Spy game

The Chinese attack on Google raises questions about the cloud

Tags: ChinaCloud computingCyber crimeGoogle IncorporatedUSA
  • E-Mail
By  Imthishan Giado Published  January 18, 2010

The news that Google's servers have been penetrated in an alleged attack by the Chinese government has sent shockwaves through the IT industry.

Most of the shock does not centre around the notion that China would attempt to break into overseas computers with the express aim of gathering data on human rights activists. A 2009 report from Cambridge University wittily-entitled "The Snooping Dragon" claimed that a China-based network targeted government agencies in 103 countries around the world, with the aim of stealing confidential data, as well as breaking into the computers of the office of the Dalai Lama. There's little question that these incidents are happening, and if you happen to be associated with Tibetan emancipation issues in any way, well, consider sending mail via the postman.

What is often difficult to prove is the culprit behind these sorts of incidents. For its part, the Chinese government has always steadfastly denied that it has sponsored cyber-terrorism and without concrete evidence, it's exceedingly difficult to provide a direct link between overseas break-ins and the People's Republic.

What is different about this attack is the victim. Previous targets were primarily of a government or military nature. This time, the hackers targeted Google infrastructure with the express intent of locating and retrieving e-mails in the Gmail accounts of known Chinese human rights activists. As everyone now knows, Google responded by going public with the incident and announced that it intended to cease censoring search results on Google.cn and would pull out of China if it could not operate an unfiltered search engine. (Although it has since backtracked slightly, claiming business is ‘proceeding as usual' and it will hold talks with the Chinese to work out a solution).

Although there is no direct comparison, I can't help but draw parallels with the situation in the Middle East. Strangely enough, it's almost like being on the other side of the curtain. In this region, a number of regional governments voluntarily censor the internet traffic entering and exiting their countries, looking to protect citizens from both social ills and material that might spark political dissent and potential rebellion. Nevertheless, determined individuals have managed to thwart the efforts of authorities to control the flow of information, most notably during the Iranian riots last year, when Twitter and Facebook emerged as organisational weapons to foment rebellion. It's cat-and-mouse, but the state actors aren't quite as efficient as the Chinese machine, nor as motivated by political ideology.

What's fascinating to me is that Google choose to disclose the incident voluntarily, even though it might jeopardise a significant revenue stream. Admittedly, the Mountain View-based firm has little to lose, being some way behind home-grown search engine Baidu.com in the popularity stakes. Nevertheless, it chose to take a principled stand and it's unique among the tech industry. I honestly cannot see other technology vendors adopting such a stance; no management team would want to jeopardise a source of revenue, particularly in our troubled times. That Google would take on the likes of China, which holds most of the world's debt, is commendable. Will it start a bandwagon of companies sticking to moral principles over shareholder self-interest? Not a chance, I'm afraid.

Above all, the news of a successful attack will raise questions about the safety of data residing on the cloud. Google and other providers of cloud-based resources have seen tremendous growth over the past 12 months as companies have flocked to their solutions. The fact that the defences of Google - the 800-pound gorilla of the field - can be hacked successfully will only provide more ammunition to those in the region who say that this emerging technology is far from ready for primetime. After all, if Google can't protect your data - who can?

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code