A Summary on Google China’s Hacking Incident

Google China’s hacking incident has been a major discussion worldwide especially in the internet security sector. The US government even viewed such incident to be a national security priority because of the sensitivity and danger it will cause, if not taken proper actions, in the future.

The Hacking Incident

The hacking incident started mid-December last year though it was detected early January this year. As we can recall, 4 years ago, Google announced their new domain in China – called google.cn. In exchange for their settlement in the country and in accordance to the Chinese government law, they’ve implemented a search result censorship scheme to limit the flow of information that Chinese people can access. Such restricted contents would include information that is deemed to be harmful or against the Chinese government which would include words from local and foreign activists.

Last January 12, the online community was shaken when Google disclosed in their official blog that they’ve experienced a highly sophisticated and targeted attack from unknown third party. During their investigation, Google traced that the source of the hacking incident came from China. It was found out that the primary goal of the hackers was to gain access to Gmail accounts of some Chinese human right activists. Hackers were able to access two Gmail accounts although it was only limited to account information rather than contents of emails themselves. Further investigation found out that Google was not the only target of the attack but there were other at least twenty big companies including the Internet, finance, technology, media and chemical sectors who experience the same attack – one of which is Adobe.

A Highly Sophisticated Attack

Investigation done by McAfee (an antivirus firm) further shows how the actual espionage happened. Hackers used unprecedented tactics that combined encryption, stealth programming and an unknown hole in Microsoft’s Internet Explorer. They’ve used dozen pieces of malwares and high encryption level which passed through any common detection methods. The initial attack was suspected to happen when company employees visited a malicious website. Once visited, Internet Explorer browser was exploited to download an array of malware to their computer automatically and transparently. According to Dmitri Alperovitch, Vice President of threat research for McAfee:

The initial piece of code was shell code encrypted three times and that activated the exploit,” “Then it executed downloads from an external machine that dropped the first piece of binary on the host. That download was also encrypted. The encrypted binary packed itself into a couple of executables that were also encrypted.

One of the malicious programs was also found out to have opened a remote backdoor to the infected computer, establishing an encrypted covert channel that pretended to be an SSL connection to avoid detection. Such infected computer served as a spy to search other parts of the network for login credentials, intellectual property and other important company assets. Though there were a lot of tools used in the hacking incident, vulnerabilities from Microsoft’s Internet Explorer and Adobe’s Acrobat PDF reader were proven to be of great help to hackers.

The Security Implications

The hacking incident poses a great threat not only to those bigger companies directly affected by the attack but also to the whole internet community itself. Online business transactions are now very popular since it is fast, easy and a highly accessible method of transacting business. With this incident, the whole security of the internet will now be put into question since hackers were able to gain access to sensitive information of big companies which we deemed to be very well-secured. Hackers in the future might obtain sensitive and highly classified information including company’s financial records. This is something which we do not like to happen. It is for this reason why internet security institutions and the US government are doing their bests to avoid further similar incidents from occurring in the future. As what Hillary Clinton, the US secretary of state, said: “The ability to operate with confidence in cyberspace is critical in a modern society and economy” and thus should be properly secured.

You may also like to read: