CNET News Video
China's attack on Google explainedElinor Mills explains what happened to Google, how it happened, who did it, and who else was affected.
[ Music ] ^M00:00:04 >> Google shocked the tech community this past week by not only announcing that they were considering pulling out of China but the reason why was targeted attacks against them from within China. Now, there has been a lot of confusion and speculation about whether it's the government at fault, what these attacks were, what kind of information they got away with. And to help us make a little bit clearer picture on what's happening in China's attacks on Google, we have Elinor Mills from CNET News. Thanks for joining us, Elinor. >>Elinor: Sure. >> Let's start with what happened. What did Google know and when did they know it? >>Elinor: Google this week said that in mid-December they noticed that there had been a network intrusion on its corporate network. It said that it was highly sophisticated and it was investigating. And it said that, at the time that it noticed, intellectual property was stolen. >> Okay. So this is an attack on Google, trying to steal stuff. Do we know what they tried to steal? What kind of intellectual property? >>Elinor: No. They won't say, but other sources who are familiar with the investigation said that the attacks were directed at source code. >> Okay. So that would make sense. That's the kind of intellectual property someone might be after. >>Elinor: Also, someone was able to go through the Google network somehow, get in there, and access Juno accounts from two users and see some account information, like when it was created, but they were not able to read the contents. >> Okay. So they didn't get in and read the email? >>Elinor: No. >> They got into the Google network and found some account information about them. >>Elinor: Right. >> Those were internal. Now, there were also some external attacks, not on Google but against Google properties, right? >>Elinor: Against Google users, specifically other Gmail users who had their computers infected separately, not associated with Google. >> So this wasn't an attack against the Google network. This is an attack against home computers and then getting in and reading people's Gmail. >>Elinor: Exactly. >> And why were they targeting Gmail at all? >>Elinor: The link between these Gmail users was that they were human rights activists or somehow involved in human rights. >> Okay. So we have two types of attacks; we have two targets. One was intellectual property, and the other was going after dissidents. How were these attacks executed? >>Elinor: Microsoft said yesterday that there was a newly discovered vulnerability in Internet Explorer that was used in the attacks. >> Okay. So all versions of Internet Explorer? >>Elinor: Six. They said IE6 was used. >> Okay. Seven and eight doesn't have to worry? >>Elinor: Seven and eight also are vulnerable. >> But wasn't used in the attacks. >>Elinor: So it's to the exploit. But, in the attacks, they specifically said IE6. >> And they've got a patch coming for that? >>Elinor: Yes. >> Okay. So maybe a PDF file, definitely an Internet Explorer vulnerability. >>Elinor: Yeah, definitely. >> And where did these attacks come from? What do we know about that? >>Elinor: Google specifically said they originated in China. They did not blatantly come out and say that they think the Chinese government is behind it. They said they're going to stop censoring their [inaudible]. >> They've implied it through their actions, essentially. >>Elinor: Absolutely. >> But there are some other researchers who've said, "Yeah. I think we know this is China." How did they -- how did they come to that determination? >>Elinor: Yeah. Tracing it to servers that were found to be hosting the data that were in Taiwan; and, then, also, servers that were found to be in Texas and Illinois. >> Okay. So when they were looking at -- and I understand they call it Project Aurora as sort of a code name. >>Elinor: McAfee's calling it -- >> -- is it from what McAfee's calling the vulnerability or the code? >>Elinor: Yeah. >> It was communicating to servers in Texas, Illinois, and Taiwan. >>Elinor: There are links to IP addresses that were similar to attacks that previously had been done on US corporations similar to this that were linked to the Chinese state. >> So it fit the profile, in other words. >>Elinor: It fit the profile. >> Okay. So we know what happened, we know how it happened, we know from where it came, sort of. Who else did it affect? Because I know others, besides Google, were under attack, as well. >>Elinor: The same day that Google made their announcement, on Tuesday, shortly thereafter Adobe came out and said, "Our network was attacked." Now, they didn't link it specifically to Google; but that's the implication is that Google had said at least twenty other companies were part of these attacks. >> And then Adobe announced an attack that was similar, so we can assume it must be part of the same? >>Elinor: Right. Yeah. That it's a similar attack. They didn't give any details. They said they are still investigating. >> Who else? >>Elinor: Since then, researchers listed Yahoo, Symantec, Northrop Grumman, Dow Chemical, and Juniper networks. Yahoo, Symantec, Grumman, and Dow have all either declined to comment or have declined to say whether it -- you know, confirm it or deny it. Juniper has said they are investigating attacks. Now, whether, you know, they didn't say specifically attacks on our network or what, so. >> And Juniper does investigate attacks as part of their business. >>Elinor: Yes. >> Yeah. So they are obfuscating a little bit there, as well. >>Elinor: Absolutely. >> How many total companies? Is it just twenty or do we think it's more? >>Elinor: Okay. So, no. The number has been pegged at 34 from iDefense and others. >> Okay. So we think -- >>Elinor: 34 total, including Google. >> 34 companies and all after the same sort of thing? Human rights and intellectual property, or do we even know? >>Elinor: Actually, for these companies, it would be the intellectual property. >> Now, before we wrap up, that seems to kind of encapsulate it. But we had one interesting incident later on at -- these attacks all started in December, ended around January 4th, right? >>Elinor: Right. Because one of the servers or more of the servers were cut down then. >> And we don't know why they were cut down. >>Elinor: We don't know. >> But, after they went down, something else happened. >>Elinor: Okay. Yeah. So a law firm in LA, Gipson, Hoffman and Pancione reported that it, too, had had a similar type of attack on its employees. And, again, they say that there is the China connection based on the way the attacks were done and the timing. Now, the firm is alleging in the lawsuit that China stole code from that US product to use in its Green Dam software that it's using to -- >> Filter. >>Elinor: To filter and block citizens from accessing internet sites. >> Okay. So they -- there's a case for retaliation there -- >>Elinor: Absolutely. >> -- that you could see and understand. One last question. All of this seems very clear. Thank you for helping to explain it. Things are still developing. Are there any other issues that we think might crop up that we should keep an eye on? >>Elinor: Yeah. The investigations continue on all the -- the attacks on all the companies, and information is trickling out. One -- a couple of sources have said that Google is most definitely probably looking at insider -- an insider threat. >> So someone infiltrated Google? >>Elinor: Or -- yes. An employee maybe with connections to China. >> That's serious. That's something to keep our eyes on. All right. Thank you so much, Elinor. We appreciate the walk-through. We are going to keep following the story. Look for Elinor and Tom Krazit's work at news .com, and we'll keep you up to date. [ Music ] ^M00:06:51