Google probing possible inside help on attack

SAN FRANCISCO/SHANGHAI (Reuters) - Google is investigating whether one or more employees may have helped facilitate a cyber-attack from China that the U.S. search giant said it was a victim of in mid-December, two sources told Reuters on Monday.

A cleaner looks out from the lobby of Google China's headquarters in Beijing, January 15, 2010. REUTERS/Alfred Jin

Google, the world’s most popular search engine, said last week it may pull out of the world’s biggest Internet market by users after reporting it had been hit by a “sophisticated” cyber-attack on its network that resulted in theft of its intellectual property.

The sources, who are familiar with the situation, told Reuters that the attack, which targeted people who have access to specific parts of Google networks, may have been facilitated by people working in Google China’s office.

“We’re not commenting on rumor and speculation. This is an ongoing investigation, and we simply cannot comment on the details,” a Google spokeswoman said.

The investigation that one or more Google employees may have been involved in the Google breach would represent one facet of a broader attack that Google said targeted at least 20 other companies.

Adobe Systems Inc, Juniper Network Inc and Rackspace Hosting Inc have all acknowledged being targets and a person familiar with the situation said Yahoo Inc was also a target.

George Kurtz, the Chief Technology Officer of security software maker McAfee Inc, wrote in the McAfee corporate blog on Sunday that the targeted and coordinated nature of the attacks on various companies made them the most sophisticated cyberattack the company had seen in years

Security analysts told Reuters the malicious software (malware) used in the Google attack was a modification of a Trojan called Hydraq. A Trojan is malware that, once inside a computer, allows someone unauthorized access. The sophistication in the attack was in knowing whom to attack, not the malware itself, the analysts said.

Chinese media, citing unnamed sources, reported that some Google China employees were denied access to internal networks after January 13, while some staff were put on leave and others transferred to different offices in Google’s Asia Pacific operations. Google said it would not comment on its business operations.


Google, which has denied rumors that it has already decided to shut down its China offices, said on Monday it contacted the Chinese government last week after the announcement.

“We are going to have talks with them in the coming few days,” Google said.

Google is also still in the process of scanning its internal networks since the cyber-attack in mid-December.

China has tried to play down Google’s threat to leave, saying there are many ways to resolve the issue, but insisting all foreign companies, Google included, must abide by Chinese laws. [ID:nTOE60E00I]

Washington said it was issuing a diplomatic note to China formally requesting an explanation for the attacks.

The Google issue risks becoming another irritant in China’s relationship with the United States. Ties are already strained by arguments over the yuan currency’s exchange rate, which U.S. critics say is unfairly low, trade protectionism and U.S. arms sales to Taiwan.

Washington has long been worried about Beijing’s cyber-spying program. A congressional advisory panel said in November the Chinese government appeared increasingly to be penetrating U.S. computers to gather useful data for its military. (Reporting by the Shanghai newsroom; Additional Reporting by Alexei Oreskovic in San Francisco; Editing by Sanjeev Miglani)