People sympathetic to Google have been leaving flowers and candles at the… (Vincent Thian/associated…)
Computer attacks on Google that the search giant said originated in China were part of a concerted political and corporate espionage effort that exploited security flaws in e-mail attachments to sneak into the networks of major financial, defense and technology companies and research institutions in the United States, security experts said.
At least 34 companies -- including Yahoo, Symantec, Adobe, Northrop Grumman and Dow Chemical -- were attacked, according to congressional and industry sources. Google, which disclosed on Tuesday that hackers had penetrated the Gmail accounts of Chinese human rights advocates in the United States, Europe and China, threatened to shutter its operations in the country as a result.
Human rights groups as well as Washington-based think tanks that have helped shape the debate in Congress about China were also hit.
Security experts say the attacks showed a new level of sophistication, exploiting multiple flaws in different software programs and underscoring what senior administration officials have said over the past year is an increasingly serious cyber threat to the nation's critical industries.
"Usually it's a group using one type of malicious code per target," said Eli Jellenc, head of international cyber-intelligence for VeriSign's iDefense Labs, a Silicon Valley company helping some firms investigate the attacks. "In this case, they're using multiple types against multiple targets -- but all in the same attack campaign. That's a marked leap in coordination."
While it's difficult to say with certainty where a cyberattack originated because the Internet allows hackers to seemingly crisscross country borders and time zones in seconds, the issue is quickly turning into a source of diplomatic tension.
The standoff between Google and China touches on the most sensitive subjects in U.S.-China relations: human rights and censorship, trade, intellectual property disputes, and access to high-tech military technology.
"The recent cyber-intrusion that Google attributes to China is troubling, and the federal government is looking into it," White House spokesman Nick Shapiro said. He added that President Obama made Internet freedom "a central human rights issue" on his trip to China last fall.
Since it began operations in China five years ago, Google had agreed in theory to filter sensitive searches but clashed with the Chinese government on what material was covered, and the company regularly found its service blocked when it defied its hosts.
China's state media reported that the government is looking into Google's claims. In China, news about Tuesday's public rebuke by Google was heavily censored except for a stinging opinion piece in the official People's Daily that called the Silicon Valley tech giant a "spoiled child" and predicted that it would not follow through on its ultimatum.
The recent attacks seem to have targeted companies in strategic industries in which China is lagging, industry experts said. The attacks on defense companies were aimed at gaining information on weapons systems, experts said, while those on tech firms sought valuable source code that powers software applications -- the firms' bread and butter.
The attacks also focused on obtaining information about political dissidents.
"This is a big espionage program aimed at getting high-tech information and politically sensitive information -- the high-tech information to jump-start China's economy and the political information to ensure the survival of the regime," said James A. Lewis, a cyber and national security expert at the Center for Strategic and International Studies. "This is what China's leadership is after. This reflects China's national priorities."
Adobe, a software maker, confirmed on Wednesday that it learned of the attacks on Jan. 2 but said there was "no evidence to indicate that any sensitive information . . . has been compromised," while Symantec, which makes security software, said it is investigating to "ensure we are providing appropriate protection to our customers."
Dow Chemical said that it has "no reason to believe that the safety, security and intellectual property of our operations are in jeopardy." Yahoo and defense contractor Northrop Grumman declined to comment on the attack.
The attackers, experts said, followed the familiar "phishing" ruse: A recipient opens an e-mail that purports to be from someone he knows and, not suspecting malicious intent, opens an attachment containing a "sleeper" program that embeds in his computer. That program can be controlled remotely, allowing the attacker to access e-mail, send confidential documents to a specific address -- even turn on a Web camera or microphone to record what is going on in the room.
In many cases, a user does not know he has been the victim of an attack.