China Goes Phishing

Discussion in 'China' started by Oracle, Jun 10, 2011.

  1. Oracle

    Oracle New Member

    Mar 31, 2010
    Likes Received:
    Bangalore, India
    When the founders of Google defined its mission as "to organize the world's information and make it universally accessible and useful," they didn't have in mind becoming a test case for what the world knows about China.

    But that's how it's turning out, with Google disclosing activities by China that surprise U.S. officials and even Communist Party cadres.

    Google ended the corporate taboo against disclosing cyber offenses from China last year when it abandoned its search business on the mainland in response to censorship and hackers who had accessed the Gmail accounts of Chinese human-rights activists, including in the U.S.

    Many other high-tech companies, essentially the top layer of Silicon Valley, had also been attacked but remained silent.

    Last week, Google announced that hundreds of its users had been "phished."

    Cyber attackers based in China sent sophisticated fake emails designed to fool Gmail account holders into revealing their passwords.

    Google says the targets were "senior U.S. government officials, Chinese political activists, officials in several Asian countries (predominantly S. Korea), military personnel and journalists."

    Google traced the attacks to the eastern Chinese city of Jinan, a base for the national-security arm of the People's Liberation Army and the locale of last year's hacking.

    By week's end, security company Trend Micro reported that Google was not the only victim, just the only one that dared to disclose.

    Similar phishing attacks had hit Microsoft's Hotmail and Yahoo's email services.

    These attacks are notable not for their technology but, more ominously, for how sophisticated the attackers need to be to fool top government officials.

    They used near-perfect tone and language to get the recipients to believe fake emails were real.

    The technique of "spear" phishing identifies targets individually and crafts highly personalized messages that seem wholly legitimate, as they often appear to come from friends or colleagues.

    The spoofers, likely trained by the PLA, did a great job.

    According to the security-monitoring site Contagio, one of the fake emails sent to government officials has the message line "Draft US-China Joint Statement."

    It reads: "This is the latest version of State's joint statement. My understanding is that State put in placeholder econ language and am happy to have us fill in but in their rush to get a cleared version from the WH, they sent the attached to Mike."

    This captures perfectly the email shorthand of government officials.

    Another message cited by Contagio used the email address of Jeffrey Bader, senior director for Asian affairs on the National Security Council and an influential White House strategist on China policy.

    The fooled officials reportedly include a cabinet member.

    Hackers got access to incoming and outgoing emails for months.

    Beijing denies involvement, but the most telling reaction comes from the country's top propagandists.

    Hu Xijin, editor in chief of Global Times (part of the Communist Party mouthpiece People's Daily), cited the incident in an item he posted on the Chinese version of Twitter attacking his own government.

    "How many officials does China have daily whose computers are attacked?" he asked, saying that many Chinese "people and work units" experience hacking, but "our security departments don't reveal anything."

    Mr. Hu said there was "insufficient transparency of information in China" and accused his Communist Party of acting as if it were still an underground organization, "silent and circumspect."

    He didn't make this point, but he and other officials know they are under constant government monitoring. China spends as much on domestic security, including Internet censorship and hacking, as on its military.

    It recently formed a "Blue Army" of cyber warriors in addition to its traditional Red Army.

    After a reflexive bashing of Google as a "snotty nosed" complainer, a Global Times editorial last week acknowledged the attacks might well have come from China.

    "We can rebuke others, but even more we should reflect on ourselves. Lack of transparency of information has become a habit with us, and keeping a low profile has perhaps become our strategy for dealing with anything of a sensitive nature."

    The editorial concluded, "We know achieving openness of information is a process. But we must step firmly into the future. This is the overarching trend of the Information Age, and it is also the constant direction of enlightened politics in China."

    Let's hope so.

    This episode comes as the Pentagon is preparing a formal strategy that will add cyberspace to the traditional potential battlefields of land, sea, air and outer space.

    Google's willingness to disclose attacks has alerted officials in Washington about cyber attacks coming from Chinese security forces.

    The key question is whether they can use this information to get some control over these attacks before they spark greater confrontations.


Share This Page