[Originally published in the Vanuatu Daily Post.]
On the 12th of January, David Drummond, Google’s Chief Legal Officer, made a startling announcement: Google – and dozens of other companies operating in China – had been the target of concerted online attacks originating from China. Google also claimed that the attackers, targeting human rights activists inside China and around the world, used the activists’ own PCs to take over numerous GMail accounts.
These attacks used ‘0-day’ exploits, hitherto-unknown vulnerabilities in common software applications. In a Wired Magazine interview, security analyst Ryan Olson stated that the code itself was unremarkable, but that ‘the sophistication here is all about the fact they were able to target the right people using a previously unknown vulnerability.’
Businesses and governments face online acts of vandalism and attempts at corporate espionage all the time. Even this attack, which exploited flaws in Microsoft’s Internet Explorer and Adobe’s Acrobat reader software, was ‘not ground-breaking’, according to security expert Mikko Hypponen.
‘We see this fairly regularly,’ he told the BBC, but ‘most companies just never go public.’
Running against tide of companies flooding into China, Google has retaliated against these intrusions by stating that they will no longer censor google.cn, their Chinese search site. If that can’t be done within Chinese law, wrote Drummond, it ‘may well mean having to shut down google.cn, and potentially our offices in China.’