By DAVID E. SANGER and JOHN MARKOFF
Published: January 14, 2010
http://www.nytimes.com/2010/01/15/world/asia/15diplo.html
SANTA CLARA, Calif. — Last month, when Google engineers at their sprawling campus in Silicon Valley began to suspect that Chinese intruders were breaking into private Gmail accounts, the company began a secret counteroffensive.
It managed to gain access to a computer in Taiwan that it suspected of being the source of the attacks. Peering inside that machine, company engineers actually saw evidence of the aftermath of the attacks, not only at Google, but also at at least 33 other companies, including Adobe Systems, Northrop Grumman and Juniper Networks, according to a government consultant who has spoken with the investigators.
Seeing the breadth of the problem, they alerted American intelligence and law enforcement officials and worked with them to assemble powerful evidence that the masterminds of the attacks were not in Taiwan, but on the Chinese mainland.
But while much of the evidence, including the sophistication of the attacks, strongly suggested an operation run by Chinese government agencies, or at least approved by them, company engineers could not definitively prove their case. Today that uncertainty, along with concerns about confronting the Chinese without strong evidence, has frozen the Obama administration’s response to the intrusion, one of the biggest cyberattacks of its kind, and to some extent the response of other targets, including some of the most prominent American companies.
President Obama, who has repeatedly warned of the country’s vulnerability to devastating cyberattacks, has said nothing in public about one of the biggest examples since he took office. And the White House, while repeating Mr. Obama’s calls for Internet freedom, has not publicly demanded a Chinese government investigation. Secretary of State Hillary Rodham Clinton, who had been the most senior U.S. official to talk of the seriousness of the breach, discussed it on Thursday with a Chinese diplomat in Washington, however, and a senior administration official said there would be a “démarche in coming days” — a diplomatic move.
On Thursday, the White House spokesman, Robert Gibbs, said Mr. Obama supported Google’s decision not to accept Chinese censorship of searches made on its system in China. “Our concern is with actions that threaten the universal rights of a free Internet,” he said.
China’s Foreign Ministry deflected questions about Google’s charges on Thursday and dismissed its declaration that it would no longer “self-censor” searches conducted on google.cn, its Chinese search engine. A ministry spokeswoman said simply that online services in China must be conducted “in accordance with the law.”
In interviews in which they disclosed new details of their efforts to solve the mystery, Google engineers said they doubted that a nongovernmental actor could pull off something this broad and well organized, but they conceded that even their counterintelligence operation, taking over the Taiwan server, could not provide the kind of airtight evidence needed to prove the case.
The murkiness of the attacks is no surprise. For years the National Security Agency and other arms of the United States government have struggled with the question of “attribution” of an attack; what makes cyberwar so unlike conventional war is that it is often impossible, even in retrospect, to find where the attack began, or who was responsible.
The questions surrounding the Google attacks have companies doing business in China scrambling to confirm that they were victims. Symantec, Adobe and Juniper Networks acknowledged in interviews that they were investigating whether they had been attacked. Northrop and Yahoo, also described as subjects of the attacks, declined to comment.
Besides being unable to firmly establish the source of the attacks, Google investigators have been unable to determine the goal: to gain commercial advantage; insert spyware; break into the Gmail accounts of Chinese dissidents and American experts on China who frequently exchange e-mail messages with administration officials; or all three. In fact, at least one prominent Washington research organization with close ties to administration officials was among those hacked, according to one person familiar with the episode.
Even as the United States and companies doing business in China assess the impact, the attacks signal the arrival of a new kind of conflict between the world’s No. 1 economic superpower and the country that, by year’s end, will overtake Japan to become No. 2.
It makes the tensions of the past, over China’s territorial claims or even the collision of an American spy plane and Chinese fighter pilots nine years ago, seem as outdated as a grainy film clip of Mao reviewing the May Day parade. But it also lays bare the degree to which China and the United States are engaged in daily cyberbattles, a covert war of offense and defense on which America is already spending billions of dollars a year.
Computer experts who track the thousands of daily attacks on corporate and government computer sites report that the majority of sophisticated attacks seem to emanate from China. What they cannot say is whether the hackers are operating on behalf of the Chinese state or in a haven that the Chinese have encouraged.
The latest episode illuminates the ambiguities.
For example, the servers that carried out many of the attacks were based in Taiwan, though a Google executive said “it only took a few seconds to determine that the real origin was on the mainland.” And at Google’s headquarters in Mountain View, there is little doubt that Beijing was behind the attacks. Partly that is because while Mr. Obama was hailing a new era of cautious cooperation with China, Google was complaining of mounting confrontation, chiefly over Chinese pressure on it to make sure Chinese users could not directly link to the American-based “google.com” site, to evade much of the censorship the company had reluctantly imposed on its main Chinese portal, google.cn.
“Everything we are learning is that in this case the Chinese government got caught with its hand in the cookie jar,” said James A. Lewis, a senior fellow at the Center for Strategic and International Studies in Washington, who consulted for the White House on cybersecurity last spring. “Would it hold up in court? No. But China is the only government in the world obsessed about Tibet, and that issue goes right to the heart of their vision of political survival and putting down the separatists’ movements.”
Over the years, there have been private warnings issued to China, notably after an attack on the computer systems used by the office of the defense secretary two years ago. A senior military official said in December that that attack “raised a lot of alarm bells,” but the attacker could not be pinpointed. The administration cautioned Chinese officials that attacks seemingly aimed at the national security leadership would not be tolerated, according to one American who took part in delivering that message.
David E. Sanger reported from Santa Clara, and John Markoff from San Francisco. Mark Landler contributed reporting from Washington.
谷歌工程师谈黑客攻击谷歌细节,好似好莱坞惊险大片
纽约时报今天载文,报道谷歌工程师调查黑客攻击谷歌事件的情况。高水平的网络间谍战,颇具好莱坞惊险大片的素材色彩。
去年12月,硅谷的谷歌工程师在发现有人企图非法进入私人的Gmail 信箱后开始展开秘密调查。调查显示,这是一次有组织的,高科技的行动。
谷歌工程师接受采访时透露,他们最初确定攻击源自台湾的一台计算机,但进一步的调查证据显示,有33个公司受到黑客攻击,包括Adobe Systems, Northrop Grumman and Juniper Networks。鉴于涉及到的范围,谷歌向美国情报和执法官员报警,并与他们合作收集有力证据。证据表明,袭击事件的主谋并不在台湾,而是在中国大陆。
谷歌的工程师怀疑一般的黑客不可能开展如此广泛的和组织良好的行动,攻击的复杂性强烈提示,这可能是政府机构所为,或是政府机构许可的行动。但谷歌的工程师承认,即使他们所采取的通过台湾服务器的反间谍行动,也尚不能提供严密的证据来确定攻击者的真正身份。
这种袭击的不确定性并不奇怪。美国国家安全局和美国政府的其他机构一直在设图解决这类攻击的“归属”问题。这使得网络战争有别于常规战争,因为常无法确定网络攻击源于何地,由谁发动。
除了不能肯定攻击来源,谷歌调查人员也无法肯定攻击的目的:是为获得商业利益,插入间谍软件,或是打入中国持不同政见者的Gmail帐户和美国的那些经常与政府官员交换电子邮件的中国专家的信箱,也可能是这三种因素都有。事实上,至少有一个与政府官员关系密切的重要的华盛顿研究机构受到黑客攻击。
这种网络攻击使得9年前发生的美国间谍飞机与中国战机相撞时出现的紧张局势,变得像毛泽东检阅五一劳动节游行的电影片一样过时。但它暴露了中美之间的日常网络战-cyberbattles的程度,美国每年花费数十亿美元的秘密战争。
那些跟踪每天对企业与政府的电脑网站发动的成千上万次攻击的电脑专家指出,大多数复杂的攻击似乎是源自中国。但他们不能确定,黑客是代表中国政府或是受到政府的鼓励与保护。
此次进行多起袭击事件的服务器虽在台湾,谷歌首席执行官说:“只用几秒钟就可以确定,真正的攻击地在大陆。”
多年来,一直有对中国发出的私下警告,突出的是在两年前美国国防部长办公室的计算机系统受到攻击之后。一位高级军事官员去年12月表示,虽然袭击“敲响了很多的警钟”,但无法确定攻击者。美国政府警告中方官员,针对国家安全领导的袭击事件不会被容忍,据一位传递该消息的美国人士说。
摘译自:After Google’s Loud Stance on China, U.S. Treads Lightly
沒有留言:
張貼留言