rss feedNoted: Hackers took Google’s code
I’ll get to some lighter things for this blog soon.
But I’m glad I read The New York Times article by John Markoff and Ashlee Vance about hackers and safety concerns of software companies because it reminded me of information swirling in the Google in (or possibly out of) China drama.
That is: Exactly what was the target of the hackers from China who broke into Google?
I asked that question a few days ago after I watched a CNBC interview with analyst David Garrity who covers the Mountain View, Calif. company.
Garrity told CNBC that a “fair amount of core source code” had been “misappropriated” from Google. The way he said it, without attribution even to sources, led me to question it.
I figured journalists would chase that angle since it can raise the eyebrows of many people with large amounts of responsibility in Silicon Valley and Washington, D.C.
In the day or so after the news broke, it was easy to focus on the angle of someone snooping in the Gmail accounts of activists to find out their contacts and their criticism of the Chinese government.
It turns out, both issues – theft and privacy intrusion – appear to be true.
Markoff and Vance reported and filed an insightful story that talks about source code – which is the key to the kingdom for many online and computer companies.
The passage from their story that I like:
The fear of someone building such a back door, known as a Trojan horse, and using it to conduct continual spying is why companies and security experts were so alarmed by Google’s disclosure last week that hackers based in China had stolen some of its intellectual property and had conducted similar assaults on more than two dozen other companies.
When David Drummond, Google’s chielf legal officer, talked on CNBC last week, he led off the interview with the hacked Gmail accounts.
But I just reread Google’s blog account from last week and realized I had overlooked this wording:
In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google.
I don’t know whether the type of intellectual property that was taken will come up when Google executives are scheduled to talk with Wall Street analysts on Thursday.
I’m sure shareholders would like more information.
The question also becomes whether Google executives can really talk about the theft openly without jeopardizing its overall security or intellectual property.
Markoff and Vance quoted a computer security specialist who helped Google investigate the December attacks:
Originally we were saying, ‘Well, whoever got it has the secret sauce to Google and some 30 other California companies, and they can replicate it,’ said Rick Howard, director of security intelligence at VeriSign iDefense, which helped Google investigate the Chinese attacks. ‘But some of the more devious folks in our outfit were saying, ‘Well, they could also insert their own code — and they probably have.’
Considering that possibility alone – even if it remains unclear to the public now – is reason enough to hit the alarm bell.
Read the article by Markoff and Vance.
They included past cases, for example one around 2004, in which a hacker or several of them inserted code into telephone computer programs and were able to listen to the conversations of the Greek prime minister, the Athens mayor, military leaders and journalists.
Markoff also has this article about the method that might have been used in the cyber attacks.
I’m sure senior Chinese leaders like the fact that the two New York Times reporters pointed out that cyber attacks come from countries all over the world.
But if words are carefully selected when used in international business relations, there is the question of who in the Chinese government decided to go with the idea about arrogance and the West - especially when the U.S. public is now aware of the possibility of intruders inserting code into software.
That being said, I’m sure there is some type of backdoor conversation going on – or on the agenda – for Google executives and senior Chinese leaders.
And the person or group that was responsible for the Google cyber attack probably realize a different career bell of sorts has been rung.
When I covered crime as a journalist, there was always the possibility that the person who committed the illegal act was going to talk about it – to friends, relatives, classmates, to someone with some degree of trust.
The goal was to talk with as many people as possible who might have information about the crime.
But I think with this one, silence – at least with people outside a tight circle - might be the order for a very long time.
Yes, I’ll let this topic rest – at least for a few hours.
UPDATE: Yes, a few hours later. Nuance is everything. Google executives, as the Gray Lady reported, might want to keep a business unit in the soon-to-be second largest economy in the world.
But earlier, there were reports that Google’s investigation of the cyber attacks involved whether its own employees in China were involved. Some staff members apparently were transferred. Others reportedly were cut off from the home office.
So, um, here’s another unintended consequence out of all this: China has bright engineers – smart enough to work for Google. Because of the security breach, Google reportedly had to investigate all possible angles – um, which might actually have upset this group of bright, China-born engineers.
But if Google goes for a nuanced end to this chapter and closes Google.cn but maintains a business unit in China, then it seems like executives from Mountain View, Calif. would have to fly over to patch up any morale problem and get that Google ball rolling at full speed.
