backtop


Print 34 comment(s) - last by xyzCoder.. on Jun 16 at 6:36 PM


Chinese President Hu Jintao is shown here reading an issue of state run newspaper People's Daily. The paper blasted Google in a Monday editorial, for calling out China on hacking.  (Source: People's Daily)

Google has endured an abusive relationship with the Asian giant, weathering constant attacks and thefts of its source code.  (Source: Josh Chin/WSJ)
Company claims Gmail attacks came from China; nation says "yea right"

Last week, Google Inc. (GOOG) had to scramble to deflect a concerted effort to steal hundreds of user passwords from its popular email service Gmail.  The company says the concerted phishing attack specifically targeted a cadre of high ranking targets -- "senior U.S. government officials, Chinese political activists, officials in several Asian countries, military personnel and journalists" -- much like a separate March attack which Google detected.  Google traced the attacks to IPs in the city of Jinan, the capital of China's eastern Shandong province and home to the headquarters of the intelligence unit of the People's Liberation Army.

On Monday a Chinese state-run newspaper, People's Daily, blasted Google (Chinese) for claiming the attacks traced back to its nation.  The newspaper billed Google a "political tool" used by the West to vilify the Asian giant.  It said that Google's statements could damage its position in China.

The threats are serious as People's Daily is the largest overseas newspaper of the Communist Party regime in China, and acts as somewhat of a government mouthpiece.  The newspaper accused Google of "deliberately pandering to negative Western perceptions of China, and strongly hinting that the hacking attacks were the work of the Chinese government."

The attacks article follows an official denial from officials at the Chinese Foreign Ministry, who claimed the attacks did not originate from China.

The article contained plenty of other juicy attacks on Google.

"Google's accusations aimed at China are spurious, have ulterior motives, and bear malign intentions," it read.

"Google should not become overly embroiled in international political struggle, playing the role of a tool for political contention.  For when the international winds shift direction, it may become sacrificed to politics and will be spurned by the marketplace."

The government-run newspaper didn't elaborate what steps would be taken to "spurn" Google from the market place.

The Chinese government is reportedly still paranoid that the "contagion" of rebellion in the Middle East could infect its populous.  The nation has blocked Facebook and Twitter to try to choke the flow of unregulated information.  The group has also imprisoned several individuals including famed modern artist Ai Weiwei.  These recent behaviors have drawn international condemnation from the U.S. and others.

The U.S. government's largest military contractor Lockheed Martin Corp. (LMT) was recently the victim of a major cyber attack that some sources close to the case say is believed to have initiated from China.  The attack was a sophisticated one, which Lockheed Martin just confirmed was enabled by information stolen from famed security firm RSA.

Tensions between the U.S. government and China have been running high on a number of issues, including censorship, rare earth metal trade, and contract bids.

For Google, these latest developments must feel like the latest chapter in a long and abusive relationship.  The company had its source code stolen from attackers traced to Chinese IPs.  After finding little sympathy from the Chinese government, the company uncensored its search engine, only to be banned from China.  Google eventually agreed to re-censor its search to avoid missing out on the lucrative market and has since been relicensed, though much tension remain.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

You call phishing a hack?
By pugster on 6/6/2011 9:56:06 AM , Rating: -1
Seriously, Mick. The Chinese government could've thought of more sophisticated ways to attack Google rather than sending out phishing emails along with other emails from American Express, Paypal and Citibank. If someone actually responds to those emails and puts in their personal information, he/she deserves to be 'hacked.'




RE: You call phishing a hack?
By 85 on 6/6/2011 10:00:49 AM , Rating: 3
hacking is a broad term. phishing is malicious in nature so what does it matter. i get phishing emails all the time and these email ARE obvious to you and I but most people aren't capable of seeing the signs. Just because people out there are unable to see the signs doesn't mean they deserve to be taken advantage of.


RE: You call phishing a hack?
By pugster on 6/6/2011 10:02:34 AM , Rating: 1
Doesn't google have some kind of sophisticated email filter? Shouldn't they be filtering these emails as junk before reaching to people's inboxes?


By JasonMick (blog) on 6/6/2011 10:08:49 AM , Rating: 4
quote:
Doesn't google have some kind of sophisticated email filter? Shouldn't they be filtering these emails as junk before reaching to people's inboxes?


Remember, the goal of phishing, in many cases, is to make the email look and sound as authentic as possible. Google likely is able to filter out a great deal of malicious traffic, but against a sophisticated and determined social engineer, I'm sure something might slip through.


RE: You call phishing a hack?
By Digimonkey on 6/6/2011 10:08:34 AM , Rating: 4
Yeah and they're pretty good, but they can't filter stupid yet.


RE: You call phishing a hack?
By WoWCow on 6/6/2011 5:19:08 PM , Rating: 3
Brilliant response!

And yeah, frankly sometimes even legitimate servers/sources can be compromised.

Back in college, I've received e-mails from financial offices claiming loan issues and I need to confirm my identity via SSN and other required student information in via the link provided.

Now, I receive e-mails claiming to be from the bank(s) and credit card companies on a few occasions telling me my account/card has been compromised and I need to 'verify' my identity via the link the e-mail provides.

Do yourself a favor, call the customer/student support or drop by the local offices yourself in those cases. The folks working there shouldn't have to ask you for those information when you have already provided them before. In most cases, the last 4 digits of the SSN or the card number is accepted as a form of verification.


RE: You call phishing a hack?
By JasonMick (blog) on 6/6/2011 10:06:47 AM , Rating: 4
quote:
Seriously, Mick. The Chinese government could've thought of more sophisticated ways to attack Google rather than sending out phishing emails along with other emails from American Express, Paypal and Citibank. If someone actually responds to those emails and puts in their personal information, he/she deserves to be 'hacked.'

Hi "pugster", if you learn much about hacking you will come to realize that social engineering schemes (on-site espionage, dumpster diving, phone conversations, and, yes, phishing) are essential tools of the trade.

Some of the most serious intrusions in the world have been attributed to phishing and/or social engineering. These most certainly fall under the broader definition of "hacking" and were perpetrated by "hackers".

As to the allegation against the Chinese gov't I made no claims to have validated that accusation, other than to properly point readers to its source -- Google Inc. Google has made statements tracing the attack to a major Chinese city, which is an intelligence hotbed. If you have an issue with those claims, please direct your commentary @ Google as I am unable to help you in that regard...


RE: You call phishing a hack?
By pugster on 6/6/11, Rating: -1
By JasonMick (blog) on 6/6/2011 11:16:55 AM , Rating: 4
quote:
Second, the place where the phishing 'attacks' come from some vocational school which also teaches cooking and hairdressing. So the problem is more like the its IT people who could not apply patches to its computers.

Again I'm not an authority on this matter (refer to: Google), but if you were the Chinese gov't intelligence agency would you try to hack Gmail accts. from:
a) Fancy intelligence headquarters.
b) Small business down the street, after first passing through proxies...

Also, how many cooks/hairdressers do you know who have the time and/or know how to try to conduct sophisticated phishing attacks?

I don't think Steven Seagull works as a cook there, if that helps...


RE: You call phishing a hack?
By Dr of crap on 6/6/2011 10:25:59 AM , Rating: 2
I have to agree.
If you answer an email to help your hurt relative in Africa, then you are going to loose your money.
Plain and simple.
And I do understand that the hackers try and make their phishing emails look offical, but by now we have ALL seen the news stories about this and SHOULD know not to respond to such emails, no matter HOW OFFICAL it may look. Maybe your grandpa and grandma might NEED a heavy duty email junk filter so that they do not see these emails and believe these things!

If Google did indeed track it to China, then what is the problem? China have egg on their face?


RE: You call phishing a hack?
By Ragin69er on 6/6/2011 3:20:39 PM , Rating: 2
phishing is much more sophisticated than that nowadays!
How about being able to mimic your online bank emails? Or many, many other trustworthy sources. Which then take you to websites which look nigh identical to their real counterparts. Phishing is basically social engineering for the 21st century, which can be highly effective.


RE: You call phishing a hack?
By nafhan on 6/6/2011 10:29:59 AM , Rating: 5
Your mom deserves to be hacked (seriously, she's not very good at computer security). :)

Seriously, though, nobody "deserves to be hacked" any more than they deserve to be mugged or have their identity stolen, etc.


RE: You call phishing a hack?
By 0ldman on 6/6/2011 12:09:36 PM , Rating: 5
I run an ISP and consult for another. We get hammered by Chinese IP's daily.

The phishing attack isn't news to me. We have blocked huge east Asian subnets from our network due to this sort of thing.

Seriously, 90% of the attacks that hit both systems are from east Asia.

Rather than spread FUD, why doesn't the Chinese government work to stop the hackers, hmm? Are they completely clueless to what is going on, clueless as to how to stop them or are they just letting it happen?


RE: You call phishing a hack?
By Klober on 6/6/2011 12:56:39 PM , Rating: 5
Or encouraging it?


RE: You call phishing a hack?
By GreenEuropean on 6/6/11, Rating: -1
"If you can find a PS3 anywhere in North America that's been on shelves for more than five minutes, I'll give you 1,200 bucks for it." -- SCEA President Jack Tretton














botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki