14 DAY TRIAL // A highly targeted attack of Chinese origin that impacted over twenty companies, including Google, back in December, has triggered a strong response from the Internet search giant. The company is no longer willing to censor search results in China, which will most likely force it to close its operations in the country.
"Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google," David Drummond, the company's chief legal officer, writes on the official Google blog.
However, Google soon discovered that it was not alone and that at least twenty other Silicon Valley companies, including Adobe Systems, were targeted in a similar way. An internal investigation performed by the firm revealed that the intended target of the attack was its Gmail service, and in particular, the email accounts of several Chinese human rights activists.
The attack, which apparently involved malicious PDF documents sent to employees, was only partially successful, resulting in the leak of various information about the accounts, but not full email contents. However, the investigation also uncovered many unrelated incidents where the mailboxes of many human rights activists from across the globe were accessed without authorization; probably a result of successful phishing attacks.
"These attacks and the surveillance they have uncovered - combined with the attempts over the past year to further limit free speech on the web - have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China," Google announces.
But, even though Google does not point a finger at the Chinese government for directly being responsible for the incident, the Wall Street Journal cites an inside source saying that investigators are looking into the possibility. Meanwhile, CNET reports a possible connection between this attack and a similar one from July 2009, which exploited a zero-day Adobe Reader vulnerability and affected around 100 companies.
The information comes from Eli Jellenc, head of international cyber intelligence at Verisign iDefense, who analyzed the code used in both attacks. He concluded that there were striking similarities between the command and control infrastructures, down to the hosting provider, DNS service, and IP addresses used.
"The IP addresses in question are… six IP addresses apart from each other. Considering this proximity, it is possible that the two attacks are one and the same, and that the organizations targeted in the Silicon Valley attacks have been compromised since July," iDefense said in a statement.
Read more about Google's possible break-up with China in our Webmaster News section.