What surprises me about the latest hack of Google , supposedly by the Chinese government, is that it was surprising to anyone. Stories about the incident are flooding Computerworld.com and other sites throughout the Internet. Google is threatening to pull out of China in response to the hacking , which is giving people the impression that Google is protecting its Web mail subscribers and itself. In reality, I doubt that it will do either.
The whole affair reminds me of a scene in the movie There Will Be Blood , when Daniel Day Lewis' corrupt oil baron tries to buy drilling rights from several landowners, and only one holds out. Years later, the farmer, in need of money, reconsidered. The oil baron, in a drunken rage, laughs at the landowner's representative and tells him that all of the oil was in one common pool, and that when he pumped the oil out of the ground from one piece of land, he got the oil under everybody else's land. It was as if he had stuck a really long straw in the farmer's milkshake, he said, adding "I drank your milkshake." Given the nature of the Internet, whether or not Google pulls out of China, China will drink Google's milkshake.
First, let's acknowledge that China is thought to have hacked the White House, the U.S. Department of Energy, the U.S. Department of Defense, and just about every other government agency and contractor. This has all been well documented as incidents given the code name Titan Rain by U.S. investigators . It is also generally acknowledged that China has hacked or otherwise committed corporate espionage against just about every major company in the world. When it comes to business competition, China plays rough. I have had corporate security managers come to me for advice on how to ward off China's corporate espionage efforts. These businesspeople had opened up factories in China, only to see a Chinese owned factory open up down the road, making the same products for a third of the cost, within three months.
Now, Secretary of State Hillary Clinton is expressing concern about China hacking Google and 33 other companies . Was the U.S. government not concerned when the White House computers were hacked? Was it not concerned when the Department of Defense was hacked? Meanwhile, just as with all of those previous, and infinitely more egregious, hacks, China will continue to ignore such expressions of concern and hack everyone it wants to.
I hope nobody is expecting that China will change its practices because of expressions of concern from the Clinton State Department or others in the U.S. government. The fact is that China has tremendous leverage over the U.S. government, seeing as it has been funding the U.S. debt for the last eight years. If we didn't get any significant results after the publicity of the Titan Rain incidents, we are not going to get any results after complaining about hacking Google.
Google seemed to give up a core belief when it agreed to censor results as a condition of going into China. It wanted access to the huge Chinese market and all the potential profits it saw there. Now it's being credited with claiming the high moral ground with its threat to pull out of China because it suspects the Chinese of hacking into systems that Google reserves for law enforcement to trace individual users. That system would allow China to identify dissidents who may or may not be located in China. Of course, this is apparently in addition to China allegedly stealing Google's intellectual property, which is very likely Google's primary concern.
The fact is that I expect China to attempt to commit acts of espionage. Every country does. I expect any country to act in what it perceives to be its own interests. That includes government-sponsored computer hacking of government and private computer networks.
The U.S. government eventually changed its code word, Titan Rain, and for that reason, you can say that theoretically, the Titan Rain incidents have stopped. And a name change seems like the only way we could say the Google hacks have stopped. Google's strategy of vowing to pull out of China won't do the trick. The Chinese hacks were apparently facilitated not by a direct compromise of the Google network, but by compromising user accounts. Those compromises reportedly occurred through the use of very targeted spear phishing messages containing malware. So whether or not Google is physically located in China, China can still reach out through the Internet and drink Google's milkshake.
My one hope coming out of this is that individuals and companies of all sizes will begin to realize that anyone can be a target, for a wide variety of reasons beyond their control. Too many people think "It will never happen to me." But China has clearly moved beyond hacking the White House and Department of Defense, and is now hacking individuals. Remember, anyone on the Internet can drink your milkshake.
Ira Winkler is president of Internet Security Advisors Group and author of the book Spies Among Us . He can be contacted through his Web site, irawinkler.com .
This story, "China's Google Hack Shouldn't Surprise Anyone" was originally published by Computerworld.