6
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

CNET News Video: China's attack on Google explained

About Video Transcript

CNET News Video: China's attack on Google explained

6:52 /

Elinor Mills explains what happened to Google, how it happened, who did it, and who else was affected.

[ Music ] ^M00:00:04 >> Google shocked the tech community this past week by not only announcing that they were considering pulling out of China but the reason why was targeted attacks against them from within China. Now, there has been a lot of confusion and speculation about whether it's the government at fault, what these attacks were, what kind of information they got away with. And to help us make a little bit clearer picture on what's happening in China's attacks on Google, we have Elinor Mills from CNET News. Thanks for joining us, Elinor. >>Elinor: Sure. >> Let's start with what happened. What did Google know and when did they know it? >>Elinor: Google this week said that in mid-December they noticed that there had been a network intrusion on its corporate network. It said that it was highly sophisticated and it was investigating. And it said that, at the time that it noticed, intellectual property was stolen. >> Okay. So this is an attack on Google, trying to steal stuff. Do we know what they tried to steal? What kind of intellectual property? >>Elinor: No. They won't say, but other sources who are familiar with the investigation said that the attacks were directed at source code. >> Okay. So that would make sense. That's the kind of intellectual property someone might be after. >>Elinor: Also, someone was able to go through the Google network somehow, get in there, and access Juno accounts from two users and see some account information, like when it was created, but they were not able to read the contents. >> Okay. So they didn't get in and read the email? >>Elinor: No. >> They got into the Google network and found some account information about them. >>Elinor: Right. >> Those were internal. Now, there were also some external attacks, not on Google but against Google properties, right? >>Elinor: Against Google users, specifically other Gmail users who had their computers infected separately, not associated with Google. >> So this wasn't an attack against the Google network. This is an attack against home computers and then getting in and reading people's Gmail. >>Elinor: Exactly. >> And why were they targeting Gmail at all? >>Elinor: The link between these Gmail users was that they were human rights activists or somehow involved in human rights. >> Okay. So we have two types of attacks; we have two targets. One was intellectual property, and the other was going after dissidents. How were these attacks executed? >>Elinor: Microsoft said yesterday that there was a newly discovered vulnerability in Internet Explorer that was used in the attacks. >> Okay. So all versions of Internet Explorer? >>Elinor: Six. They said IE6 was used. >> Okay. Seven and eight doesn't have to worry? >>Elinor: Seven and eight also are vulnerable. >> But wasn't used in the attacks. >>Elinor: So it's to the exploit. But, in the attacks, they specifically said IE6. >> And they've got a patch coming for that? >>Elinor: Yes. >> Okay. So maybe a PDF file, definitely an Internet Explorer vulnerability. >>Elinor: Yeah, definitely. >> And where did these attacks come from? What do we know about that? >>Elinor: Google specifically said they originated in China. They did not blatantly come out and say that they think the Chinese government is behind it. They said they're going to stop censoring their [inaudible]. >> They've implied it through their actions, essentially. >>Elinor: Absolutely. >> But there are some other researchers who've said, "Yeah. I think we know this is China." How did they -- how did they come to that determination? >>Elinor: Yeah. Tracing it to servers that were found to be hosting the data that were in Taiwan; and, then, also, servers that were found to be in Texas and Illinois. >> Okay. So when they were looking at -- and I understand they call it Project Aurora as sort of a code name. >>Elinor: McAfee's calling it -- >> -- is it from what McAfee's calling the vulnerability or the code? >>Elinor: Yeah. >> It was communicating to servers in Texas, Illinois, and Taiwan. >>Elinor: There are links to IP addresses that were similar to attacks that previously had been done on US corporations similar to this that were linked to the Chinese state. >> So it fit the profile, in other words. >>Elinor: It fit the profile. >> Okay. So we know what happened, we know how it happened, we know from where it came, sort of. Who else did it affect? Because I know others, besides Google, were under attack, as well. >>Elinor: The same day that Google made their announcement, on Tuesday, shortly thereafter Adobe came out and said, "Our network was attacked." Now, they didn't link it specifically to Google; but that's the implication is that Google had said at least twenty other companies were part of these attacks. >> And then Adobe announced an attack that was similar, so we can assume it must be part of the same? >>Elinor: Right. Yeah. That it's a similar attack. They didn't give any details. They said they are still investigating. >> Who else? >>Elinor: Since then, researchers listed Yahoo, Symantec, Northrop Grumman, Dow Chemical, and Juniper networks. Yahoo, Symantec, Grumman, and Dow have all either declined to comment or have declined to say whether it -- you know, confirm it or deny it. Juniper has said they are investigating attacks. Now, whether, you know, they didn't say specifically attacks on our network or what, so. >> And Juniper does investigate attacks as part of their business. >>Elinor: Yes. >> Yeah. So they are obfuscating a little bit there, as well. >>Elinor: Absolutely. >> How many total companies? Is it just twenty or do we think it's more? >>Elinor: Okay. So, no. The number has been pegged at 34 from iDefense and others. >> Okay. So we think -- >>Elinor: 34 total, including Google. >> 34 companies and all after the same sort of thing? Human rights and intellectual property, or do we even know? >>Elinor: Actually, for these companies, it would be the intellectual property. >> Now, before we wrap up, that seems to kind of encapsulate it. But we had one interesting incident later on at -- these attacks all started in December, ended around January 4th, right? >>Elinor: Right. Because one of the servers or more of the servers were cut down then. >> And we don't know why they were cut down. >>Elinor: We don't know. >> But, after they went down, something else happened. >>Elinor: Okay. Yeah. So a law firm in LA, Gipson, Hoffman and Pancione reported that it, too, had had a similar type of attack on its employees. And, again, they say that there is the China connection based on the way the attacks were done and the timing. Now, the firm is alleging in the lawsuit that China stole code from that US product to use in its Green Dam software that it's using to -- >> Filter. >>Elinor: To filter and block citizens from accessing internet sites. >> Okay. So they -- there's a case for retaliation there -- >>Elinor: Absolutely. >> -- that you could see and understand. One last question. All of this seems very clear. Thank you for helping to explain it. Things are still developing. Are there any other issues that we think might crop up that we should keep an eye on? >>Elinor: Yeah. The investigations continue on all the -- the attacks on all the companies, and information is trickling out. One -- a couple of sources have said that Google is most definitely probably looking at insider -- an insider threat. >> So someone infiltrated Google? >>Elinor: Or -- yes. An employee maybe with connections to China. >> That's serious. That's something to keep our eyes on. All right. Thank you so much, Elinor. We appreciate the walk-through. We are going to keep following the story. Look for Elinor and Tom Krazit's work at news .com, and we'll keep you up to date. [ Music ] ^M00:06:51

New releases

See who's playing who in the new Steve Jobs movie
1:30 January 28, 2015
See who'll star in Danny Boyle's upcoming Steve Jobs biopic, and who the real-life people are that they'll be portraying.
Play video
Logic Pro X music app gets a free upgrade
3:12 January 28, 2015
Apple adds new drummers, plug-ins and editing tools to its professional music creation tool.
Play video
Tech to make your Super Bowl-watching experience even better
1:03 January 28, 2015
Super Bowl 49 pits the Seattle Seahawks against the New England Patriots on February 1. Whether you're a die-hard football fan or just...
Play video
Mission Motorsport: Helping veterans through the medium of fast cars
8:12 January 27, 2015
Wounded veterans can struggle after returning home, and to help with this Mission Motorsport offers former service men and women the...
Play video
Inside Scoop: Apple says Watch will ship in April, reports record iPhone sales
2:27 January 27, 2015
Apple's bigger phones give the company its best sales quarter ever: 74.5 million iPhones sold. CEO Tim Cook also makes news with the...
Play video
The CraveCast learns what Mark Zuckerberg is really made of
44:45 January 27, 2015
The Crave crew takes on the twisted side of the arts and sciences and science fiction, including Shakespeare, Star Wars, gravity failing...
Play video
Tomorrow Daily 119: Robot bats, real-life ad-blocking headset, a futuristic piano and more
24:47 January 27, 2015
On today's show, we shudder at a robot bat that can easily switch between flying and moving on the ground, check out a headset that...
Play video
Google's looking to become its own wireless carrier
4:08 January 27, 2015
Google plans to shake up the US wireless market, Project Ara could partner with Blocks modular smartwatch, and photos leak for the...
Play video