Yahoo knew of attacks before Google, kept mum

SAN FRANCISCO (Reuters) - Yahoo Inc knew it had been a target to sophisticated Chinese cyber attacks on U.S. corporations before Google alerted the company to them, a source familiar with the matter said, but chose to remain silent after its bigger rival went public.

The two Internet search and email providers had discussed a highly coordinated attack originating in China prior to Google’s high-profile announcement on Tuesday, the person said.

Google said the hackers’ primary goal was to access Gmail accounts of human rights activists, and that at least 20 other large companies had been targeted. It was unclear whether the attacks on Yahoo were also aimed at grabbing information off emails, or if they had been successful.

Google got in touch with Yahoo “to share knowledge” -- after determining through its own investigations that Yahoo had also fallen victim to cyber attacks -- and Yahoo then confirmed to Google it “was already aware of similar issues on their side,” the person said on condition of anonymity.

Yahoo said on Friday it does not generally disclose information about attacks on its systems, but the company takes security very seriously and takes appropriate action in the event of any kind of breach. Google said it would not comment on specific companies involved.

Google said it would no longer censor its Internet search results in the country, and might even pull out altogether.

Thus far, technology heavyweights like Microsoft Corp, Intel Corp and Cisco Systems Inc have shown little inclination to rock the boat or express solidarity with Google.

Analysts say many foreign multinationals in fact may occasionally bend over backwards to appease Beijing, coveting the vast potential market in what will soon be the world’s second-largest economy.

Since Google reported the attacks, only Adobe Systems Inc, Juniper Networks Inc and Rackspace Hosting Inc have acknowledged experiencing similar incidents. But the majority of victims have remained silent.

Analysts have said many companies choose not to publicize cyber attacks out of fear of exposing technological vulnerabilities and, in this case, of upsetting business relations with China.

“They don’t want to get any noses out of joint in Beijing,” said Clyde Prestowitz, president of the Washington-based Economic Strategy Institute.

Microsoft, normally keen to discuss business opportunities with the press, is no longer answering basic questions about China and declined to comment on Friday.

Chief Executive Steve Ballmer said Thursday the software giant had no plans to pull out of China. Microsoft is chiefly interested in getting Beijing to crack down on intellectual property rights, and has no desire to ruffle relations, analysts said.

“I don’t understand how that helps anything. I don’t understand how that helps us and I don’t understand how that helps China,” Ballmer said.

Most of the company’s software in China is pirated, and effective policing would potentially add billions of dollars in revenues for its Windows and Office software business.

For Yahoo, protecting the personal information of users in China is a particularly touchy subject.

In 2007, Yahoo outraged human rights activists after accusations that the Internet giant had handed over the mail, data on online activity and Internet addresses of suspected dissidents to Chinese officials. Though Yahoo eventually settled the lawsuits brought by lawyers acting on behalf of jailed dissidents.

The suit, advanced by the Washington D.C.-based World Organization for Human Rights USA, maintained that Yahoo had benefited financially by working with Chinese authorities.

Yahoo also no longer maintains its own Internet site in China. In 2005, Yahoo handed over exclusive rights to the “Yahoo China” brand name and folded its Chinese mail, messaging and other operations into the Alibaba Group, in a $1 billion deal that gave Yahoo a 40 percent stake in Alibaba.

Additional reporting by Bill Rigby in Seattle, editing by Edwin Chan; editing by Andre Grenon, Bernard Orr