The deals between Silicon Valley and the security state.
In mid-December 2009, engineers at Google’s headquarters in Mountain View, California, began to suspect that hackers in China had obtained access to private Gmail accounts, including those used by Chinese human rights activists opposed to the government in Beijing. But when the engineers looked more closely, they discovered that this was no ordinary hacking campaign.
In what Google would later describe as “a highly sophisticated and targeted attack on our corporate infrastructure originating from China,” the thieves were able to get access to the password system that allowed Google’s users to sign in to many Google applications at once. This was some of the company’s most important intellectual property, considered among the “crown jewels” of its source code by its engineers. Google wanted concrete evidence of the break-in that it could share with US law enforcement and intelligence authorities.
So they traced the intrusion back to what they believed was its source — a server in Taiwan where data was sent after it was siphoned off Google’s systems, and that was presumably under the control of hackers in mainland China.
“Google broke in to the server,” says a former senior intelligence official who is familiar with the company’s response. The decision wasn’t without legal risk, according to the official. Was this a case of hacking back? Just as there’s no law against a homeowner following a robber back to where he lives, Google didn’t violate any laws by tracing the source of the intrusion into its systems. It’s still unclear how the company’s investigators gained access to the server, but once inside, if they had removed or deleted data, that would cross a legal line. But Google didn’t destroy what it found. In fact, the company did something unexpected and unprecedented — it shared the information.
Google uncovered evidence of one of the most extensive and far-reaching campaigns of cyber espionage in US history. Evidence suggested that Chinese hackers had penetrated the systems of nearly three dozen other companies, including technology mainstays such as Symantec, Yahoo, and Adobe, the defense contractor Northrop Grumman, and the equipment maker Juniper Networks. The breadth of the campaign made it hard to discern a single motive.
Was this industrial espionage? Spying on human rights activists? Was China trying to gain espionage footholds in key sectors of the U.S. economy or, worse, implant malware in equipment used to regulate critical infrastructure?
Google shared what it found with the other targeted companies, as well as U.S. law enforcement and intelligence agencies.
On January 12, 2010, Google’s chief legal officer, David Drummond, posted a lengthy statement to the company’s blog, accusing hackers in China of attacking Google’s infrastructure and he criticized the Chinese government for censoring Internet content and suppressing human rights activists.
Back at the State Department, officials saw a rare opportunity to put pressure on China for spying. That night Hillary Clinton issued her own statement. “We have been briefed by Google on these allegations, which raise very serious concerns and questions. We look to the Chinese government for an explanation,” she said. “The ability to operate with confidence in cyberspace is critical in a modern society and economy.”
As diplomatic maneuvers go, this was pivotal. Google had just given the Obama administration an opening to accuse China of espionage without having to make the case itself. Officials could simply point to what Google had discovered as a result of its own investigation.
On the day that Google’s lawyer wrote the blog post, the NSA’s general counsel began drafting a “cooperative research and development agreement,” a legal pact that was originally devised under a 1980 law to speed up the commercial development of new technologies that are of mutual interest to companies and the government.
The cooperative agreement and reference to a “tailored solution” strongly suggest that Google and the NSA built a device or a technique for monitoring intrusions into the company’s networks.
That would give the NSA valuable information for its so-called active defense system, which uses a combination of automated sensors and algorithms to detect malware or signs of an imminent attack and take action against them. One system, called Turmoil, detects traffic that might pose a threat. Then, another automated system called Turbine decides whether to allow the traffic to pass or to block it.
The government could command the company to turn over that information, and it does as part of the NSA’s Prism program, which Google had been participating in for a year by the time it signed the cooperative agreement with the NSA.
Google took a risk forming an alliance with the NSA. The company’s corporate motto, “Don’t be evil,” would seem at odds with the work of a covert surveillance and cyber warfare agency. But Google got useful information in return for its cooperation.
Source: EIN News / Dec. 4, 2014