Home / Blogs

China Hacks Google, Etc.

Many news sources are reporting on how Google and other corporations were hacked by China.

The reports, depending on vendor, blame either PDF files via email as the original perpetrator, or lay most of the blame on an Internet Explorer 0day.

Unlike my colleagues (save for the ones reporting), I rather not discuss this too much before more data is available.

Regardless of what really happened, which I hope we will know more on later, these things are clear:

1. Unlike GhostNet, which showed an interesting attack, but unfortunately many of us jumped to conclusions without evidence that it was China behind them—based on Ethos alone I’d like to think that when Google says China did it, they know. Although being a commercial company with their own agenda, I am saving final judgment.

2. The 0day disclosed here shows a higher level of sophistication, as well as m.o. which has been shown to be used by China in the past.

3. If this was China, which some recent talk seems to make ambiguous, but still likely; they would have more than just one weapon in their arsenal.

4. This incident has brought cyber security once again to the awareness of the public, in a way no other incident since Georgia has succeeded, and to political awareness in a way no incident since Estonia has done.

Update: Text corrected as per comment below.

By Gadi Evron, Security Strategist

Filed Under


Ghostnet Report Ron Deibert  –  Jan 15, 2010 6:05 PM

Mr. Evron apparently has never read the Ghostnet report, or is misinformed.  Either way, what he says above about us drawing the conclusion that “China was to blame” is factually incorrect. 

On the contrary, we go to great lengths in our report to draw out alternative explanations, which can be found beginning on page 46:


I suggest you read the report, Mr. Evron, before you make such a misinformed statement.

Ron Deibert, Director, the Citizen Lab, Principal Investigator, Information Warfare Monitor.

Ron,You are absolutely right, I am wrong.In Gadi Evron  –  Jan 15, 2010 6:17 PM


You are absolutely right, I am wrong.
In fact, my respect for your work is exactly why you are mentioned as item #1, before the current incident.

What I wrote:
“1. Unlike GhostNet, which showed an interesting attack but jumped to conclusions without evidence that it was China behind them”

What was supposed to be written:
“.. an interesting attack, but unfortunately many of us jumped to conclusions without evidence that it was China behind them”, which is what I said at the time, and which also highlights the same thing happening now as I discuss in item #3.

I apologize for this error, and it will be corrected shortly. If such an unfortunate error occurs again, please drop me a line.

thanks Ron Deibert  –  Jan 16, 2010 2:12 AM

Mr Evron

Thanks for the explanation—I understand how this could happen and I appreciate the clarification.

Best wishes

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byVerisign


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

Brand Protection

Sponsored byCSC

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global