Chinese breach of Google in 2010 exposed counter-espionage data
posted at 11:21 am on May 21, 2013 by Ed Morrissey
China has recently restarted its cyber warfare against the West and the US, which wasn’t terribly surprising on its face, considering the lack of consequences incurred from its previous cyber-campaigns. At nearly the same time, the success of their earlier efforts has been made surprisingly — and embarrassingly — clear:
Chinese hackers who breached Google’s servers several years ago gained access to a sensitive database with years’ worth of information about U.S. surveillance targets, according to current and former government officials.
The breach appears to have been aimed at unearthing the identities of Chinese intelligence operatives in the United States who may have been under surveillance by American law enforcement agencies.
It’s unclear how much the hackers were able to discover. But former U.S. officials familiar with the breach said the Chinese stood to gain valuable intelligence. The database included information about court orders authorizing surveillance — orders that could have signaled active espionage investigations into Chinese agents who maintained e-mail accounts through Google’s Gmail service. …
“What we found was the attackers were actually looking for the accounts that we had lawful wiretap orders on,” David W. Aucsmith, senior director of Microsoft’s Institute for Advanced Technology in Governments, said at a conference near Washington, according to a recording of his remarks.
“If you think about this, this is brilliant counterintelligence,” he said in the address, which was first reported by the online magazine CIO.com. “You have two choices: If you want to find out if your agents, if you will, have been discovered, you can try to break into the FBI to find out that way. Presumably that’s difficult. Or you can break into the people that the courts have served paper on and see if you can find it that way. That’s essentially what we think they were trolling for, at least in our case.”
Google wasn’t exactly forthcoming at the time of the 2010 breach, either:
Although Google disclosed an intrusion by Chinese hackers in 2010, it made no reference to the breach of the database with information on court orders. That breach prompted deep concerns in Washington and led to a heated, months-long dispute between Google and the FBI and Justice Department over whether the FBI could access technical logs and other information about the breach, according to the officials.Google declined to comment for this article, as did the FBI.
This was no random hack, either. Microsoft reported attempts to breach their security at about the same time, and the targets were also surveilled e-mail accounts under the eye of US investigators. The Chinese hackers knew exactly what they wanted, and apparently how to get them.
When the Justice Department began investigating possible leaks of classified information about North Korea in 2009, investigators did more than obtain telephone records of a working journalist suspected of receiving the secret material.
They used security badge access records to track the reporter’s comings and goings from the State Department, according to a newly obtained court affidavit. They traced the timing of his calls with a State Department security adviser suspected of sharing the classified report. They obtained a search warrant for the reporter’s personal e-mails.
The case of Stephen Jin-Woo Kim, the government adviser, and James Rosen, the chief Washington correspondent for Fox News, bears striking similarities to a sweeping leaks investigation disclosed last week in which federal investigators obtained records over two months of more than 20 telephone lines assigned to the Associated Press.
Say. maybe the DoJ would have been better off working to keep Chinese hackers from accessing sensitive surveillance information on Google’s servers rather than treating a reporter like a spy … even if he does work for Fox News.