More Chinese Internet Espionage

Hey look, another story about the Chinese government spying on foreign companies through the internet, hacking accounts, and dropping malware on people!

This time the British intelligence agency MI5 warned a large range of British companies in 2008 about the threat of Chinese espionage and methods used by Chinese spies to entrap foreign executives.

But a starkly different picture emerges from the document circulated by MI5, Britain’s domestic security service. The Sunday Times account, quoting from the document, said that officers from the People’s Liberation Army and the Ministry of Public Security had approached British businesspeople at trade fairs and exhibitions with offers of “gifts” that included cameras and computer memory sticks that were found to contain bugs that provided the Chinese with remote access to the recipients’ computers.

“There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware,” the document said, according to The Sunday Times. The accuracy of the paper’s citations from the document was verified by the two people contacted by The New York Times who said they had seen the document.

The MI5 report described how China’s computer hacking campaign had attacked British defense, energy, communications and manufacturing companies, as well as public relations companies and international law firms. The document explicitly warned British executives dealing with China against so-called honey trap methods in which it said the Chinese tried to cultivate personal relationships, “often using lavish hospitality and flattery,” either within China or abroad.

“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to cooperate with them,” it warned. “Hotel rooms in major Chinese cities such as Beijing and Shanghai which have been frequented by foreigners are likely to be bugged. Hotel rooms have been searched while the occupants are out of the room.”

At this point, I’d be shocked if American intelligence agencies haven’t distributed robust documents warning of the threat the Chinese government poses to their industrial secrets and risks associated with traveling in China. The bigger question, though, is how long will the press, the public, and Western governments treat this as they do now – just the cost of doing business with China or a predictable byproduct of China’s rise as an economic power. Spying, hacking, cheating, stealing, and blackmail are not appropriate or acceptable behaviors for any member of the global community, be it individuals, nations, corporations, or terrorist cells. Some things are just plain wrong and need to be identified as such. Moreover, if Chinese spy agencies are the ones hacking and blackmailing foreign business leaders as MI5 suggests, Western governments need to deal with this directly and have it impact the outcome and progress of dealings with the Chinese government.

Kowtowing to the Chinese economy is not going to produce desired outcomes on human rights and peace – that has long been clear. But this sort of espionage and blackmail perpetrated by the Chinese government shows that obsequiousness towards China will not give Western corporations or governments any advantage in the pursuit of economic success with Chinese markets. As a result, the pretense of economics superseding all other needs must be dropped when it comes to Western dealings with China. The Chinese government must be dealt with directly and on our terms – regarding human rights, labor rights, and the rule of law. Anything less is blind idiocy in the face of the lie of balanced economic progress.

Privatizing Space Flight

Ending NASA’s control of manned American space flight and moving these responsibilities to private contractors sounds like as bad idea as is possible in the early twenty-first century. NASA has been successfully putting Americans into space for research and exploration for over half a century. Why would companies who are just beginning to experiment with manned orbital flight do a better job than the scientists, researchers, and engineers who’ve put men on the moon?

Speaking at a news conference in Israel on Wednesday, Gen. Charles F. Bolden Jr., the NASA administrator, gave hints of the new direction. “What NASA will focus on is facilitating the success of — I like to use the term ‘entrepreneurial interests,’ ” General Bolden said.

Turning NASA into a pass-through organization responsible for cutting checks to Boeing & LockheedMartin is an embarrassing idea, better suited for George W. Bush and Dick Cheney than the Obama administration. This is the worst kind of American corporatism.

Shorter Obama Administration: Privatized manned space flight: Because, hey, Blackwater has worked out pretty well.

More on Google & China

Josh Schrei has a truly excellent piece on The Huffington Post about why Google’s decision to end it’s partnership with the Chinese government should be a model for all Western companies doing business in China. The whole thing is worth a read, but this passage stands out:

While I applaud Google for their brave decision, their “discomfort” around having to censor should have been taken more seriously the first time around, because there are very few good places such a decision can lead. Once you go down that road, it will inevitably lead to places of greater ambiguity, greater ethical dilemma, and greater concern. Luckily, free thinking minds prevailed, before the unthinkable ( for example, the company NOT disclosing China’s shenanigans in favor of keeping the relationship strong) happened. Over the next few weeks I encourage the Google-folk to maintain the firm stance they did yesterday. Bending on these issues is not an option. Too much is at stake.

Hopefully Google’s actions will start to show some US companies — and our good President, for that matter — that they do have influence with the Chinese, they do have power in that relationship…. and that we can make change by living according to principle. Moving forward, other companies MUST follow Google’s lead. Restrictions should be put in place on selling the Chinese government technology, software, or hardware that enables surveillance and digital privacy invasion. And when Beijing plays foul, in any circumstance, companies have a responsibility to call them out on it, as Google has done.

It is easy, in the relative comfort of our modern lives, to forget the consequences of a few small actions. Censoring a few words here, limiting a few freedoms there, these are significant actions on the perimeter of what is quite literally — along with climate change — the defining issue of our time — whether or not we will live in a free future. The democratizing power of the internet, a truly profound development in the short span of my life, can quickly be turned on its head and used as a means to control a population and as a way to access — and eliminate — those undesirables who think thoughts and write words that are deemed dangerous to power.

Google’s actions in response to hack attacks and invasion of privacy by the Chinese government and Chinese (military) hackers gives lie to the falsehood that the mere presence of Western corporations will be a liberalizing force within the Chinese government. Just as the role of business as a moderating force for Chinese government authoritarianism has been a failure, so too is the passivism in the face of China’s economy that we have seen from President Obama and Secretary of State Clinton. It’s hard to say that the founder of Google has more conviction and courage than the President and Secretary of State, but that appears to be the case today.

I also want to highlight that Huffington Post has a live blog running of updates on what’s happening with Google in China.  It’s a great resource. Of note, they’ve flagged a Wall Street Journal report that shows that Google founder Sergey Brin was the driving voice for withdrawal of Google.cn from China, while CEO and long-time Google.cn defender Eric Schmidt opposed ending their relationship with the Chinese government. This isn’t really shocking – Brin had been publicly vocal about his doubts about this venture since 2006, shortly after Google.cn launched.

In June 2006, Brin stated that Google had “compromised its principles” in abandoning their “Don’t be evil” motto to partner with the Chinese government and launch Google.cn. In January 2007, Brin again spoke out against the decision, this time citing the site’s poor business performance. He said, “On a business level, that decision to censor… was a net negative.”

What’s clear is that this decision was a long time coming. And as I said when it was announced, this is exactly what rights groups like Students for a Free Tibet, the Electronic Frontier Foundation and Reporters Without Borders have been saying Google should have done since Day One. It’s good that Google finally did the right thing, but it came at a high cost in their credibility, at least for many of us in the human rights community. That said, as Josh Schrei points out above, Google has now become a model for Western tech companies behavior in China. Hopefully others follow their lead and stop letting their tools and technology be used by the Chinese government to increase their control over the people of Tibet and China.

Google May Mean It

In an email circulating among China rights activists, BBC and Public Radio International reporter, Mary Kay Magistad reports:

I’m writing this at 10:30am on Jan. 13 in Beijing, where for the past hour or more a Google search for “Tiananmen” pulls up, at the top, graphic photos and descriptions of the crackdown, a Google search on “Falun Gong” pulls up videos of police beating and torturing Falun Gong members, and a Google search on “Tibet” pulls up the Tibet rights groups and documentation on the crackdown on Tibetans since March 2008. A Google search on “China” + “human rights” pulls up, as its first item, a news report that Google is threatening to shut down its operations in China after uncovering what it said were “highly sophisticated” cyberattacks, originating from China, aimed at Chinese human rights activists and at at least 20 other unidentified firms. As a result, Google has said that at the very least it will no longer censor its search engine in China.
Interesting times.
Mary Kay Magistad
China Correspondent
BBC/Public Radio International’s “The World”

I was skeptical that Google would actually pull out of China in full. That decision remains to be seen and will likely be made after negotiations with the Chinese government. I think Google is now showing the Chinese government they are serious about ending their partnership and allowing all information to appear on google.cn without prior censorship. The question will be how Google handles the Chinese government’s response. Will they hold firm for free speech and free information? It’s too soon to tell, but this opening is clearly a shot at the Chinese government.

Google Backing Out of China

Much has been made of Google’s blog notice that it may soon be shutting down Google.cn, a search engine built in partnership with the censorship requests of the Chinese government.  The post cites a major targeted attack on Google and twenty other top companies originating from China, with an apparent goal of hacking into the Gmail accounts of Chinese rights activists, as well as activists around the world working for freedom in China (I would guess that includes many of my friends and colleagues in the Tibetan independence movement). Senior Vice President David Drummond writes:

We launched Google.cn in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

You know, had they listened to me or other folks from Students for a Free Tibet four years ago and not done this in the first place, Google could have avoided a lot of headaches.

I’ve seen some praise for Google for backing out of what seemed to be a successful business venture, citing Google.cn’s 29% market share. Before Google partnered with the Chinese government to launch Google.cn, their Chinese portal, http://www.google.com/intl/zh-CN/, was the #1 customer rated search engine and had the #2 Chinese market share (32.9%). And it wasn’t censored by Google – only subject to normal Chinese Firewall hurdles. So I’m not sure that this should be hailed as having been a huge commercial success.

In the  end, Xeni Jardin of BoingBoing notes that a key impetus was “the search giant experienced an internet attack aimed at Chinese dissidents’ Gmail accounts. The attack is presumed to have been the work of the Chinese government.”

Of course no one could have predicted that Google partnering with the Chinese government would fail to liberalize the Chinese government when it comes to free access to information online.

This is exactly what they claim to have wanted to avoid and any move now is a turn towards the company’s “Don’t Be Evil” motto which was forgotten four years ago.

China’s Global Cyber Spying

The story has been circulating for a few days, but I wanted to highlight it anyway. The Tibetan Government in Exile, other world governments, and many Tibet Support Groups have been the target of malicious cyber attacks and spying from China. The New York Times has a long piece on China’s GhostNet and the research team at the Munk Center for International Studies at the University of Toronto who have been tracking it. Here’s an excerpt:

The newly reported spying operation is by far the largest to come to light in terms of countries affected.

This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude.

Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, “Tracking ‘GhostNet’: Investigating a Cyber Espionage Network.” They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated.

The malware is remarkable both for its sweep — in computer jargon, it has not been merely “phishing” for random consumers’ information, but “whaling” for particular important targets — and for its Big Brother-style capacities. It can, for example, turn on the camera and audio-recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed.

The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama’s organization.

The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lama’s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities.

China Hand at the China Matters blog also has a long analysis of China’s GhostNet and the research into it that’s worth a read.

The full University of Toronto report can be viewed here. Researchers at Cambridge University who participated in the Munk research have published their own independent report as well: “The snooping dragon: social-malware surveillance of the Tibetan movement.”

Obama’s Tech Guru(s)

ValleyWag has a post up trying to determine which individual connected to the Obama campaign’s new media team deserves credit for it all as top “web guru.” I can’t imagine a less relevant question. As the post shows, there were many people taking part in many key aspects of the new media operation. It was the most successful online effort by almost any measurable standard in Democratic Party history. Why in the world does it have to be tied to one person? Why does it make sense to pit, for example, three different influential members of the Blue State Digital team who were critical to Obama’s new media success against each other?

The team the Obama campaign assembled was top notch. They did top notch work and organized in ways most people had never seen, let alone thought of, before. Stop trying to figure out which one person was the most important, it’s a trivial and stupid question that diminishes the work of the entire Obama new media team.

Shorter Google

Shorter Google:

Hey we can afford tiered service in a non-net neutrality world. What, can’t you?

Google isn’t a partner with the progressive movement. They will sometimes line up with us, but at the end of the day they will choose to act on behalf of their corporate bottom line and not their motto of “Don’t Be Evil.” Of course, that’s what they are — a giant corporation. The best way to ensure progressives aren’t disappointed when companies like Google stop being good partners is to not go out of the way to praise them for the moments when they happen to do the right thing. They will always have their eyes on the scale and can’t be expected to do things that are good for anyone other than Google and their shareholders. We saw this with the launch of the censor engine Google.cn and the company’s flailing (and failing) defense of itself for buoying a fascist government like China’s. That we see it again with net neutrality should come as no surprise to anyone who’s been paying attention.

I Never Told You What I Do For A Living

Nancy Scola of techPresident writes about the SEIU New Media team that I’m a proud member of.

Labor Online: The SEIU HQ down in DC has been busy putting together something of a web all-star team. First the Dodd campaign’s Tim Tagaris donned the purple, and now Matt Browner-Hamlin (Dodd campaign, the Senate run of Ted Stevens’ opponent in Alaska), Michael Whitney (American Rights at Work, Generation Dean), and Joaquin Guerra (Bill Richardson’s campaign) joined up. Having such a strong web shop seems to be paying dividends, at least in the blogosphere. The team has just a new campaign called “Bush and McCain: Where’s The Difference?” and put more than a hundred thousand dollars behind it in ad buys through both BlogAds and Common Sense Media. You’ll find the ads popping up on blogs today; for example, I just spotted it as an in-line ad over on MyDD.

Left off from their list of new rock-star like additions to the SEIU New Media team is Michael Link, formerly of the DNC, and Erik Moe, who worked with Tagaris and I on the Dodd campaign. Stay tuned for more good things from our team.