GOOG v China highlights security risks in wiretapping systems

GOOG v China highlights security risks in wiretapping systems

Summary: Wiretapping systems are a prime target for hackers because they are already collecting important data.

SHARE:
TOPICS: Security, Google
7

If you wanted to hack into a popular web service and collect data on its users what would be the best strategy?

You could secretly spread millins of infected links around the Internet that download spyware and then silently collect that data and analyze it.

That's the hard way. Easier: Hack into a system that is already collecting that user data.

That's what the Chinese hackers did to Google. They managed to get into its 'internal intercept' system, this is its internal spying system that automatically collects data on its users so that it can rapidly comply with the many search warrants it receives. When Google found out about the hack it went ballistic. Here is IDG reporter Robert McMillan with a report:

...they [hackers] apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press. "Right before Christmas, it was, 'Holy s***, this malware is accessing the internal intercept [systems],'" he said.

Google co-founder Larry Page called an emergency meeting on Christmas Eve to assess the situation and decided that Google could walk away from China because of what happened.

Google was pissed that the Chinese hackers hacked into its internal spying system. Those hackers were trying to get data on ALL Google users, not just Chinese human rights activists.

Google exposed all of its users precisely because it had an internal spying system.

One of my readers, Kimo Crossman, pointed out that "wiretapping systems increase attack vectors."

This is very true. Wiretapping systems increase security risks because the target is perfect -- wiretap the wiretapper. That's the honeypot. Why buzz around collecting all that data when someone else has done it for you?

Google's 'internal intercept' system increased the risk of Google user data being pirated. If it didn't exist it would be very hard for outsiders to collect it.

The irony that wiretapping systems increase security risk is interesting, and it makes perfect sense. But why is Google invoking 'human rights' as a pretext for possibly leaving China when it was embarrassed by its internal spying system being compromised . . . by other spies?

Topics: Security, Google

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

7 comments
Log in or register to join the discussion
  • Why? Maybe because you are operating in an information deficit Tom?

    You could just wait a few days and see what Google provides in the press release room, yes?

    Instead you heap more 'speculation' on top of unsubstantiated facts.

    This story isn't going to die on the vine--just give it some time or better yet, get busy and make some calls to Google Headquarters and see if you can actually come back with some solid information.
    D T Schmitz
  • Gmail unsafe

    Gmail can be read by many people: gmail employee, hackers, spy agencies such as KGB, MOSAD, People's Liberation Army, your government, tax office, ....

    Simply unsafe! Don't use it.
    whitenight2010
    • Why? Can you please explain? Gmail uses https (SSL) by default

      If a bot is on the keyboard side intercepting keystrokes before they go into the SSL tunnel, then this isn't the fault of Gmail or any other internet service that relies upon SSL.

      If so, your machine is 'compromised' and anything you do with respect to Internet usage will be unsafe.

      Also, be sure your machine is patched with the most current SSL version available.
      D T Schmitz
    • Yes it is

      Google data for now is well safe. If you are worried about your government
      useing this data then it is a problem with your countries laws and not google.
      Google would not need this system if it wasn't for big brother governments.
      ellmondo
  • RE: GOOG v China highlights security risks in wiretapping systems

    This may be a bit harsh, but as the old saying goes "If you lie down with dogs, you'll get up with fleas". Shame on Google for ever getting in bed with them in the first place!
    souren@...
  • RE: GOOG v China highlights security risks in wiretapping systems

    Many, many years ago my father told me: "Never let a mug get on top" He meant don't empower them or they'll defeat you.
    This is not just a Chinese thing. They are a hard working nation of intelligent people. What has got up Google's nose is that they've met their match. The fact an emerging nation with high (anti-porn, anti-drug) moral codes and a Government prepared to act is, to me, heralding a likely alternative to the "everything goes because we are just the messenger" approach of Google.
    Ryadia
    • China has high moral codes?!

      This has got to be flamebait. Ever heard of China's so-called "black jails"?
      Google it sometime. It's absolutely sickening!
      PacoBell