Google has threatened to shut down its business in China. To date the big G has been censoring its data served to the global giant complying with Chinese law. However this decision has been under scrutiny due to an attack on its infrastructure that originated there in the later months of 2009.
It seems that Chinese government officials used a flaw in IE6 to hack into Gmail and other major Western company’s accounts in order to spy on citizens who were suspected of being “dissenters” who oppose the government of China, and anti-communist human rights activists. In what could be seen as a response to the attack, Gmail accounts are now HTTPS by default. Gmail has always given us the option to have our mail secured but now the option is to turn it off.
Microsoft has issued statements that urge people to upgrade to IE8. The exploited flaw in IE6 had something to do with an invalid pointer reference which could be accessed after an object was deleted under certain circumstances. In the right hands, the freed object can be used to execute remote code. Microsoft has admitted that both IE7 and IE8 are vulnerable to the same flaw, even on Windows 7. A patch was released recently which Microsoft claims will patch the hole though they also admitted that the malicious code can be hidden inside rigged MS Office documents. Still, several countries including France and Germany have urged citizens to abandon using IE altogether even though many have claimed that this could be a dangerous approach by instilling a false sense of security.
Google China is questioning employees but no details have been released. The attack was sophisticated; it involved a modification of a trojan called Hydraq. Analysts have reported that the sophistication in the attack was in knowing whom to attack, not the malware itself.
Google announced that it will no longer censor search results in China and in fact may even shut down Google.cn. The Chinese government is not backing down saying that Google must obey China’s laws and traditions. “Foreign enterprises in China need to adhere to China’s laws and regulations (and) respect the interests of the general public and cultural traditions and shoulder corresponding responsibilities. Google is no exception,” China, like most countries, uses the search engine for business and education however, they block all access to material deemed “subversive or pornographic,” including foreign sites that revolve around human rights groups. The White House supports Google’s stance but there was no indication other companies following its lead and challenging government controls. Microsoft and Intel have very large presences in China and I can definitely understand why they would not want jeopardize their relationships with the Chinese government.
Meanwhile, Google has postponed the launch of its Nexus One cell phone until this dispute concerning censorship is settled. I can’t even imagine the ramifications of a Google shut down in China. The number of businesses that rely on search, maps, and email is probably staggering and the cost of changing the way business is conducted is possibly in the billions nation wide.
Personally, as a web designer and developer, I have no choice but to love Google with all my heart. IE6 on the other hand has been a time sucking PITA for the last two years. As for the communist spies, if this exploit turns out to be the final nail in IE6’s coffin I will not complain.
February 2nd, 2010 at 4:39 pm
A similar story, that tweet site got broken into just 2 days ago. It appears no site is untouchable.