Google once again has become a diplomatic hot potato after the search giant disclosed that it fended off an attack to steal hundreds of email account holders, including U.S. government officials and Chinese human rights advocates.
The China People's Daily reportedly warned that Google's disclosure could hurt business and create tensions with the U.S. Reuters reported that the paper said: "Google should not become overly embroiled in international political struggle, playing the role of a tool for political contention."
However, the English version didn't have the editorial and the translation of the Chinese paper---via Google Translate---didn't turn up much. There is an opinion on China cyberdiplomacy.
If you zoom out a bit though, Google will continue to be in the middle of this political banter over cybersecurity. Why? Google doesn't have much to lose. After its first dustup with Google over cybersecurity, it's fairly clear where business in China is headed.
Last week, Google disclosed the attacks and the following line got the Chinese government wound up.
This campaign, which appears to originate from Jinan, China, affected what seem to be the personal Gmail accounts of hundreds of users including, among others, senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly South Korea), military personnel and journalists.
The goal of this effort seems to have been to monitor the contents of these users’ emails, with the perpetrators apparently using stolen passwords to change peoples’ forwarding and delegation settings.
The line for Google to walk is revealing what it can be sure is an attack related to the Chinese government vs. just using the country as a cybersecurity crutch.
Given the business relations with the Chinese, Google may the the only company that can tell the real deal.
Indeed, Trend Micro noted that Hotmail and Yahoo Mail were also targeted. Trend Micro said:
The objective of the attackers appears to be to gain access to the target’s Webmail accounts in order to monitor his/her communications and, possibly, to stage future attacks. In the recent case revealed by Google, the attackers used a phishing attack to gain access to the target’s Gmail account then proceeded to add their own email addresses to the “forwarding and delegation settings,” allowing them to send and receive email messages via the compromised accounts.
The difference with Google and other companies is business relations. It would be simply stupid to prod the Chinese government if you have hopes of doing business there. That's the game. Google's business in China is toast---or getting there---so there's nothing to lose in disclosure (and perhaps a lot to gain).
- China claims US started global 'Internet war' after Google attack
- China claims no involvement in Gmail hacking
- Can a cyber-attack really be considered an 'act of war'?
- 10 things you should know about the Pentagon's new cyberwarfare strategy
- Google: Hundreds of Gmail accounts in U.S., Asia hacked
- Microsoft's Ballmer: Piracy killing our China revenue