Thursday, January 21, 2010

Google hacking: Was it the Chinese government?

Google hacking: Was it the Chinese government?

Another discussion of the Google issue de jour, this one an attempt to clarify the question as to who attempted to hack Google. While I hope that this post makes sense by itself, it will be somewhat clearer if you first read my earlier posting, “If Google leaves China, Human Rights and Access to Information will both be net losers”.  Here I want to discuss, at some length, the following three questions:

1) What do we know for certain?

2) If not the Chinese government, then who?

3) Why I think the Chinese government either did it or wants the world to believe that it did.

I myself am inclined to believe it was the Chinese government, or at least that the government wants it believed that it was, for reasons discussed below. But I also believe that there are many other possibilities, and that at bottom, the issue is rather a silly one.

1) First, what do we know for certain? A brief answer here: almost nothing is certain. I accept that there was an incident, or a series or incidents, and these became linked in the media to many other similar incidents in an attempt to make meaning, and to draw audiences.  From there everything gets rather murky.

Even Google’s motives in raising the issue now are disputed. Particularly here in China, netizens seem mostly to believe that the issue is simply one of Google’s frustration at its local market share, that it is prepared to leave because it was not a winner. This is a very interesting shift in attitudes between Chinese and American people. After many decades of doing outrageous things for the flimsiest of idealistic or ideological reasons, Chinese now see economic explanations as dominate ones.  Americans, after decades of criticizing this Chinese behavior, now believe that Google acted not out of self-interest but out of altruism. One would think that at least Google shareholders would want a slightly stronger explanation, given the potential size of the China market. Weird!

So, accepting Google’s explanations, what do we know about the possible perpetrators?  Again, nothing is certain. This, of course, does not prevent the media from not only speculating, but of presenting speculations as certainties. A number of businesses whose business it is to profit from analyzing or preventing such intrusions contributed their opinions, in some cases, conflicting ones.[i]

Media criticisms of China commonly show some common characteristics, one of which is that the articles, while often being carefully nuanced themselves, rapidly cascade toward certainty as they build upon each other. It is also common now that headlines or article headers proclaim certainty while the content often indicates considerable qualification.

John Markoff’s recent piece in the NYT is almost a classroom example for this sort of process.[ii] The article title fairly screams: “Evidence Found for Chinese Attack on Google” Most readers would, like myself I think, immediately assume a smoking gun. This is the only part of the piece that everybody will read, after that most readers are not going to go much further. Thus we have it, the Chinese government did it!

However, the article itself tells us only that the perpetrators are likely Chinese speakers because the malicious code was in the Chinese language and copied from a source that appeared, it is said, only in a Chinese technical journal. Now we have narrowed the suspects down to no more than several billion people distributed through China, Taiwan, Hong Kong, etc., right down, I must assume to The New York Times own staff.

Does this in fact prove that the Chinese government did it? The expert being interviewed himself uses numerous qualifiers and finally concludes:  “Occam’s Razor suggests that the simplest explanation is probably the best one.” Oh good, that is plenty of evidence upon which to base an international incident with unspeakably large potential consequences.

Markoff’s article title could be used to illustrate a few other Western concepts, such as Orientalism, the process of ascribing characteristics to an entire people based on ultimately racist assumptions about them.  The term “Chinese” here clearly means The Chinese Government, the evidence suggests Some Chinese Speakers. This argument, of course, may seem a trivially academic one, but bear with me; I am going to build upon it below….

2) If Not the Chinese government, then who?

In my opinion, and like everybody else involved in this incident, I am expressing primarily my opinion; there is as yet no evidence that it was the Chinese government which might stand up in a court of law.

Markoff’s expert wound up appealing to a medieval argument for good reason; that is about the best that we can do. There are so many ways to loop Internet attacks through the web itself that certainty is finally impossible without something other than electronic evidence.

This attack began, it seems, most directly from a computer based in Taiwan, and then it has been followed back to mainland computers. This is an awfully simple route. Hackers and spammers in the private black-hat sector routinely use a lot more stages than that. Given purported Chinese control of some critical American sites, it would not have been impossible to pass the attack through pentagon computers, for example.  This is of course, not evidence, merely a sort of quirk in the event.

Why is China inevitably involved in significant hacking events if Chinese are not the perpetrators? This question is pretty easy to answer. The Chinese computer system, despite all the media images of highly polished robot-like oriental geeks manning high-tech intrusions posts, is a mess. Once in Wenzhou I sat for an hour and watched 111 attempts to place a virus on my computer, all of which triggered my protective software and told me where the attempts were coming from—from the campus where I was working, even from which computer.

I patiently assembled a list and took it to the tech office. The Director grimaced and apologized.  They knew about those computers, and many more—they were indeed sending out viruses around the clock. Some had been doing so for years.  But they did not know where the machines themselves were.  He had no record of when and where machines were added, their system had grown so swiftly and often by ad hoc illicit additions, that his office knew very little and was helpless to stop them. He did not have his systems mapped! And was unable to do so. Like most Chinese I.T. directors, he had given up.

Multiply that example by every campus, corporation, and private computer network in China, and it becomes obvious that China may be the world’s most fertile ground for hackers.

If it was the Chinese government acting directly, and there is a strong argument so far not trotted out for it being the ultimate but not the immediate culprit, I think it would have been far more sophisticated, and far more deniable. Google has said that the attack, while prolonged, was easily turned back. I once asked a no more than moderately knowledgeable le employee of a private security firm how difficult would it be, if you knew the location, to access something in the Google cloud? The reply was, “Like opening your closet door and rummaging through your clothes.”

The argument that it was the Chinese government has rested, by and large, on the position that only the Chinese government might have done it, or had motive to do it. To me, this is only a step above arguing that Fu Manchu has exited from some fiendish Limehouse device, possibly cryogenic or time-traveling, and is back in the game.

There are, however, a number of other possible perps, in addition to the Chinese government or Fu Manchu. One possible perp is any one of a number of young Chinese hacker-nationalists popularly known as “Angry Youth.” These folks, many acting privately and out of what they think of as good nationalist reasons, are actually to the right of the Chinese government now, or would it be to their left?

Anyway, like many American congressmen, they think that the government is just not doing enough to stand up to the bad guys, in this case, the former Western imperialists. Mao once proclaimed, a bit prematurely, “Now the East Wind prevails over the West Wind.” The Angry Youth now respond, “Cool, time to get some back!”

However flawed their motives may seem to us, they think of themselves as acting righteously and spontaneously in the government’s interests—the 21st century equivalent of the Boxers, judged to be a patriotic group here.  Perhaps Boxers—“The Society of Righteous and Harmonious Fists,” is too much “back in the day,” so let’s call them “Mousers”.

Do any of the Angry Youth have the ability?  Oh yeah, unquestionably. They include distributed groups of well-trained and equipped I.T. specialists. They can read, and write, technical articles, like the one discussed above with the smoking code in it.  They have been cyberjousting with the Iranian hackers who recently took down Baidu for god’s sake.[iii] Google has apparently been searching for government moles in its staff in Beijing, but I trust that they were thoughtful enough to look for Angry Youth as well.

Other suspects?  Not quite endless, but numerous indeed. There are many reasons for wanting to identify lists of dissidents in China, some of which might seem positive to those bent on regime change.  The CIA, for example. The hacker mirror image of Angry Youth, dissident youth. Fa Lun Gong, which once took over Chinese Central Television for most of a day operating, apparently, from a “former” American air base and listening post in Taiwan. Taiwan itself. And this only assumes the motive of wanting to identify dissidents for positive reasons.

If we add a second-level motivation of wanting to discredit the Chinese government, we have all the above plus yet additional figures.

What about blackmail purposes?

What about commercial rivalries?  Baidu! Microsoft! Yahoo!  If Google leaves, these latter two become players.

Obviously, some of these are far-fetched indeed, but none can be discounted without consideration, and Occam’s razor will not really sort them out for us.

3) Why I think the Chinese government either did it or wants the world to believe that it did.

It is not possible for me to sort out these two arguments and choose one, but both rest on a simple premise. The Chinese government knew who the dissidents were and was undoubtedly doing its best to monitor them. (It has been interesting to me that so many dissidents have come forward voluntarily to proclaim their involvement in this matter; things have really changed here, an important fact to remember in these circumstances…) The Chinese government also, undoubtedly does its best to monitor G-mail out of the mainland we must assume, given its proclivity for wanting to know every damned thing about every damned thing.

Moreover, we cannot rule out that some of these folks are serious dissidents, even terrorists, the sort of folk we would lock up in a moment if they were Muslims in the U.S.

And while we are on this issue, I am relieved to see that the President announced, again, that he is in favor of the “freedom of the internet.”[iv]

(Barack, if you are reading this, would you mind emailing me your blackberry number? I am going to pass through American customs in about 36 hours, and I understand that they have the right to open my computer and look through it, and I have a bunch of stuff I have downloaded in there, and might want to give you a call if there are any problems! And I read that the FBI recently has been conducting illegal searches on email—including that of some journalists— without bothering to don their usual fig leaf of referring to open terrorism cases. And can I call you and talk to you about that Patriot Act thing???)

By its lights the Chinese government feels it has the moral authority, and knows it has the legal authority, to monitor dissidents. And its lights are often not that different than my government’s lights.

So given this level of interest in dissidents and its vast facilities—including a labor force recently estimated at 30,000 internet monitors, how can the government not know who did attack Google, even if it did not do so? There are several possible answers here:

  1. It does know. It knows because it used off-the-books private Chinese citizens, whether “Angry Youth” or mercenary hackers to do so, permitting it now to deny its agency. If the simplistic Occam’s razor actually has any merit at all, this is the answer right here. Why should the government have exposed itself—and ineptly so—by using its own people and its own machines?
  1. The Chinese government knows, but does not bust the perps because it wants to let the world believe that it did do it…

What could more discourage dissidents than the image of an omnipotent Chinese government capable even of hacking into Google, the state-of-the-art Western corporation which, incidentally, has bet the farm on the inviolability of its servers and its cloud?  If the dissidents’ email is not safe, neither is your correspondence with your tax attorney, your accountant, or those cute notes to Snookums.  Better cancel that G-mail account!

Uber-Summary:  Google, Chinese government, and American government: Step away from those microphones and that mouse!  Get a grip! Even, you know, compromise! This is too important to stomp around in like Bruce Willis or Jet Li. Remember some other issues here: Rogue states with nuclear weapons; Global Warming; International trade, etc., etc., etc.

From Hong Kong, 1/21/2010

Chairman Mouse

[i] See: McAfee Cites Microsoft Flaw in Cyberattacks

By VINDU GOEL

http://bits.blogs.nytimes.com/2010/01/14/mcafee-cites-microsoft-flaw-in-cyberattacks/ See also: Tania Branigan in Beijing and Kevin Anderson, guardian.co.uk, Thursday 14 January 2010 19.20 GMT Google attacks traced back to China, says US internet security firm Verisign’s iDefense Labs says IP addresses of attack ‘correspond to single foreign entity consisting either of agents of Chinese state or proxies thereof’

[ii] Evidence Found for Chinese Attack on Google

By JOHN MARKOFF, January 19, 2010

http://www.nytimes.com/2010/01/20/technology/20cyber.html?hp

[iii] See http://www.guardian.co.uk/technology/2010/jan/12/iranian-hackers-chinese-search-engine

[iv] See China responds to Google hacking claims

guardian.co.uk, Thursday 14 January 2010 07.41 GMT

http://www.guardian.co.uk/technology/2010/jan/14/china-google-hacking-response-dissidents

[Via http://chinatripper.wordpress.com]

No comments:

Post a Comment