Google vs. China, round 1

The biggest news in security this week has been the open war between Google and the China government. The way it's evolving, it looks like there's more to it.

First, Google disclosed that they had an attack coming from China trying to steal information from certain Chinese human rights advocates. They also mentioned that "at least twenty" other big-profile companies were attacked in much the same way. They are so sure that the attacks came from the Chinese government that they threatened with withdrawing their presence from the country. They managed to convince the US government  that this was the case, presumably with really good evidence.

Then, Adobe announced almost instantly that they had detected targeted attacks against them and they were investigating further. Recently, they had been patching lots of newly-discovered vulnerabilities in their Reader product that could be used to run code remotely in machines. People naturally linked these two facts and understood that the mass attack to Google, Adobe and the rest of the companies was performed via a trojanized PDF file sent by email. "Vast espionage campaign" and the likes...

After that, the Chinese government gave an official statement somewhat.... muddled. They said that "China's internet is open and the government encourages development of the internet". That sounds pretty crazy, given the lengths they've gone to censor search engine results. To date, Google China still censors certain results by virtue of the agreement they made with the Chinese government back in 2006.

Just today, news surfaced about a 0-day exploit for Internet Explorer, which seems to be the culprit of the attacks to Google and the others. So it wasn't a PDF hole but an Explorer hole after all. Better yet, it might have been both attacks at the same time. Microsoft hasn't patched the hole yet but they're on it.

Lastly, there is a theory that says that, given that Google's market share is so low in China, Google already wanted out of a market it couldn't compete in. If that is true, they could have used this as an excuse to get out of there, while exposing the government for what they are doing wrong (censoring, hacking, etc.)

My conclusion: While I don't have the clear evidence that apparently Google has, I still believe that the Chinese government has a hand in censoring certain information in the Internet and if that means hacking gmail accounts, they'll make sure it gets done. That is reprehensible and I think that Google should fight the "freedom-of-speech-Internet war with the Chinese government to the last breath and not leave the country. I don't think that's their intention anyway because even if their market share is only 30% in China, 30% of a billion users is still a big market to have. This won't end here though, I'm sure I'll have more chances to comment further on this story.