龙信明 BLOG     Global Edition              Shanghai Diary     Watching China

Google, what exactly is the China connection for the phishing scare?

There is apparently none

From Venture Beat; June 2, 2011; Matt Marshall
  • Editor's Note:
  •  The accusations made by various media and US government personnel about the Lanxiang Vocational School appear to be simply a deliberate fabrication.

    The school does exist in Jinan. It is a vocational college that trains bakers and cooks, auto mechanics, hair stylists and manicurists. It also teaches computer courses but these are apparently not very currently popular due to the market saturation.

    The faculty members referred to in most Western media reports, do not actually exist. There were recently many references made to a Ukrainian computer expert teaching at the school, but such a person had never existed. The same was true with various named membes of the faculty or staff.

    As well, reports of founding, financing, and close ties to the Chinese military, are all unfounded; there is no evidence to support any of these claims. The closest connection is that some of the auto mechanic graduates had later enlisted in the military - which is hardly a surprise in any country.

    Google alleged in January 2010 that it suffered cyber attacks from inside China but has not presented any evidence so far. This time, in order to cater to the West's stereotyped image of China, Google listed "Chinese human rights activists" as victims, insinuating that the Chinese government was behind the cyber attacks although once again it did not provide any solid proof to support its statement. The conclusion is therefore reached that Google's accusation is groundless and bears ulterior motives.

    Google's repeated accusations that the email accounts of "Chinese human rights activists" were targeted, is most curious. If someone attacks the email accounts of Chinese individuals, how could Google possibly know that these accounts belong to "human rights activists"?

    There are only two responses to this question. Either Google does not know, and is deliberately inflaming the situation by making wild and unfounded accusations. Or, Google does know, in which case Google has been intercepting and reading emails emanating from China so as to identify any such individuals for the purpose of passing on that contact information to the CIA Department of Jasmine Revolutions. You decide which is more likely.

    This appears to have all been part of a deliberate program of misinformation, coordinated by the US State Department, and with Google's willing participation. It's all politics, folks; not real life.

    You can read much more here about Google's close connections (including staff transfers) to the CIA, the NSA, and the US State Department. Time to remove Google's Halo. You will also find many related articles in the "Internet" section of this website's Home Page.

  • End Note:

  • Yet another baseless accusation by Google and Hillary.
    When Google said yesterday that Jinan, China is the apparent origin of a worrying phishing attack against hundreds of people, including U.S government officials and Chinese human rights activists, it ignored at least two other attack sources referred by the expert who first called attention to that very attack.

    The question is why Google homed in on Jinan (a city whose name is politically charged because it is a regional command center for China’s military, the People’s Liberation Army) and left out some other potential sources, which a key expert says included Korea and New York.

    Jinan is also home to the Lanxiang Vocational School, which was the alleged source of a more serious cyberattack on Google in 2009, in which the attackers spied on human rights activists and which forced Google to pull out of China — this coming after years of tension-filled negotiations between Google and China to find a way to get along.
    So of course, when Google pinpoints Jinan as the apparent source, and provides no further back-up to its allegations, the assumption is that Google either thinks, or at least wants others to think, that this all stems from the same Chinese foes of the past, and maybe even from the Chinese government.

    Now, Google didn’t say it was orchestrated by Beijing, but you can see why the Chinese government thinks it’s being singled out.

    The truth is, we just don’t know why Google has focused on Jinan. But in light of the political sensitivity, it would be in Google’s interest to offer more details, if only to shield the company from criticism that it is playing hardball against China for political reasons, and suspicion that it hasn’t nailed down enough facts to back its assertion that this came from China.

    Here’s what we know: Mila Parkour, the Washington-based IT specialist at the security specialists Contagio Malware Dump who first spotted the attacks three months ago, and wrote about it here, documented a series of attacks from various locations. These also included Korea and New York.

    This has some other experts asking questions, including Mary Landesman, a respected senior security researcher at Cisco. I called her up to ask her point of view of the attacks, and she pointed out that the Contagio documentation alone is not enough to pinpoint Jinan as the source.

    “The Jinan, China connection seems to be coming from fact that some phishing emails were sent through 163.com,” she says, “but if that’s evidence, then I think it’s worth questioning. That’s a funny email for cyber [activity].” The domain 163.com may be based in Jinan, but that doesn’t mean that’s where the attack really originated.

    By way of explanation, if someone sends a phishing attack through a Gmail account, that doesn’t mean that the attack originated from Mountain View, California (the home of Google, which owns Gmail), she said.

    There’s a difference between tracking email headers and extracting origin, she added. Especially since the U.S government is taking such a keen interest in this (see Secretary of State Hilary Clinton’s tough words on this today, and given recent report that the Pentagon may respond to cyber warfare with military force), it’s worth asking: Where’s the evidence?

    The only real evidence contained in the Contagio report, Landesman added, is the spoofed Gmail page, which appears to have been lifted from Google Korea (more insight here about the techniques used). No one is saying Korea did it, but the attackers apparently forgot to change some links that pointed to Gmail Korea.

    Google isn’t commenting on the story right now beyond its original post, but we’ve checked in with our sources at the company, and they say Google is basing its Jinan reference on security intelligence gathered on its own. The company doesn’t want to reveal how this was done. Google’s post merely said it relied on “user reports” as well the original Contagio report.

    For now, we just don’t know, but because of the political ramifications, it sure would be helpful if Google were to reveal more facts.