go back in time now :D), for fun and to learn socket programming, I was always wondering, why do we use such a retarded protocol as SMTP for sending emails? Or, better put, why do companies trust the email headers?

    It has so many obvious flaws, and is extremely insecure and vulnerable to faking. You can type whatever you want in the from: field (and all the others!), yet so many companies and individuals (I'm speaking from my own experience) blindly trust whatever their highly secure Outlook (or another) client displays.

    Another point, don't people remember? .doc, .xls, and the like have been proven insecure many, many, many times. Especially macros. I really don't get why people come back whining if they get "hacked" after they use such formats.

    This just uses human stupidity, as do most of today's attacks; therefore, it does not fall into the category of sophisticated attacks. Certainly, it is centered on only one company/individual, so it is harder to detected, but the principle stays the same. Saying that this is sophisticated is pretty much the same as saying that you are a more sophisticated pickpocket if you steal only one person's wallet since there is less chance you'll get detected (ok, stupid analogy, but I couldn't think of anything else right now).

    1. SImon Hobson

      RE: A general remark

      >> As a person who once wrote a program to spoof email addresses, and also time (hehe, I can go back in time now :D), for fun and to learn socket programming, I was always wondering, why do we use such a retarded protocol as SMTP for sending emails? Or, better put, why do companies trust the email headers?

      Because it's what we've got, and unless everyone agrees to change then it isn't going to go away. There have been proposals before (look up IM2000) that would deal with most of the problems inherent in SMTP - but of course unless all the big players agree to support it then it isn't ever going to take off.

      Given that many large outfits still haven't figured out that SPF breaks as much as it fixes, nothing is going to change any time soon.

  9. Anonymous Coward
    Paris Hilton

    Has ?

    Has Google spooked the spooks?

    No Google, no sales to the West is a pretty important factor from China's perspective.

    Should all that resource be pulled - well China will be skint.

    Also, relocating that business with 1-in-8 USA citizens on the bread line might be an attractive, alternative now that finance speculators have more-or-less bankrupted the West.

    Could be a big showdown?

    All because a spook thought he.she was too good?

  10. Anonymous Coward
    Anonymous Coward

    Re: why quit China

    Reading around this subject it looks like the attack vector was embedded in emails from the organisation in the Chinese Government that instructs Google what to sensor. So bod from Google gets email he is legally obliged to open and in so doing opens Pandora's box. Presumably Google have already gone down the path of asking for a notification mechanism which does not open them to the possibility of the attack and their request has been rejected.

    Should have used Chrome instead I guess.

    As M$ say, eat your own dog food.

  11. the Jim bloke Silver badge

    Everyone is forgetting.. China owns USA

    Something that was brought up in the GFC, Chinese investment is whats maintaining the USA in the affluence they believe to be one of their inalienable rights.

    USA is in economic decline, and some people do recognise that.

  12. Big-nosed Pengie

    I don't get it

    Google, the "don't be evil" liars, conspire with the Chinese gubmint to censor the Internet. China does what it does, and Google yells "shock, horror", picks up their football and goes home, expecting the world to say "oh - aren't they good - they're standing up to the Eebil Chinese."

    Ptui. I spit.

  13. JaitcH

    Lock up the CN beast

    If China abuses its InterNet privileges traffic throttling and IP blocking should be employed for all traffic from China until they learn to behave.

This topic is closed for new posts.

Other stories you might like