AddThis Social Bookmarking Sharing Button Widget
Cables Discuss Vast Hacking by a China That Fears the Web
Reuters
123
MARCH 10, 2010 | TAIYUAN, CHINA | Customers use computers at an Internet cafe. Cables document the Politburo’s near obsession with Chinese Internet users accessing politically delicate information.
By JAMES GLANZ and JOHN MARKOFF
Published: December 4, 2010
As China ratcheted up the pressure on Google to censor its Internet searches last year, the American Embassy sent a secret cable to Washington detailing one reason top Chinese leaders had become so obsessed with the Internet search company: they were Googling themselves.
State's Secrets
Day 7
Articles in this series will examine American diplomatic cables as a window on relations with the rest of the world in an age of war and terrorism.
Other Articles in the Series »
Related Documents
Chinese Government Singles Out Google
Chinese Press Controls Discussed
Chinese Warning about Google Earth
Cyber-Attacks and Other Security Threats
China's Ties to the World of Computer Hackers
Talk to the Newsroom
Editors and reporters are answering questions.
Send Questions
The May 18, 2009, cable, titled “Google China Paying Price for Resisting Censorship,” quoted a well-placed source as saying that Li Changchun, a member of China’s top ruling body, the Politburo Standing Committee, and the country’s senior propaganda official, was taken aback to discover that he could conduct Chinese-language searches on Google’s main international Web site. When Mr. Li typed his name into the search engine at google.com, he found “results critical of him.”
That cable from American diplomats was one of many made public by WikiLeaks that portray China’s leadership as nearly obsessed with the threat posed by the Internet to their grip on power — and, the reverse, by the opportunities it offered them, through hacking, to obtain secrets stored in computers of its rivals, especially the United States.
Extensive hacking operations suspected of originating in China, including one leveled at Google, are a central theme in the cables. The operations began earlier and were aimed at a wider array of American government and military data than generally known, including on the computers of United States diplomats involved in climate change talks with China.
One cable, dated early this year, quoted a Chinese person with family connections to the elite as saying that Mr. Li himself directed an attack on Google’s servers in the United States, though that claim has been called into question. In an interview with The New York Times, the person cited in the cable said that Mr. Li personally oversaw a campaign against Google’s operations in China but the person did not know who directed the hacking attack.
The cables catalog the heavy pressure that was placed on Google to comply with local censorship laws, as well as Google’s willingness to comply — up to a point. That coercion began building years before the company finally decided to pull its search engine out of China last spring in the wake of the successful hacking attack on its home servers, which yielded Chinese dissidents’ e-mail accounts as well as Google’s proprietary source code.
The demands on Google went well beyond removing material on subjects like the Dalai Lama or the 1989 Tiananmen Square massacre. Chinese officials also put pressure on the United States government to censor the Google Earth satellite imaging service by lowering the resolution of images of Chinese government facilities, warning that Washington could be held responsible if terrorists used that information to attack government or military facilities, the cables show. An American diplomat replied that Google was a private company and that he would report the request to Washington but that he had no sense about how the government would act.
Yet despite the hints of paranoia that appear in some cables, there are also clear signs that Chinese leaders do not consider the Internet an unstoppable force for openness and democracy, as some Americans believe.
In fact, this spring, around the time of the Google pullout, China’s State Council Information Office delivered a triumphant report to the leadership on its work to regulate traffic online, according to a crucial Chinese contact cited by the State Department in a cable in early 2010, when contacted directly by The Times.
The message delivered by the office, the person said, was that “in the past, a lot of officials worried that the Web could not be controlled.”
“But through the Google incident and other increased controls and surveillance, like real-name registration, they reached a conclusion: the Web is fundamentally controllable,” the person said.
That confidence may also reflect what the cables show are repeated and often successful hacking attacks from China on the United States government, private enterprises and Western allies that began by 2002, several years before such intrusions were widely reported in the United States.
At least one previously unreported attack in 2008, code-named Byzantine Candor by American investigators, yielded more than 50 megabytes of e-mails and a complete list of user names and passwords from an American government agency, a Nov. 3, 2008, cable revealed for the first time.
Precisely how these hacking attacks are coordinated is not clear. Many appear to rely on Chinese freelancers and an irregular army of “patriotic hackers” who operate with the support of civilian or military authorities, but not directly under their day-to-day control, the cables and interviews suggest.
But the cables also appear to contain some suppositions by Chinese and Americans passed along by diplomats. For example, the cable dated earlier this year referring to the hacking attack on Google said: “A well-placed contact claims that the Chinese government coordinated the recent intrusions of Google systems. According to our contact, the closely held operations were directed at the Politburo Standing Committee level.”
1 2 NEXT PAGE »
James Glanz reported from New York, and John Markoff from San Francisco. Andrew W. Lehren contributed reporting from New York.
Page 2 of 2)
The cable goes on to quote this person as saying that the hacking of Google “had been coordinated out of the State Council Information Office with the oversight” of Mr. Li and another Politburo member, Zhou Yongkang.” Mr. Zhou is China’s top security official.
State's Secrets
Day 7
Articles in this series will examine American diplomatic cables as a window on relations with the rest of the world in an age of war and terrorism.
Other Articles in the Series »
Related Documents
Chinese Government Singles Out Google
Chinese Press Controls Discussed
Chinese Warning about Google Earth
Cyber-Attacks and Other Security Threats
China's Ties to the World of Computer Hackers
Talk to the Newsroom
Editors and reporters are answering questions.
Send Questions
Readers' Comments
Share your thoughts.
Post a Comment »
Read All Comments (103) »
But the person cited in the cable gave a divergent account. He detailed a campaign to press Google coordinated by the Propaganda Department’s director, Liu Yunshan. Mr. Li and Mr. Zhou issued approvals in several instances, he said, but he had no direct knowledge linking them to the hacking attack aimed at securing commercial secrets or dissidents’ e-mail accounts — considered the purview of security officials.
Still, the cables provide a patchwork of detail about cyberattacks that American officials believe originated in China with either the assistance or knowledge of the Chinese military.
For example, in 2008 Chinese intruders based in Shanghai and linked to the People’s Liberation Army used a computer document labeled “salary increase — survey and forecast” as bait as part of the sophisticated intrusion scheme that yielded more than 50 megabytes of e-mails and a complete list of user names and passwords from a United States government agency that was not identified.
The cables indicate that the American government has been fighting a pitched battle with intruders who have been clearly identified as using Chinese-language keyboards and physically located in China. In most cases the intruders took great pains to conceal their identities, but occasionally they let their guard down. In one case described in the documents, investigators tracked one of the intruders who was surfing the Web in Taiwan “for personal use.”
In June 2009 during climate change talks between the United States and China, the secretary of state’s office sent a secret cable warning about e-mail “spear phishing” attacks directed at five State Department employees in the Division of Ocean Affairs of the Office of the Special Envoy for Climate Change.
The messages, which purport to come from a National Journal columnist, had the subject line “China and Climate Change.” The e-mail contained a PDF file that was intended to install a malicious software program known as Poison Ivy, which was meant to give an intruder complete control of the victim’s computer. That attack failed.
The cables also reveal that a surveillance system dubbed Ghostnet that stole information from the computers used by the exiled Tibetan spiritual leader, the Dalai Lama, and South Asian governments and was uncovered in 2009 was linked to a second broad series of break-ins into American government computers code-named Byzantine Hades. Government investigators were able to make a “tenuous connection” between those break-ins and the People’s Liberation Army.
The documents also reveal that in 2008 German intelligence briefed American officials on similar attacks beginning in 2006 against the German government, including military, economic, science and technology, commercial, diplomatic, and research and development targets. The Germans described the attacks as preceding events like the German government’s meetings with the Chinese government.
Even as such attacks were occurring, Google made a corporate decision in 2006, controversial even within the company, to establish a domestic Chinese version of its search engine, called google.cn. In doing so, it agreed to comply with China’s censorship laws.
But despite that concession, Chinese officials were never comfortable with Google, the cables and interviews show.
The Chinese claimed that Google Earth, the company’s satellite mapping software, offered detailed “images of China’s military, nuclear, space, energy and other sensitive government agency installations” that would be an asset to terrorists. A cable sent on Nov. 7, 2006, reported that Liu Jieyi, an assistant minister of foreign affairs, warned the American Embassy in Beijing that there would be “grave consequences” if terrorists exploited the imagery.
A year later, another cable pointed out that Google searches for politically delicate terms would sometimes be automatically redirected to Baidu, the Chinese company that was Google’s main competitor in China. Baidu is known for scrubbing its own search engine of results that might be unwelcome to government censors.
Google conducted numerous negotiations with officials in the State Council Information Office and other departments involved in censorship, propaganda and media licensing, the cables show. The May 18, 2009, cable that revealed pressure on the company by Mr. Li, the propaganda chief, said Google had taken some measures “to try and placate the government.” The cable also noted that Google had asked the American government to intervene with China on its behalf.
But Chinese officials became alarmed that Google still did less than its Chinese rivals to remove material Chinese officials considered offensive. Such material included information about Chinese dissidents and human rights issues, but also about central and provincial Chinese leaders and their children — considered an especially taboo topic, interviews with people quoted in the cables reveal.
Mr. Li, after apparently searching for information online on himself and his children, was reported to have stepped up pressure on Google. He also took steps to punish Google commercially, according to the May 18 cable.
The propaganda chief ordered three big state-owned Chinese telecommunications companies to stop doing business with Google. Mr. Li also demanded that Google executives remove any link between its sanitized Chinese Web site and its main international one, which he deemed “an illegal site,” the cable said.
Google ultimately stopped complying with repeated censorship requests. It stopped offering a censored version of its search engine in China earlier this year, citing both the hacking attacks and its unwillingness to continue obeying censorship orders.