|Learning Center >> Tech News|
The recent cyber attacks on Google and 34 other Silicon Valley entities – including Symantec, Dow Chemical, and Adobe - is causing quite a stir regarding the topic of Internet censorship and the security of information networks. There are conflicting views on the origin and the intent of the attacks, and even whether or not the Chinese government was directly involved.
Prior to the incident in December where Google's services, particularly Gmail were targeted, Google had experienced repeated harassment involving what seemed to be a politically motivated attempt in information gathering. According to Google, their cooperation with China's regulations regarding Internet censorship, requiring Google to filter out topics banned by Chinese censors, had made the company the target of hackers.
Why was Google targeted, exactly? News reports regarding the reasons behind the attacks are inconclusive. Although there is no direct proof, there seems to be a general consensus that the Chinese government may be involved. Were they trying to prevent unflattering information about China from escaping their “Great Firewall or were the attacks actually seeking information? Currently, the true intentions of the attacks are only known by the attackers.
What we do know is that many Chinese dissidents and human rights activists use the overseas Gmail servers to offer their electronic communications an extra level of security. At least two Chinese news sources had their Gmail accounts attacked and confidential messages forwarded to mysterious e-mail addresses.
After years of Google fretting over whether or not their censoring searches on Google.cn contrasted with their company motto of “don't be evil” the matter had finally come to a cataclysmic head. At this point, Google is preparing to shut down it's operations in China due to these attacks. However,
the matter goes beyond simply censorship of the search engine and breach of email security.
Investigations into the attacks show that they were aimed at source code repositories – the original programmer's instructions used to develop software – of high tech companies. Having access to this information can provide economic advantages towards technological advancement as well as insight into potential security vulnerabilities.
According to a study done by Verisign's iDefense security lab, the attacks originated in China with the goal of obtaining information about political dissidents and unambiguously declares that the Chinese government was behind the effort. The report also originally stated that the attacks were deployed via malicious PDFs, a claim that was later retracted when McAfee, an independent security firm well known for it's anti-virus software, found evidence that a vulnerability in Internet Explorer, not Acrobat Reader, was exploited.
Although iDefense stands behind the rest of their report, and suggests China was engaged in a massive espionage campaign against the US, further information has been discovered that traced the attacks to two of China's top computer science programs. The Shangha Jiatong University and the Laxiang Vocational School were recently reported in the New York Times, via an anonymous source, as being the owners of the IP Address where the attacks originated.
Insider opinions differ on what the implications of these most recent findings mean. Student hacking, in any country, isn't unheard of. Computer students often enjoy experimenting with their knowledge and abilities and like to test the limits of their skills. But the possibility for more insidious intent exists as well. Are the schools being used as a cover for Chinese government operations? There's also the possibility the educational institutions are being used to hide intelligence operations run by a third country. It could also be there's no government involvement here at all, and instead the attacks were of a private origin intended to steal intellectual property from American technology firms. Lastly, there's the possibility that the IP address was hijacked by an unidentified party.
The possibility has been mentioned that the hackers were able to gain access into Google's system with inadvertent aid from the US Government. Whoever the hackers were, wherever they were, it is believed they made use of “backdoors” provided by the the 1994 Communications Assistance for Law Enforcement Act (CALEA) <link to wiretap timeline> that required all telecommunications equipment be designed to meet “government interception needs”.
If Google was indeed subjected to a backdoor security vulnerability that compromised its Gmail accounts it was through no fault of their own. Leading experts believe the hackers exploited vulnerabilities in Internet Explorer, which is able to store and transmit sensitive information like passwords. This is a good example of how surveillance intended to be used by one party can be misused by other, unintended parties.
Since the attacks on Google, some members of Congress want to revive a bill banning US technological companies from working with countries that digitally spy on their citizens. Either these members are not aware of, or they simply refuse to acknowledge, our own National Security Agency's (NSA) ability to monitor all Internet traffic.
With each passing year, Internet censorship and control is becoming more prevalent, not only in 'oppressive governments' like China, Egypt, and Korea, but also in freely democratic countries like the US, the UK, and Canada who are looking to prevent both breaches of national security and copyright violations. The answer to these problems is not clear. In the world of computer 'hacking', there have always the good guys, and the bad guys. This will likely never change. It is an ongoing tit for tat battle where one side discovers and capitalizes on a security flaw, and the other finds the breach and corrects the problem. In the long run, this battle has played out in the form an eternal Beta Test of our computer systems. They are always getting challenged, built better and propelled forward by technologies and ideas largely developed by hackers – both good and bad.
Today hackers have to deal with a new player – the government. When the government demands privileged access to computer systems and electronic devices they are upsetting a natural and delicate balance between the computer hackers. While the government's intentions may be good, the result isn't: Bad hackers have more options available to them, and good hackers have a larger front of attack to defend against.
There is an option available for those who prefer to have software programed without the fear of government backdoors. It is called Open Source Software (OSS) and it encompasses a growing collection of computer programs which allow their source programming code to be freely viewable and editable. Firefox is an example of a successful open source software which is available for Windows, OSX, and Linux. (Linux itself is a completely open source operating system).
The main benefit to open source software (besides being free of charge) is that security problems are rare. Since the code is openly viewable, whenever something is done incorrectly, or could violate security, it is instantly rectified. These corrections are then available within hours because there is no corporation deciding weather or not the security release should be packaged and distributed as a resale item.
Open source also benefits from being an international collaborative effort and prevents any government or corporation from having an upper hand on the technologies and ideas. Those who choose to run open source software become part of the largest international think tank and idea sharing community ever.
Good Electrons takes pride in being part of this community and helping others join in.Honestly, so does Google. Much of Google's success stems from the use of open source ideas and business models. It's unfortunate they became vulnerable to attack due to user reliance on a closed source program such as Internet Explorer and perhaps, the government's heavy hand on Microsoft.