A U.S. judge has approved the lawsuit filed by Chinese search engine giant Baidu against its domain register following a cyber attack which occurred in January.

The suit follows the attacks in January which were attributed to a group calling themselves the “Iranian Cyber Army.” Baidu alleges that Register.com gave the hackers access to Baidu’s account when the hackers called the register claiming to be employees of Baidu.

The hackers were then able to change the server number, redirecting users attempting to access the search engine to a site with political messages, according to the BBC.

“It’s like somebody going into the telephone book and changing your phone number,” Graham Cluley of Sophos said.

The search engine claims it lost millions of dollars because of the hack and filed seven lawsuits against the domain register. The U.S. judge allowed two of the suits.

“I hold that Baidu has alleged sufficient facts in its complaint to give rise to a plausible claim of gross negligence or recklessness,” Judge Denny Chin said.

The trial will begin next month in New York. Cluley said it was fortunate the hack didn’t have more serious repercussions.

“Rather than displaying propaganda [the website] could have installed malware or spyware,” he said. “Baidu in China is extremely popular – it could have infected a lot of computers.”

http://www.thenewnewinternet.com/2010/07/23/court-approves-baidu-lawsuit-against-domain-register-for-iranian-cyber-army-hack/

The arrest of 11 people on charges of espionage for the Russian government was a case of old-fashioned spy craft straight from the annals of the Cold War: dead drops, moles and communicating in code, known as steganography. Yet Russia is not alone in trying to crack U.S. secrets. China is engaged in a massive espionage effort against the United States that exceeds Russian efforts on a crucial front: Cyber espionage.

The Chinese military — namely the People’s Liberation Army — is behind many of the cyber intrusions into U.S. government and corporate computer networks as part of a broad effort to steal technological, military and political secrets. This form of espionage costs the United States hundreds of billions of dollars per year and represents a dangerous threat to U.S. national security.

In early 2010, news reports from Washington indicated that Google, along with other U.S.-based corporations, was being hacked by unnamed parties in China. A progressive political organization, Patriot Majority, asked me and a team of journalists and researchers to investigate the likeliest source of the attacks. After combing through government documents, military land technical literature we concluded the Chinese military was likely behind many cyber intrusions against the United States.

Why? In 1995, the U.S. Navy humiliated the PLA during the Taiwan Strait Crisis by a massive show of force, as not one but two aircraft carrier battle groups sailed unmolested between the mainland and Taiwan, quelling mainland threats of force. That episode underscored the PLA’s technological inferiority in case of an actual shooting war.

And it set off a rush within China’s huge but antiquated military to modernize. The military ramped up its spending to improve its technological quality in areas such as space and cyber warfare, as well as its traditional military’s precision-strike capabilities. The conception of this effort came in the form of a book in 1999 called “Unrestricted Warfare.” Written by two Chinese colonels and promoted as required reading for officers, it said, “The first rule of unrestricted warfare is that there are no rules, with nothing forbidden.”

As a result, and under orders from President Hu Jintao, the PLA reorganized to engage in cyber warfare in case of war — and to engage in cyber espionage during peace. In 2004, a PLA white paper stated that its primary goal in modernizing was “building an informationalized force and winning an informationalized war.” The military shed 200,000 troops while investing between $50 billion and $100 billion per year. The government has even conscripted entire civilian companies, in fact, and rolled them into the PLA as cyber warfare units.

One interesting focus of the PLA’s modernization efforts — and a potential source of the cyber intrusions against the United States — is a military complex on Hainan Island in the South China Sea. Hainan features a space launch complex, an underground submarine base and it is home to a large signals intelligence unit that seems to have been converted from eavesdropping on satellite transmissions to cyber missions.

Hainan has for years also been the scene of confrontations and collisions between U.S. efforts to gather intelligence and China’s efforts to safeguard its own secrets. In 2001, for instance, a U.S. Navy EP-3E Aries II spy plane collided with a Chinese fighter and landed there. And in 2009, Chinese trawlers intercepted and harassed the U.S. spy ship Impeccable approximately 75 miles from the island.

In addition, in 2009, Canadian researchers at The SecDev Group and The Munk Center concluded that a series of cyber intrusions against political and government targets around the world included many that emanated from an Internet protocol address on Hainan. “The attacker(s)’ IP addresses examined here trace back in at least several instances to Hainan Island,” researchers wrote. Later, Rafal Rhozinski, one of the report’s authors and chief executive of The SecDev Group, told the U.S-China Commission in testimony there was “a high degree of certainty that the attackers were located in Hainan Island, China.”

A commission member, Larry Wortzel, said that he has not seen confirmation of attacks originating in Hainan but there is no question about the involvement of the Chinese military in cyber espionage against the United States. “China has one of the most sophisticated and well-manned cyber operations around the world,” Wortzel said in response to questions. “And the effort is supported by what seems to be a well-thought through military doctrine consistent with China’s military structure and capabilities.”

“This is a reasonable and sensible conclusion based on decades of knowledge and work on the domestic politics of China and the workings of China’s government, the People’s Liberation Army, intelligence and security services and the Communist Party,” according to Wortzel, who recently wrote in the Federal Times that at least 43,785 reported incidents cyber intrusions were directed at the U.S. Defense Department alone in just the first half of 2009

China’s efforts to steal U.S. secrets, however, are not confined to the realm of computers. Cyber espionage is part of an unprecedented wave of espionage at large against the United States. Chinese intelligence agencies have begun to change tactics, including recruiting Americans, as well as sifting huge amounts of digital information. In the first three quarters of 2009, the U.S. Justice Department prosecuted 9 espionage cases involving spying for China and the Customs Department is investigating 540 cases of potentially illegal technology transfers to China.

Intelligence-gathering and military modernization is the normal business of governments around the world, particularly in peacetime. China’s military would not be doing its job if it wasn’t trying to steal secrets and train for conflict; the United States maintains a massive offensive cyber war capability as well and recently established a unified military command.

However, the price of China’s cyber-spying is high. By one estimate it costs at least $200 billion to the United States alone annually — a cost borne by both taxpayers and shareholders. Yet the national security cost is the highest price tag of all, particularly as the Chinese military focuses on attempting to cripple U.S. forces in case of an armed conflict.

There are plenty of warnings: The U.S.-China Commission provides a roadmap for both Congress and the administration to follow, in tracking the PLA’s cyber espionage and offensive warfare capabilities and dealing with them. Cyber espionage may not be as spell-binding as the Russian spy ring. But right now China’s cyber spying is far more damaging to U.S. national security.

http://www.vancouversun.com/technology/just+Russians+spying/3228905/story.html

June 10 (Bloomberg) — South Korea said a government website was attacked yesterday from Internet addresses in China. The report comes amid concerns that North Korea is mounting cyber attacks in response to international pressure over the sinking of a South Korean warship in March.

The attacks took place between 8:20 p.m. and midnight, the Ministry of Public Administration and Security said in a statement posted on its website today. The ministry blocked access after spotting the intrusions, and a probe is being conducted with related government offices, it said.

North Korea’s postal ministry was the source of similar cyber attacks last July that sought to cripple dozens of websites in South Korea and the U.S., the JoongAng Ilbo reported in October, citing Won Sei Hoon, the director of the South’s spy agency.

Tensions have risen on the Korean peninsula since an international panel concluded on May 20 that the North was behind a torpedo attack that sank the Cheonan warship, killing 46 of the South’s sailors. South Korea’s President Lee Myung Bak vowed to make the North pay for the sinking, prompting counter threats of “all-out war” from the North.

Lee has taken the case to the United Nations Security Council, backed by the U.S. and Japan. North Korea has threatened to retaliate over any punitive action taken against it, and says the allegations are fabricated.

Plugging Holes

Since the sinking, Lee and other South Korean government officials have called for a review of military strategy to address weaknesses in the nation’s defense. U.S. officials also said they plan to work with South Korea to help it plug holes in its defensive capabilities, according to a report in the New York Times.

The Cheonan was sunk by a mini-submarine, according to the international panel’s report. North Korea possesses about seven times as many submarines as the South, according to the government in Seoul. The U.S. Army says North Korea maintains the world’s biggest special operations force, with more than 80,000 personnel to conduct “asymmetric attacks against a range of critical civilian infrastructure and military targets,” according to the June 2009 U.S. Forces Korea Strategic Digest.

South Korean Defense Minister Kim Tae Young yesterday said North Korea was focusing on cyber-attacks and added that November’s summit of leaders from the Group of 20 countries in Seoul may also be targeted, Korea Times reported.

‘Denial of Service’

Yesterday’s attackers used a tactic called “distributed denial of service,” attempting to crash websites by flooding them with data, the government said. The intrusions were made from 120 Internet-protocol addresses, it said. The targeted website provides information on administrative services and government policies.

South Korea last July blocked five Internet addresses to help end cyber attacks that sought to cripple dozens of websites in the nation and the U.S. The UN Security Council imposed sanctions on North Korea in May 2009 after the country carried out a second nuclear test.

An estimated 20,000 computers were infected in that attack by the same tactic. Websites based in the U.S., South Korea, Germany, Austria and Georgia may have spread malicious code, the Korea Communications Commission said at the time.

The South Korean presidential Blue House, the Foreign Ministry, the Defense Ministry, the Ministry of Public Administration and Security, and the intelligence service were targeted in last year’s attack. Access to their sites closed down temporarily and resumed hours later.

In the U.S., the departments of state, treasury and transportation were hit, as well as NYSE Euronext, the world’s largest owner of stock exchanges.

–Editors: Ben Richardson, Mark McCord.

To contact the reporter on this story: Saeromi Shin in Seoul at sshin15@bloomberg.net.

To contact the editor responsible for this story: Linus Chua in at lchua@bloomberg.net.

http://www.businessweek.com/news/2010-06-10/south-korea-says-cyber-attacks-came-from-china-sites-update1-.html

AUSTRALIAN corporations are increasingly being targeted by cyber attacks from unknown parties in China, and as yet there is no effective defence.

The attacks come as cyber warfare intensifies globally, and as the Australia-China relationship stabilises after a turbulent 2009, including debate about Chinese investment, the arrest of Rio Tinto executive Stern Hu and the visit of Uighur leader Rebiya Kadeer. On Friday, Prime Minister Kevin Rudd will deliver an address at the Australian National University on the subject of “Australia and China in the world”.

Google has become the first major corporate victim of cyber attacks to speak out on the issue, as it pulled out of China.

The New York Times revealed yesterday that cyber-intruders stole “one of Google’s crown jewels”, the Gaia password system that controls access by millions of international users to almost all of Google’s web services. Last week the Optus network in Australia came under a denial of service (DOS) attack from China for about two hours, hitting a number of clients.

Jose Nazario, manager of security research at Arbor Networks in the US, said afterwards: “At this point, it’s rare to see countries filing complaints, formal or informal, over this sort of attack.”

So far, only the US has tackled China head-on over the cyber warfare issue. Mr Nazario said India and South Korea had complained about attacks from China, but not through official diplomatic channels.

In 2007, Estonia complained to Russia about cyber attacks.

Mr Nazario said in a paper for Britain’s parliament: “Previously, DOS attacks were designed to inflict punitive damage on the victim, but have since grown into sophisticated censorship tools.

Britain’s Government Communications Headquarters has reported that “the greatest threat of electronic attack to the UK comes from state actors”, especially Russia and China.

BHP-Billiton has always run its marketing operation out of Singapore, and Rio Tinto followed suit for its iron ore sales after the arrest of Hu and his Chinese colleagues last year.

Commercial espionage — or concern about it — has become so pervasive in China that international companies fly China-based staff overseas for especially sensitive conference calls.

http://www.theaustralian.com.au/news/nation/australian-firms-fear-beijings-cyber-tentacles/story-e6frg6nf-1225856142427

BEIJING — In what appears to be a coordinated assault, the e-mail accounts of more than a dozen rights activists, academics and journalists who cover China have been compromised by unknown intruders. A Chinese human rights organization also said that hackers disabled its Web site for a fifth straight day.

The infiltrations, which involved Yahoo e-mail accounts, appeared to be aimed at people who write about China and Taiwan, rendering their accounts inaccessible, according to those who were affected. In the case of this reporter, hackers altered e-mail settings so that all correspondence was surreptitiously forwarded to another e-mail address.

The attacks, most of which began last Thursday, occurred the same week that Google angered the Chinese government by routing Internet search engine requests out of the mainland to a site in Hong Kong. Google said the move was prompted by its objections to censorship rules and by a spate of attacks on Google e-mail users that the company suggested had originated in China.

Those cyberattacks, which began as early as last April, affected dozens of American corporations, law firms and individuals, many of them rights advocates critical of China’s authoritarian government.

The victims of the most recent intrusions included a law professor in the United States, a Uyghur exile in Sweden, an analyst who writes about China’s security apparatus and several print journalists based in Beijing and Taipei, the capital of Taiwan.

“It’s very unsettling,” said Clifford Coonan, a correspondent for The Irish Times and Variety magazine whose e-mail account was rendered inaccessible last week after Yahoo detected that someone had gained access to it remotely. “You can’t help but wonder why you’ve been targeted.”

Dilxat Raxit, a spokesman for the World Uyghur Congress, an organization that seeks greater autonomy for China’s Xinjiang region, said many of the e-mail messages in one of his two Yahoo accounts appeared to have been read when he logged on in recent weeks. The other account, he said, had been inaccessible for a month.

Mr. Raxit also said that he was unable to reach three Uighur friends in China with whom he previously corresponded frequently. ‘‘I’m 100 percent I’ve been hacked,” he said from Sweden. ‘‘I’m angry at the Chinese, but I blame Yahoo for allowing this to happen.”

In an e-mail exchange, Dana Lengkeek, a Yahoo spokeswoman, declined to discuss the incidents, citing company policy. “We are committed to protecting user security and privacy and we take appropriate action in the event of any kind of breach,” Ms. Lengkeek said.

Kathleen McLaughlin, an American freelance journalist in Beijing who sits on the board of the Foreign Correspondents’ Club of China, said the group has confirmed that 10 journalists, including herself, had their accounts compromised.

Like the others, said she received a message from Yahoo on Thursday indicating that her account had been disabled because, according to an automated message, “we have detected an issue with your account.”

She said she contacted Yahoo but has yet to receive an explanation of what happened. “Someone is clearly targeting journalists,” she said. “It makes me feel very uncomfortable.”

Yahoo, which in 2005 sold its China operations to the Chinese e-commerce company Alibaba, has faced criticism for cooperating with government security officials in the past. In 2004, Yahoo turned over data that officials used to help prosecute several dissidents. One, a journalist named Shi Tao, was later given a 10-year sentence for leaking a secret propaganda directive.

Although the company owns a 39 percent stake in Alibaba, Ms. Lengkeek, the Yahoo spokeswoman, stressed that Yahoo no longer has operational control over the China business.

Unlike services offered by Google and Microsoft, emails sent through Yahoo’s Chinese domain, .cn, are stored on local servers and subject to Chinese law, a factor that has driven some privacy-conscious users away from Yahoo’s e-mail services.

Computer security experts say infiltration of Yahoo’s e-mail service once again highlights the challenges that Internet companies face in protecting their customers from hackers.

Paul Wood, a senior analyst at the Symantec Corporation, said a growing number of malignant viruses were tailored to specific recipients, with the goal of tricking them into opening attachments that would insert malware onto their computers. Mr. Wood said his company, which designs anti-virus software, now blocks about 60 such attacks each day, up from 1 or 2 a week in 2005. “They’re very well crafted and extremely damaging,” he said.

A report issued by Symantec on Monday found that nearly 30 percent of attacks originated from computers in China; about 20 percent of those came from Shaoxing, a relatively obscure city in Zhejiang Province previously known for winemaking.

Mr. Wood and other experts point out that attacks appearing to come from a certain location can just as easily be emanating from computers infected with botnets, a virus that allows them be controlled remotely by other computing systems.

It is this kind of rogue software that is probably responsible for crippling the Web site of Chinese Human Rights Defenders, a group that has been an assertive critic of China’s human rights violations. Since last Thursday, the group’s Chinese-language site has been overwhelmed by hackers flooding it with junk requests, a tactic known as denial of service. Although the site has been attacked before, the attacks did not last more than a few hours.

Renee Xia, the international director for the human rights group, said the assault began the same day the American company that is host to its site, Go Daddy, announced that it would stop registering domain names in China. “Maybe it’s a coincidence, but we don’t think so,” Ms. Xia said.

Google Finds New Cyberattack

SAN FRANCISCO — Google said Tuesday that it had discovered a cyberattack aimed at Vietnamese Internet users around the world. The attack was less sophisticated than those that originated in China and appeared to be aimed at Chinese human rights activists.

Google said the attack may have infected the computers of tens of thousands of people who downloaded Vietnamese keyboard language software.

This article has been revised to reflect the following correction:

Correction: April 7, 2010

An article last Wednesday about an apparently coordinated hacking assault on the Yahoo e-mail accounts of a dozen rights advocates, academics and journalists who cover China included three errors. A 2005 transaction between Yahoo and Alibaba, a Chinese e-commerce company, that gave Alibaba control of Yahoo’s China operations was a sale — not a merger. The year that Yahoo turned over data that Chinese officials used to help prosecute several dissidents was 2004, not 2006. And local Chinese service providers — not Yahoo — maintain the servers in China used to store emails sent through Yahoo’s Chinese domain, which are considered relatively vulnerable to intrusions and have driven privacy-conscious Chinese away.

A version of this article appeared in print on March 31, 2010, on page A8 of the New York edition.

The e-mail accounts of eight foreign journalists working in China and Taiwan were hacked recently, leading Yahoo to suspend several of the accounts last week, the Foreign Correspondent’s Club of China (FCCC) said Wednesday.

“We have confirmed eight cases in which journalists in China and Taiwan have had their e-mail accounts hacked in recent weeks, with several accounts disabled by Yahoo on March 25,” the FCCC said in an e-mail sent to members.

Among the hacked e-mail accounts, the settings of one account were also modified to forward all e-mails to another e-mail address, it said.

“Yahoo has not answered the FCCC’s questions about the attacks, nor has it told individual mail users how the accounts were accessed. Password security and malware are ongoing concerns, but it’s unclear whether they are related to this case,” the group said.

The FCCC warned members to change their e-mail passwords and advised them to use other means of communication for arranging interviews or other “sensitive business.”

Yahoo was not immediately available to comment.

While there is no evidence linking the hacked e-mail accounts and the Chinese government, the FCCC warning highlights growing concern over the e-mail surveillance of individuals generally viewed with suspicion by the Chinese government, including human rights activists and foreign journalists working in China.

Earlier this month, foreign journalists in China were the target of a sophisticated e-mail malware attack. E-mails in that attack appeared to originate from the Shanghai World Expo press office and contained a malicious PDF attachment. The attack seemed to target foreign journalists registered to cover the Expo, which opens on May 1.

In addition, a sophisticated attack from China that targeted the Gmail accounts of Chinese human rights activists in December led Google to close down a censored version of its search engine in China, redirecting users to an uncensored site in Hong Kong instead.

Circumstantial evidence also implicated China in a computer spying network, dubbed GhostNet, that touched users in 103 countries and was used to transfer data to servers in China. The network was discovered in 2009 after researchers were asked to examine computers in offices of the Dalai Lama in India, the U.S. and the U.K. The computers that comprised GhostNet are believed to have been infected by malware in e-mail attachments sent to specific individuals.

The Dalai Lama is viewed with deep suspicion by the Chinese government, which accuses him of working for Tibetan independence.

http://www.pcworld.com/businesscenter/article/192990/email_accounts_of_foreign_journalists_in_china_hacked.html

Beijing, China (CNN) — There’s no reason China’s spat with Internet search giant Google should hurt relations with the United States, China’s foreign ministry said Tuesday.

A day earlier, Google announced that it had stopped censoring search results in China.

“The Google incident is just an individual action taken by one company. I can’t see it having any impact on Sino-U.S. relations, unless someone wants to politicize it,” foreign ministry spokesman Qin Gang said Tuesday. “It is not the image of China that has been undermined, rather it is that of Google.”

Google’s announcement came amid speculation that the search giant would pull out of China entirely.

In a post on its official blog, Google said it stopped running the censored Google.cn service on Monday and was routing its Chinese users to an uncensored version of Google based in Hong Kong. The special administrative region offers more freedom than mainland China.

“We want as many people in the world as possible to have access to our services, including users in mainland China, yet the Chinese government has been crystal clear throughout our discussions that self-censorship is a non-negotiable legal requirement,” Senior Vice President David Drummond, Google’s chief legal officer, said on the blog.

Google hopes the move “will meaningfully increase access to information for people in China,” Drummond wrote.

“We very much hope that the Chinese government respects our decision, though we are well aware that it could at any time block access to our services,” he added.

Google said it would monitor whether access to the site is blocked in mainland China.

Early reports from China suggested that the government was already restricting access to Google’s Hong Kong-based site, said Eddan Katz, international affairs director of the Electronic Frontier Foundation.

“We’ve already heard indications that visitors to Google.hk are getting ‘can’t find page’ errors,” said Katz, whose group promotes free speech online.

The company on Monday also launched a dashboard page, which it promises to update daily, that will show which Google services are available in China. According to the page, YouTube, Google Sites and Google’s Blogger apps were blocked Monday afternoon.

Observers said Google’s actions amount to a withdrawal from China and highlights expectations that the government will censor search results.

Ron Deibert, director of the Citizen Lab at the University of Toronto’s Munk Centre, which studies the intersection of digital policy and human rights, said Google’s move didn’t come as a surprise.

“It’s become unsustainable for Google to operate in this environment,” he said. “They’ve made a decision that the risks are too great for them, so they’re going to pull out.”

Google launched Google.cn in 2006. That enterprise prompted complaints that the company was sacrificing Web freedoms by complying with Chinese censorship in return for access to a huge market.

The company, whose slogan is “Don’t be evil,” countered that operating in limited form gave Chinese users more information than than they would have had otherwise. Google also hoped its presence would advance online freedom in China.

In January, Google announced that the company and at least 20 others were victims of a “highly sophisticated and targeted [hacking] attack” originating in China in mid-December, evidently to gain access to the e-mail accounts of Chinese human rights activists.

The company said the attacker or attackers gained access to the header — or subject-line information — from the e-mails of two human rights activists through the Google network.

Google-China move hurts businesses, academics

In a speech on Internet freedom and security in January, U.S. Secretary of State Hillary Clinton urged China to investigate such attacks and accusations of government involvement, saying they raised “very serious concerns.”

China rejected the claims.

“Accusation that the Chinese government participated in [any] cyber attack, either in an explicit or inexplicit way, is groundless and aims to denigrate China,” the official Xinhua News Agency quoted a spokesman for the Ministry of Industry and Information Technology as saying. “We are firmly opposed to that.”

As a result of the attack, Google said, it was no longer willing to abide by the filters that the Chinese government demanded.

Briefly afterward, Google.cn was retrieving results for sensitive topics, including the 1989 crackdown at Tiananmen Square, the Dalai Lama and the banned Falun Gong spiritual movement. But about a day later, search results appeared to return to normal.

It’s not just China — Google censors results elsewhere, too

Advocates of Internet freedoms cheered Google’s move Monday.

“It demonstrates that a company like Google, with the business stakes in a market as large as China, can make the decision that free and open Internet is a better business alternative and a better ethical choice for its users,” Katz said.

Internet users gravitate toward sites with unrestricted information, he said. “This is an example of how the genie can’t be put back in the bottle.”

Deibert, who co-founded the OpenNet Initiative, said China might go further as a next step: blocking all outside search engines from accessing Web information in the country.

“If such a radical measure happens, that would have major implications for cyberspace as a whole,” he said. “It would point to a more regionalized Internet” and perhaps embolden countries such as Iran to follow suit, Deibert said.

Google.cn is the preferred search tool for about 13 percent of Chinese Web users, according to a state-sponsored survey. Baidu.com, a government-friendly Chinese search engine, dominates mainland China with about 77 percent of users, the survey said.

Google’s announcement had been widely anticipated. Internet companies operating in China face a March 31 deadline to renew licenses to do business there, according to the Beijing Communications Administration.

The blog post by Drummond said Google plans to continue research and development work in China and to maintain a limited sales presence there.

In an apparent attempt to protect Google employees in China, the post said the decision was made by Google’s top brass in the United States.

“Despite all the uncertainty and difficulties they have faced since we made our announcement in January, [Google's China employees] have continued to focus on serving our Chinese users and customers,” the blog said. “We are immensely proud of them.”

http://edition.cnn.com/2010/TECH/03/23/google.china/index.html

On January 12, we announced on this blog that Google and more than twenty other U.S. companies had been the victims of a sophisticated cyber attack originating from China, and that during our investigation into these attacks we had uncovered evidence to suggest that the Gmail accounts of dozens of human rights activists connected with China were being routinely accessed by third parties, most likely via phishing scams or malware placed on their computers. We also made clear that these attacks and the surveillance they uncovered—combined with attempts over the last year to further limit free speech on the web in China including the persistent blocking of websites such as Facebook, Twitter, YouTube, Google Docs and Blogger—had led us to conclude that we could no longer continue censoring our results on Google.cn.

So earlier today we stopped censoring our search services—Google Search, Google News, and Google Images—on Google.cn. Users visiting Google.cn are now being redirected to Google.com.hk, where we are offering uncensored search in simplified Chinese, specifically designed for users in mainland China and delivered via our servers in Hong Kong. Users in Hong Kong will continue to receive their existing uncensored, traditional Chinese service, also from Google.com.hk. Due to the increased load on our Hong Kong servers and the complicated nature of these changes, users may see some slowdown in service or find some products temporarily inaccessible as we switch everything over.

Figuring out how to make good on our promise to stop censoring search on Google.cn has been hard. We want as many people in the world as possible to have access to our services, including users in mainland China, yet the Chinese government has been crystal clear throughout our discussions that self-censorship is a non-negotiable legal requirement. We believe this new approach of providing uncensored search in simplified Chinese from Google.com.hk is a sensible solution to the challenges we’ve faced—it’s entirely legal and will meaningfully increase access to information for people in China. We very much hope that the Chinese government respects our decision, though we are well aware that it could at any time block access to our services. We will therefore be carefully monitoring access issues, and have created this new web page, which we will update regularly each day, so that everyone can see which Google services are available in China.

In terms of Google’s wider business operations, we intend to continue R&D work in China and also to maintain a sales presence there, though the size of the sales team will obviously be partially dependent on the ability of mainland Chinese users to access Google.com.hk. Finally, we would like to make clear that all these decisions have been driven and implemented by our executives in the United States, and that none of our employees in China can, or should, be held responsible for them. Despite all the uncertainty and difficulties they have faced since we made our announcement in January, they have continued to focus on serving our Chinese users and customers. We are immensely proud of them.

Posted by David Drummond, SVP, Corporate Development and Chief Legal Officer

TERRORISTS are about to vent their fury on Australia with an attack that will reveal a diabolical new dimension to the terrorist threat. In a prelude designed to cripple the country’s defences, an all-out cyber assault is unleashed.

First, the Defence Department’s internal communications system is paralysed by botnets, networks of thousands of zombie computers, hijacked in cyberspace and now remote-controlled by the enemy. Next, radar stations are jammed to give foreign aircraft unrestricted access to Australian airspace. Fighter jets deployed by the Australian air force are electronically commandeered by firewall-penetrating software injected in advance into their avionics systems. Maritime defences are immobilised by electronic interference that confounds the ships’ communication systems. Communication links with the fleet are in enemy hands when all the satellite transponders are hijacked.

A hypothetical such as this, once the stuff of futuristic Hollywood fiction, is being seriously envisaged by strategic analysts, who see the risk of cyber attack as the most disturbing new threat to national security.

Australia’s leading electronic spy agency, the Defence Signals Directorate, says cyber threats posed by terrorists, malicious hackers and organised criminals are “huge and multiplying”.

“Online is the new front line,” DSD warns in its latest assessment of the cyber threat. Its director Ian McKenzie told a recent security conference that if there were a Billboard list for national security, cyber attack would be “going up the charts with a bullet”.

The attack scenario above is laid out in a new book, Australia and Cyber-Warfare, by Des Ball of the Strategic and Defence Studies Centre in Canberra, retired air commodore Gary Waters and national security consultant Ian Dudgeon. Their point is that not only Australia’s civilian IT networks but also the defence force’s command, control, communications, intelligence, surveillance and reconnaissance systems “are at great risk if they are not adequately defended”. They argue Australia has been a laggard in responding to the multiple threats.

When Defence Minister John Faulkner opened the new Cyber Security Operations Centre at DSD headquarters in Canberra in January, he declared cyberspace was a battlefield. He revealed there had been an average of 200 cyber invasion attempts against Defence computers last year, plus another 220 attacks on other government networks.

The cyber warfare scenario is not as far-fetched as it may seem. Cyber assaults have been used already as a prelude to conventional military offensives.

In 2008, as the former Soviet republic of Georgia was preparing to invade the breakaway region of South Ossetia, cyber attackers commandeered Ossetian news websites. Ossetians blamed Georgia for trying to cover up news of its invasion. A series of counter-strikes then took out key Georgian sites, including those of its President, parliament and national bank. The Russian government was widely blamed for the attacks but denied it.

Last August The New York Times reported that in 2003 the Pentagon and US intelligence agencies planned a cyber strike to cripple the Iraqi financial system before the US sent its troops into Iraq. The attack would have frozen billions of dollars in Saddam Hussein’s accounts, leaving him unable to buy war supplies or pay his troops. “We knew we could pull it off, we had the tools,” a former Pentagon official told the paper. It was abandoned because the Bush administration feared it would cause worldwide financial havoc.

The theft of military technology has been a motivator for some of the most audacious cyber attacks. As Ball and his co-authors outline, China has been the main offender. In December 2007, The New York Times reported that Chinese hackers had stolen data from a US nuclear weapons laboratory in Tennessee. During 2007-08, more than 80,000 attempted attacks on US Defence Department computers were reported, along with another 13,000 on other federal agencies.

Cyber warfare units in the Chinese People’s Liberation Army have penetrated the Pentagon’s internal internet router and designed software to disable it in the event of a conflict, Ball and co report. In January, US media outlets cited a classified FBI report indicating China has enlisted an army of 180,000 cyber-spies that “poses the largest single threat to the United States for cyber-terrorism and has the potential to destroy vital infrastructure, interrupt banking and commerce, and compromise sensitive military and defense databases”.

In Australia, Faulkner says a series of “sophisticated cyber intrusions” have occurred, some of them successful. In its last annual report, ASIO revealed it had found evidence of hostile intelligence services using the internet to appropriate confidential Australian government and business information. ASIO chief David Irvine describes internet-enabled espionage as “a rapidly growing threat to the national interest”.

The ease with which hackers can penetrate the government’s cyberspace was revealed when online vandals went on the attack over the Rudd government’s internet filtering legislation. Last September, the self-styled internet vigilante group known as Anonymous shut down the Prime Minister’s website by bombarding it with millions of simultaneous requests for information. Last month it struck again, taking over the PM’s site, plastering it with pornography and re-badging it as Operation Titstorm: A part of Operation Internet Freedom.

Operations such as these are known as denial-of-service attacks, when assailants cripple a site by overloading it with communications. During Operation Titstorm, the federal parliament website was made to crash when it was hit by 7.5 million requests for information a second. The government confirmed afterwards that the Cyber Security Operations Centre knew the attack was coming but was unable to stop it.

In the most recent attack of this kind in Australia, visitors to the National Gallery of Victoria website at the weekend were greeted by a message from “One Turk Against The World . . . 1923Turk-Grup Turkish Cyber Attack and Defance Army” [sic].

Denial-of-service attacks are carried out by botnets, networks of robot-like computers that have been hijacked by being infected with malicious software – known as malware – that allows them to be taken over and remotely controlled. The software is typically inserted in drive-by downloads, using rogue email attachments or web links opened by unwitting PC owners. Unbeknown to them, their computers then become part of a phalanx of nodes controlled by bot-herders using nicknames such asMarshviperX, to carry out denial-of-service assaults, spam attacks or online fraud schemes.

Several mass botnets have been exposed. Dutch cyber police shut down a network that had 1.5 million zombie computers and servers under its control. The largest existing botnet, known as Srizbi, has 450,000 computers at its command and is capable of sending out 100 billion spam messages a day. American computer scientist Vinton Cerf, who is often credited with inventing the internet, says botnets are spreading like a pandemic and up to a quarter of all PCs linked to the internet may be part of a botnet.

Events such as the commandeering of the PM’s website are largely nuisance attacks by issue-motivated groups or individuals, designed to gain publicity and make a political point: the equivalent of an “electronic poke in the eye”, according to cyber-crime consultant Alastair McGibbon, a former Australian Federal Police agent and founder of the Australian High Tech Crime Centre. A far more worrying use of botnets is for grand-scale information and identity theft. In one case last year, the NSW government’s job site was hacked and raided.

“It appears that people who were uploading their CVs and applying for government jobs had their identities stolen, or at least, they could have had their identities stolen; all their credentials [were] captured by the people who got into that site,” McGibbon says.

Many computer users are unwittingly making themselves targets for identity theft through social networking sites such as Facebook. The AFP’s high tech crime group recently conducted a trial among a group of Facebook users and found that 98 per cent of them had put enough information on their personal pages to allow their identities to be stolen.

Another significant issue is an explosion of online fraud. In the US, 28-year-old Miami man Alberto Gonzalez was indicted late last year over the world’s largest credit card theft after stealing the credit and debit card details of 130 million people by hacking into chain stores such as 7-Eleven. In Australia, online florist Roses Only and the Sydney Opera House are among the many businesses whose customers have been likewise targeted. In both cases it is likely that the victims not only had their banking and personal details stolen but that, unknown to them, their computers were recruited into botnets.

McGibbon says cyber crime has grown “from a cottage industry to a factory production line”. The cyber-thieves have portals on the internet where criminals sell or exchange the information they have stolen. McGibbon says the price of stolen identities and credit cards has recently plunged because so many of them are for sale.

With more than a billion internet users globally, 32 million new domains being added annually and the national broadband network about to deliver 100 megabits of data per second to 90 per cent of Australia’s population, the cyber threat can only grow. It will be compounded by the advent of so-called cloud computing. In five or 10 years, it’s predicted, all small and medium computer users will be “on the cloud”, with their information stored remotely in cyberspace rather than on their own hard drives, and thus even more vulnerable.

Cyber strategists can only imagine what the future holds. Raymond Choo, a cyber crime research analyst at the Australian Institute of Criminology, predicts the next wave will include targeted attacks aimed at specific government agencies, organisations and individuals. He says energy and water supplies could be vulnerable, as control systems that are increasingly linked to the internet are used to monitor power plants, oil and gas pipelines, chemical refineries and dams.

Insider threats to military and intelligence networks are also a concern. “Corrupt insiders could deliberately introduce vulnerabilities during the coding of in-house software that is used to manage sensitive military or intelligence networks,” Choo warns.

“This could allow politically or issue-motivated and state-sponsored actors to exploit the vulnerabilities and surreptitiously enter systems, gain control and launch online attacks via and against compromised systems.”

While they welcome the advent of the Cyber Security Operations Centre and its partner body the Australian Computer Emergency Response Team, experts say the government response has been too little, too late, and too reactive.

“There is a widening gap between the cyber security problem and our national capacity to deal with it,” McGibbon says.

More worryingly, the public remains complacent about the many threats. McGibbon says there is a need for mass public education, which should be treated like an urgent public health campaign.

“We need to be educating everyone, from the mum and dad users to the CEOs and chairmen of boards, about their responsibilities and the consequences of their actions. We need to look at this as not just a technical issue, we need to change public behaviour and take responsibility for protecting ourselves in the online space. This is not a science fiction discussion, this is the reality, and we need to be investing in it properly to reduce the likelihood of it happening.”

http://www.theaustralian.com.au/politics/terror-moves-into-the-digital-age/story-e6frgczf-1225841555397

In evidence to a Parliamentary committee, The Centre for the Protection of National Infrastructure, a Government agency, said that Government-backed hackers from China and Russia were behind a large proportion of the operations.

Their aim is to steal government, defence and technology information. Most large firms have been targeted and, in ”many cases”, the attacks have been successful.

Islamist terrorists are also behind attacks via the internet. Although their efforts are more limited, they are on the increase.

The scale of the attacks was disclosed in the annual report of the Intelligence and Security Committee (ISC).

The ISC warned the threat posed was ”a matter for concern” that needed to be given a high priority.

Work by GCHQ to tackle the problem had yielded ”tangible benefits”, it said.

But it was well below the capacity initially planned because of problems with the recruitment and retention of specialist staff.

”The potential threat posed to the UK Government, critical national infrastructure and commercial companies from electronic attack is a matter for concern,” the committee said.
”We have heard from our American and Canadian counterparts that they treat this threat very seriously, and we recommend that the UK accord it a similar priority and resources.”

GCHQ, based in Cheltenham, set up the Network Defence Intelligence and Security Team in 2008 to provide detection, analysis and investigation into electronic attacks.

The ISC said it had been informed of ”a number of tangible benefits, both in terms of practical emergency responses for government networks and developing a better understanding of the future threat”.

But it went on: ”Nevertheless, work to tackle the threat of electronic attack is about a third below the level planned.

”We have been told that the shortfall is because of the difficulties GCHQ has had in recruiting and retaining skilled internet specialists in sufficient numbers – although specialist recruitment campaigns have been set up to try and address this problem.”

The ISC said it had been unable to assess a new cyber security strategy introduced last summer. That includes a UK Office of Cyber Security (OCS) and a UK Cyber Security Operations Centre (CSOC) established in September.

In its response to the report – presented to the Prime Minister in December but published today – the Government said it agreed that the electronic threat was ”a matter for concern”.
It said the OCS and CSOC had been ”tackling early priority areas in support of the cyber security strategy”.

”OCS provides strategic leadership and cross-government coherence in this area, and CSOC co-ordinates significant cyber security incident response, enables a better understanding of attacks and provides improved advice and information about the risks,” the Government said.
”The Centre for the Protection of National Infrastructure (CPNI) also works closely with OCS and CSOC in this field. It provides advice to businesses and organisations across all sectors of the UK’s critical national infrastructure, helping to mitigate risk and reduce vulnerability to threats in the cyber domain.

”It also provides them with warnings, alerts and assistance in resolving serious IT security incidents.

”CPNI has a further ‘response’ function: it is available 24/7 to act as a reporting point for UK companies with concerns about potential national security threats, including cyber attack.”
The ISC also raised concerns about a decline in spending on counter-espionage, or hostile foreign activity (HFA), by MI5. Specific figures were redacted from the report.

The Security Service’s director general, Jonathan Evans, told the committee he would like to spend more on HFA but resisted ring-fencing the budget because of the need to be able to redirect resources quickly in response to specific threats.

He said: “I would like to do more on HFA, because I think there are unanswered questions out there and ones which are slow-burn rather than rapid problems, and if you ignore them for long enough they are likely to cause us problems.”

But he added that MI5′s resources need to “go where the operational demand is that day, and it’s very flexible and we can change it around by lunchtime if we need to”.

The ISC said: “We accept the view of the Security Service that ring-fenced funding would limit its operational flexibility.

“However, as we stated last year, we are still concerned that counter-espionage is not sufficiently resourced in light of the levels of hostile foreign activity in the United Kingdom.
“This is a serious threat that must not be overlooked.”