Posted by Tom Foremski - January 14, 2010
If you wanted to hack into a popular web service and collect data on its users what would be the best strategy?
Sprinkle a ton of infected links around the Internet that download spyware onto user computers then silently collect that data and analyze it?
Yes, you could do that. But here is a far better solution: Why not hack into a system that is already collecting data on users?
That's what the Chinese hackers did to Google. And when Google found out that it's internal spying system, its 'internal intercept" system, which automatically collects data on users so it can comply with the many search warrants it receives, was hacked by agents of the Chinese government, it went ballistic.
Here is IDG reporter Robert McMillan with a report:
...they [hackers] apparently were able to access a system used to help Google comply with search warrants by providing data on Google users, said a source familiar with the situation, who spoke on condition of anonymity because he was not authorized to speak with the press. "Right before Christmas, it was, 'Holy s***, this malware is accessing the internal intercept [systems],'" he said.
Google co-founder Larry Page called a meeting on Christmas Eve to assess the situation and decided that Google could walk away from China because of what happened.
Google was pissed that the Chinese hackers hacked into its internal spying system. Those hackers were trying to get data on ALL Google users, not just Chinese human rights activists.
Google exposed all of its users because it had an internal spying system.
One of my readers, Kimo Crossman, pointed out that "wiretapping systems increase attack vectors."
And this is very true. Wiretapping systems increase security risks because the target is perfect -- wiretap the wiretapper. That's the honeypot. Why buzz around collecting all that data when someone else has done it for you?
Google's 'internal intercept' system increased the risk of all Google user data being pirated. If it didn't exist it would be very hard for outsiders to collect it.
The irony that wiretapping systems increase security risk is interesting, and it makes perfect sense. But why is Google invoking 'human rights' as a pretext for possibly leaving China when it was embarrassed by its internal spying system being compromised . . . by other spies?