DigiCha

John Markoff of the New York Times discovered more information about the attacks on Google that precipitated the company’s retreat from China. In “Cyberattack on Google Said to Hit Password System” he writes that:

…a person with direct knowledge of the investigation now says that the losses included one of Google’s crown jewels, a password system that controls access by millions of users worldwide to almost all of the company’s Web services, including e-mail and business applications.

The program, code named Gaia for the Greek goddess of the earth, was attacked in a lightning raid taking less than two days last December, the person said. Described publicly only once at a technical conference four years ago, the software is intended to enable users and employees to sign in with their password just once to operate a range of services.

The intruders do not appear to have stolen passwords of Gmail users, and the company quickly started making significant changes to the security of its networks after the intrusions. But the theft leaves open the possibility, however faint, that the intruders may find weaknesses that Google might not even be aware of, independent computer experts said.

The Wall Street Journal followed Markoff’s story with its own article that included additional details such as:

Perpetrators of the attacks have not been identified. But some security experts suspect a group of attackers that has penetrated hundreds more companies since Google went public with its attacks in January. [emphasis mine] “The exact same group has been exceptionally active,” said one person familiar with the attacks Google announced.

The group, which is believed to be Chinese and has been identified by investigators by its attack methods, has broadened its victims to include law firms and utility companies, this person said. It’s been penetrating companies at a rate of at least 20-50 new companies a week, this person added.

This new information raises more questions, including (but definitely not limited to):

1. Google is likely attacked dailly by bad actors from all over the world. Google owes it to its users to have the best security possible. They failed in this case. Has Google fired, demoted or otherwise disciplined any employees who had responsibility for preventing these intrusions?

2. The Wall Street Journal article states that the same group that attacked Google is still active. If the attackers were a Chinese government-sponsored group, wouldn’t it make more sense to at least lie low for a period of time after such a public “outing”, especially after such a sensitive incident with significant potential ramifications for US-China relations? Do continued attacks after exposure jibe with how the Chinese security services generally operate?;

3. Why does Google not come clean with what happened, within reasonable limits of privacy and protection of commercial secrets, rather than letting the story dribble out?

4. Does Google still deserve such praise for “moral courage” when the company has been less than forthcoming with its users and the public?

What do you think? Please tell me what you think in the comments.

If you use RSS you can subscribe to this blog’s feed here, and if you use Twitter you can follow my more frequent updates @niubi. You can also follow my blogging on more general China topics at Sinocism.

Related posts:

1. If Google.cn Will Soon Disappear, Should Google “Burn Its Boats” On The Way Out?
2. Google, China and “Digital Combat”
3. Will Secretary Clinton’s Speech On Internet Freedom Kill Google’s Hope For A Compromise in China?
4. “Publish and be Deleted”-The Global Times on Censorship in China
5. Sinica Podcast: Beijing’s Ambivalent Relationship with the Internet and Zhang Wuben’s Mung Beans