A freelance security consultant working on behalf of the Chinese government was likely involved in the hack attacks that prompted Google to take a stand against China last month, the Financial Times reported on Sunday.
The man, who is in his 30s, did not launch the attack; rather, he wrote the code that tapped a security flaw in Microsoft’s Internet Explorer to insert spyware into Google’s computers, according to the FT, which cited a source working for the U.S. government.
The hacker even posted pieces of the program on a hacking forum, the publication said.
Highly skilled coders in China are frequently tapped by government officials for state-sponsored projects, the U.S. official told the FT, whether they want to be or not.
Hacking Group Implicated
News of the hacker’s possible identity came just days after a New York Times report suggested that two Chinese universities — Shanghai Jiaotong University and the military-linked Lanxiang Vocational School — were involved.
Both have since denied any role, the FT reported.
A Monday report in the Wall Street Journal, meanwhile, suggests that a prominent Asian hacking group is to blame, though it’s not clear whether the group acted on behalf of the government or not.
Microsoft CEO Steve Ballmer and Microsoft Chairman Bill Gates have also spoken out on the topic, both downplaying China’s Internet restrictions.
Google did not respond by press time to the E-Commerce Times’ requests for comment on the latest developments.
‘That Won’t Come as Any Surprise’
If it does turn out that the hackers had ties to the Chinese government, however, Google’s position could be dramatically altered in its dispute with China.
“I’ve always felt that one of the missed parts of this story is Google’s early emphasis on the fact that human rights activists had been targeted” in the attacks, Danny O’Brien, international outreach coordinator for the Electronic Frontier Foundation, told the E-Commerce Times.
Not only was that fact emphasized as justification for the “very radical steps” Google took upon discovering the attacks, O’Brien said, but “it was also a major clue that this was an attack by a major state actor — or someone who believed they could sell the information to a state actor.”
If indeed the parties responsible were acting on the Chinese government’s behalf, then, “that won’t come as any surprise to Google,” he asserted.
While Google has “not yet changed its behavior with regard to China,” such a revelation could, however, have a significant effect on negotiations, O’Brien pointed out.
Specifically, those within Google who feel that the company would be better off pulling out of China entirely could gain strength in light of such evidence.
“I think some external corroboration that this was a Chinese authority does help those arguing that it’s just simply going to be impossible to continue in China when the playing field is so badly tilted against Google,” he explained.
After all, O’Brien concluded, “there’s a difference between run-of-the-mill industrial espionage and having to deal with the Chinese military or the billion-dollar adversary of the Golden Shield.”
‘A Porcupine Mating Dance’
Relations between China and the United States have always been something of a “porcupine mating dance,” Charles King, principal analyst with Pund-IT, told the E-Commerce Times.
Specifically, China’s growing financial power and ambitions have often caused the U.S. government and businesses alike to “approach the relationship with kid gloves,” King explained.
Yet China has acted in many cases as “anything but a global partner,” he pointed out. With all the issues of product safety and the roadblocks that the Chinese government has put before foreign companies, “it’s created an atmosphere where it’s simply very difficult for businesses to feel as though they’re being treated seriously” in the country.
‘Not a Good Indicator’
“My hat’s off to Google,” King said. “The Chinese may feel as though they can live without Google, and perhaps that’s the case from a practical standpoint, but having your market abandoned by a company with such a global brand and cachet is not a good indicator.”
No one wants to “close the door on these opportunities, but at the same time no company can afford to have their intellectual property ransacked,” he concluded. “No market can afford to have one player that talks like a partner out of one side of its mouth and acts like a bandit out of the other.”