Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:00 AM
Gadi Evron
Gadi Evron
Connect Directly

Google/China Reality Check Amid The Fog Of Cyberwar

We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.

We've all heard about the Chinese attacks against Google by now. We've heard of Google's moral standing, how corporations now impact international relations, and how censorship is bad and freedom is good. However, some important questions lost in the fog of war need to be asked.Nobody knows for sure it was China that attacked Google and the other affected corporations, and if someone does, he or she is not saying so publicly. In fact, Google CEO Eric Schmidt told Newsweek that he has no clear evidence, but invites us to draw our own conclusions.

The evidence against China would be thrown out of any court of law, and just because we have grown comfortable in blaming China of attacks does not mean they are behind them.

The Chinese network is a hotbed of criminal activity used by criminals around the world to launch Internet attacks, which reduces the possibility of blaming any single attack coming from it as state-sponsored. However, it also raises the question of why such activity has been allowed to go on for so long.

Many networks around the world, including some inside the U.S., are just as abused by criminals. These have been shown to be used against nation-states in past attacks, such as with Estonia -- which I had the honor of writing the post-mortem analysis for -- and in Georgia last year.

Looking at the current incident, Google is a trustworthy and capable corporation. However, when making accusations one needs to provide proof. And "it feels like China" isn't good enough.

In the fog of war, with world news discussing the diplomatic implications for the U.S., Google's business and China's censorship, and applauding Google's moral stance, some important questions are left unanswered.

For some time now, cybercriminals have been winning the "war." Security professionals can write analyses of attacks, as well as mitigate specific attacks. But in nearly all instances we haven't been able to impact criminal operations. For some years, one of my beliefs has been that we should take the offensive in the fight against cybercrime.

For reasons ranging from the criminals' willingness to play a scorched Earth game to legal and ethical limitations, we must be careful to not start a war the Internet can't win. This means we can't use the criminals' weapons against them.

While reporting is vague, Google has supposedly broken into a server in Taiwan (unless information of working through Taiwanese authorities, or that someone else has done this for Google, becomes available). If this happened, then Google broke the law in order to defend itself from criminal activity. This should be legal, but it isn't. Google needs to disclose exactly what it has done. Ethics change, and morally I believe it is in the right. Our ethics just need to catch up.

Another question many of us should ask is about Microsoft and the Internet Explorer Web browser. It has been disclosed that a previously unknown software vulnerability (0day) in Internet Explorer was what attackers used. Exploit code enabling any criminal to make use of the vulnerability to attack has been made public, and in the past such events were followed further exploitation. But Microsoft initially planned to patch this vulnerability in February.

Only when Germany and France issued warnings to users to not use Internet Explorer, and ZERT considered releasing a third-party patch, did Microsoft say it would release an early patch.

While creating software updates is very complicated, and Microsoft is usually a responsible organization, not patching this type of vulnerability for a whole month as the default response is irresponsible and unethical. We should all call on Microsoft to act responsibly, and write our representatives and the press about it.

Microsoft should be commended for issuing an early patch; after all, it was far from easy. However, until such time as Microsoft announces a new policy on patching software vulnerabilities, it's in my opinion unsafe to continue using Internet Explorer for surfing the Web, so switch to one of the many alternatives, such as Mozilla's Firefox browser.

This targeted attack, while impressive, is no new threat. Security risk assessment should already include corporate espionage. An example for a targeted attack is the GhostNet incident, exposed last year by Canadian researchers, demonstrating in detail how such attacks work. As another, the public disclosure of German intelligence cyber-espionage operations, showed that indeed, everyone does it.

I call upon my fellow security professionals worldwide to refrain from creating fear when speaking of this incident. Computers are just the most recent weapon to be used for old motives -- espionage. Unlike cybercrime and cyberwar, it is well-recognized in law and in diplomacy, and it is not the security experts who should be called on for answers.

Follow Gadi Evron on Twitter: http://twitter.com/gadievron

Gadi Evron is an independent security strategist based in Israel. Special to Dark Reading. Gadi is CEO and founder of Cymmetria, a cyber deception startup and chairman of the Israeli CERT. Previously, he was vice president of cybersecurity strategy for Kaspersky Lab and led PwC's Cyber Security Center of Excellence, located in Israel. He is widely recognized for ... View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/6/2020
Russian Cyber Gang 'Cosmic Lynx' Focuses on Email Fraud
Kelly Sheridan, Staff Editor, Dark Reading,  7/7/2020
Why Cybersecurity's Silence Matters to Black Lives
Tiffany Ricks, CEO, HacWare,  7/8/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-07-08
NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges.
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
PUBLISHED: 2020-07-08
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
PUBLISHED: 2020-07-08
An OS Command Injection vulnerability in the PAN-OS GlobalProtect portal allows an unauthenticated network based attacker to execute arbitrary OS commands with root privileges. An attacker requires some knowledge of the firewall to exploit this issue. This issue can not be exploited if GlobalProtect...
PUBLISHED: 2020-07-08
The SIP module of some Huawei products have a denial of service (DoS) vulnerability. A remote attacker could exploit these three vulnerabilities by sending the specially crafted messages to the affected device. Due to the insufficient verification of the packets, successful exploit could allow the a...