Government officials say that Chinese hackers who breached Google's defenses were able to access years' worth of U.S. law enforcement and spying information.
As reported by The Washington Post, current and former U.S. officials say that when Chinese hackers broke into Google servers in 2010, although the tech giant claimed they were targeting human rights activist information, the intruders were actually after a database which contained years' worth of information relating to U.S. surveillance and law enforcement.
At the time of the data breach, Google made no reference to the database, which seeded distrust and resulted in a dispute between the firm and the Federal Bureau of Investigation. According to the publication, a senior Microsoft official suggested that at the time of the cyberattack, the company's own servers were also under siege. This led to the conclusion that the Chinese hackers were trying to identify Chinese intelligence operatives who had been tagged for email surveillance by the United States.
An anonymous former U.S. official said that the database contained information on court-ordered surveillance which could have impacted the activities of Chinese intelligence operatives using Google's Gmail service. As a result, if China knew who was being watched, this granted operatives time to destroy data and for authorities to remove people from the country. In addition, U.S. agencies could be fed false information by those under surveillance.
In a conference near Washington, David Aucsmith, a director of Microsoft's Institute for Advanced Technology in Governments, said that the attackers "were actually looking for the accounts that we had lawful wiretap orders on." In addition, Aucsmith commented:
"If you think about this, this is brilliant counterintelligence. You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that's difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case."
The U.S. and Chinese governments have been at loggerheads over digital warfare. A recent U.S. Department of Defense report claimed that Chinese cyberattacks have been designed to steal confidential information around the nation's "diplomatic, economic, and defense industrial base sectors that support national defense programs," and both the Chinese government and military are involved in cyber espionage campaigns against the United States.
The report backs up research released in February by U.S. security firm Mandiant, which alleged that China was responsible for an "overwhelming number" of cyberattacks. However, China staunchly denies these claims, and has repeated its official stance against cybercrime in response.
Additional studies say that the U.S. government is now the biggest global buyer of malware, but China accounts for 41 percent of global attack traffic -- making the situation even more complicated. The issues surrounding cybercrime have now become so complex that they have spilled into politics; the U.S. government now considering import restrictions for countries that create products which contain U.S. technology stolen through cybercrime.