Google Investigating Chinese Employees

BluePeppers writes "The Guardian is reporting that Google China is investigating its staff about The Incident. '"We're not commenting on rumor and speculation. This is an ongoing investigation and we simply cannot comment on the details," a Google spokeswoman said. Security analysts told Reuters the malicious software or malware used in the attack was a modification of a trojan called Hydraq. A trojan is a hidden program allowing unauthorized access to a computer. The analysts said the sophistication in the attack was in knowing whom to attack, not the malware itself.'"

Google is more powerful than I thought..

[brokenin2]

I didn't know they could go back in time and undo the incident. Very impressive!

Re:

[raburton]

I was concerned for a moment there about declining standards at the Guardian, but you'll be pleased to know the phrase "in lieu" does not appear anywhere in their article.

Re:

[Anonymous Coward]

Unfortunately only organic matter could be sent or machines covered with organic matter.

Re:

[Destoo]

Portable weapons of mass destruction wrapped in bacon.. hmmmmmhmhmhmmmgrrglglgl..

Re:

[Kz]

what about a bacon plasma torch [popsci.com]?

Re:Incident

[Arthur Grumbine]

Apparently something so significant happened that people can just call it "The Incident" and expect others to know about it. Yet I've never heard of anything happening to Google, or originating from Google significant enough and shocking enough to be titled "The Incident". (The worst I've heard is about their camera cars going up the occasional private road).

Seriously?! You've been posting regularly on /. for this last week [slashdot.org] yet you somehow managed to miss nine of the most commented on stories?! Well, here they are in chronological order:
Google Hacked, may pull out of China [slashdot.org]
Google.cn has already lifted censorship [slashdot.org]
Google.cn attack part of broad spying effort [slashdot.org]
China emphasizes law as Google defies censorship [slashdot.org]
Google attackers identified as Chinese government [slashdot.org]
IE 0-day flaw used in Chinese attack [slashdot.org]
Code used to attack Google now public [slashdot.org]
German government advises public to stop using IE [slashdot.org]
Another attack, on law firm suing China [slashdot.org]
This is also all over the mainstream and business news [google.com] (although, like all other news stories, it's secondary to the Haiti coverage).

Re:

[Machtyn]

What part of "Google Hacked" did you miss? If we need to show you that 1 + 1 + 1 does, in fact, equal 3 (in a base 4+ environment) here it is:

• Google Hacked...
• IE 0-day flaw used...
• Google Investigating ... Employees.

Re:

[Anpheus]

All of them are the same story: Chinese hacking of US businesses. In Google's case, it prompted their new China policy.

I'm not going to repeat the stories that were linked for you, though.

Spies everywhere

[WindBourne]

Why should Google be surprised. The funny thing is that all Google will be able to do is fire that person. And then they will get to take a job with a Baidu (or may already be working for them).

Re:Spies everywhere

[demonlapin]

I rather strongly suspect that there are a lot of new Google "employees" and "corporate security" who just happen to draw a paycheck from the FBI. It's about mapping out the threat.

Re:Spies everywhere

[Wyatt Earp]

And I suspect alot of Google China employees draw a paycheck from the People's Liberation Army and other Chinese Government agencies.

Re:Spies everywhere

[GiveBenADollar]

But the real question is how many Chinese Government officials are drawing a Google paycheck. I suspect that Google now has more spies than the Vatican.

Re:Spies everywhere

[thetoadwarrior]

I'm drawing a good pay check from the Judean People's Front for spying on Google.

Re:

[WindBourne]

I seriously doubt it. Have you ever worked with say FBI or DHS on a tech level? They are both loaded with total idiots. The CIA is a mixed bad and NSA is loaded with some of the brightest ppl that I have worked inside of the gov. Google has nobody on their roster that is a known American gov. employee. And I doubt that the gov. allows that.

OTH, I have dealt several times with spies from China. One guy that wanted to invest in the start-up that we were in, but wanted full access to the equipment that we ha

Re:Spies everywhere

[WindBourne]

The FBI pay their CS ppl at the same level that NSA, CIA, DOD, and NASA pay.

The prestige with NSA is that you DO work with bright ppl and yes, systems that will not be known about for decades. Finally, NSA pushes you to excel. FBI simply pushes you. And DHS is LOADED with absolute IDIOTS. More cronyism in there, and everybody that I knew in there were total idiots in the private world. DHS is one of those nightmares that should be destroyed.

Re:

[Yvanhoe]

IANAL but I think that if Google cannot do much, the USA can do : If it is proven they broke into computer systems in order to aid a foreign country against the interests of the United States, it can be considered as the crime of treason. (I am assuming they are American citizens). If they are citizens of China, they can still be judged on the ground of breaking into a computerized system and on the ground of conspiracy.

USA has no extradition treaties with China so I think they have no obligations to let

Re:Spies everywhere

[m.ducharme]

If it is proven they broke into computer systems in order to aid a foreign country against the interests of the United States, it can be considered as the crime of treason. (I am assuming they are American citizens).

It's very unlikely that the culprit is American.

If they are citizens of China, they can still be judged on the ground of breaking into a computerized system and on the ground of conspiracy.

Why exactly would they be tried for obeying orders from their government? They might be punished for getting caught, but we won't likely hear about that.

USA has no extradition treaties with China so I think they have no obligations to let China judge them.

Except that the investigation is in Google China, which is in...wait for it...China.

Anything the US gov can do will be diplomatic in nature, and given how closely tied the economies of the US and China are, any diplomatic action the US can take will be largely symbolic. Though there may be plans for a more covert retaliation in the works as we speak, those plans won't likely involve wasting time trying to extradite the hackers/mole/whoever.

Re:

[Yvanhoe]

Except that the investigation is in Google China, which is in...wait for it...China.

Ooops, missed that part. Mod me offtopic then... I thought it was about Chinese developers in USA. Indeed, if that is the case nothing can really be done and Google had really no other choices than closing its offices there.

Re:Spies everywhere

[Runaway1956]

I have mod points, but I don't see the "-5 ethnocentric" choice. That's the whole problem with so many posts in so many articles. People fail to realize that the stories are often global in nature. Think outside the box. Think inside the globe. The world doesn't end at America's coastlines.

Re:

[Fluffeh]

The world doesn't end at America's coastlines.

Of course not. That's where US waters are, before they cover up the rest of God's round earth till they hit the other US coastline. Gosh, you clearly didn't do geography at school did you?

*rolls eyes*

Re:Spies everywhere

[Arthur Grumbine]

Think outside the box. Think inside the globe.

It's exactly this kind of Terran-centric Isolationism that has retarded the development of diplomatic relations with our closest neighbor [wikipedia.org]. Reacting with fear to their obviously friendly overtures [wikipedia.org], doesn't help either.

Re:

[DrXym]

Unless this person were working for Baidu to start with, I bet Baidu wouldn't touch then with a 20ft pole. Who on earth would hire someone who had just planted a trojan in their last place of work?

Re:

[WindBourne]

Baidu works VERY close with the Chinese gov. In the same way that Pravda works with Russian Party, Fox with the republican party, or Air America Airlines with the CIA. As it is, Chinese gov. has strict penality for spying or causing harm against other Chinese (esp. gov or companies), but reward handsomely those that do the same against foreigners and then share the information. Basically, the gov has an X-Prize approach to spying on the west.

Re:

[whisper_jeff]

I believe that industrial espionage is a crime. And I'm sure several other laws were broken along the way (computer hacking itself is a pretty serious crime). I don't know about the laws in China, but I suspect Google can do something beyond just firing the person.

Re:

[chiguy]

Google should also check where all their laptops were manufactured. And make sure each BIOS is clean.

Re:

[Machtyn]

Well, with top Baidu officials resigning [foxnews.com] there should be some openings... but it's got to make you wonder why the rats are jumping off the ship.

Re:

[eulernet]

And then they will get to take a job with a Baidu.

I doubt so.
When you betray some company, you'll always be marked as a traitor.

Re:

[nortcele]

Oh yeah? Our company outsourced a bunch of IT functions to India. I triple dog dare the Chinese to infiltrate those Indian machines and trash them.

Re:

[Weezul]

All the cynics will say that Google will fire them, China will execute them along with some hackers, and Google will return to censoring Chinese traffic.

China may execute their own "internet soldiers" who participated in the attacks just to save face internally, or even just personally, but I'd imagine that Google won't take China punishing the hackers as reason to stop censoring.

I'd say the most likely long term solution is that Google remains uncensored but China aggressively firewalls any undesirable sea

In lieu of?

[bluestar]

I do not think that word means what you think it means.

Re:In lieu of?

[Anonymous Coward]

His grammar is down the lieu.

Re:In lieu of?

[garg0yle]

I think they meant "in light of" (as in, in response to). "In lieu of", as you know, means essentially "instead of", and would not make sense in this context. So, you are correct. I just hope you don't get modded down as "grammar police".

Re:

[Monkeedude1212]

Unless he meant it in the proper meaning, in which case, Google has some very peculiar business practices.

Re:

[Tim C]

Not to mention the ability to travel in time.

Re:

[JustNilt]

Damn, beat me to it. It took me a second to realize it wasn't my lack of comprehension due to a lack of coffee but was instead the complete lack of proofreading.

Re:In lieu of?

[John Hasler]

This is Slashdot. Every summary must have at least one grammatical error.

Re:In lieu of?

[Rary]

This is Slashdot. Every summary must have at least one grammatical error.

And "investigating it's staff" wasn't good enough?

Re:

[DeVilla]

This is Slashdot. Every summary must have at least one grammatical error.

And "investigating it's staff" wasn't good enough?

emphasis added

Re:

[stumblingblock]

Well, you know how well informed those English majors are about engineering topics, right? How could it be any other way with an engineer's usage of the language?

Re:In lieu of?

[wall0159]

C'mon, go easy - I wouldn't call failing to capitalize IT a grammatical error!

Re:

[Rary]

Well played. :)

Re:

[Bluesman]

No, when an organization is investigating it is staff, there perfectly reasonable to do it in lieu of.

And to present the results...

[gpeters]

After the investigation, of course they will invite every Google China employee to join them in the USA for a presentation of the results...!

Actually, that's the whole investigation. People who have "family obligations" or who are "afraid of airplanes" are the ones to look at!

it's aftermath!

[bigmaddog]

Irregardless of the actual story content, I find the poster's use of "in lieu" to be the penultimate atrocity vis-a-vis the English language.

Re:

[IANAAC]

That took a minute to realize you were joking.

Re:

[Aladrin]

Actually, he's not. What that statement says is that instead of having The Incident happen, Google is launching an investigation.

http://dictionary.reference.com/browse/in+lieu+of [reference.com]

Obviously, that's not what is going on because we don't have time travel.

Re:

[h4rm0ny]

I assumed the joke was someone starting a post criticizing word usage with 'irregardless'.

Re:

[John Hasler]

> I find the poster's use of "in lieu" to be the penultimate atrocity
> vis-a-vis the English language.

The ultimate one being use of "irregardless"?

Re:

[snarkh]

No, that's antepenultimate.

Re:

[NitroWolf]

No, that's antepenultimate.

So then what would the ultimate and the last one be?

While "irregardless" may not the be ultimate atrocity vis-a-vis the English language, it's definitely at the top of the list for "words" or phrases that scream "I'm from the rattiest trailer park in the country and have actually found a way to obtain a negative education level. I actually suck the intelligence out of people that are within earshot of me." Hmm... perhaps it is the ultimate.

and

[snarkh]

the ultimate atrocity is the poster's use of "it's"?

Re:

[demonlapin]

I believe you used vis-a-vis correctly there. Try vice versa.

Re:

[bigmaddog]

Dammit, you might be right, although I never did like the "in relation to" usage of vis-a-vis. Anyway, the text of the story has now been improved, which saddens me and makes this exercise in internet-enabled douchebaggery moot.

Re:

[Tim C]

Yes.

See how much correct, clear use of language matters, and how much incorrect and/or unclear use of language impedes constructive debate?

What's that sound?

[gbutler69]

WHOOSH!

Re:

[dwiget001]

Atrociously irregardless, maybe?

Loose lips sink ships.

[Mal-2]

I bet it was your run of the mill social engineering. Someone on the attacking side befriended someone on the inside and either coaxed the information out, or just waited until they mentioned it in passing. Once they knew who to target, they could then pump this employee to see if the attack was having any effect, from the perspective of an insider.

It could be a Facebook friend, it could be a normal face-to-face friend, or it might be a "swallow" [jezebel.com]. Governments certainly use this method of social engineering, but I would be quite surprised if companies do not do it as well.

Mal-2

Re:

[tomhath]

They don't bother with social engineering. China's industrial espionage [guardian.co.uk] program is extensive [arstechnica.com] and very well [homelandse...wswire.com] organized [travisdeyle.com].

Re:

[indiechild]

Exactly. No need for even simple social engineering when anyone on the inside would've done the job.

the Chinese staffer's name ...

[Anonymous Coward]

... is In Lieu, you insensitive clods!

Somewhere in Mountain View...

[Animats]

Somewhere in Mountain View, servers are now analyzing all activity of Google's employees in China. And their friend. And their friend's friends. And the people they email. And everyone who got in range of a Google security camera. And all the their friends. And the people they email.

Re:Somewhere in Mountain View...

[e2d2]

ENHANCE!

Re:Somewhere in Mountain View...

[Herkum01]

Oh my god, it was KEVIN BACON!

Re:Somewhere in Mountain View...

[NevarMore]

..and showing them text advertisements for criminal defence lawyers.

Re:

[Spatial]

...because it is Gmail. Right?

Re:

[CFBMoo1]

"Somewhere in Mountain View, servers are now analyzing all activity of Google's employees in China. And their friend. And their friend's friends. And the people they email. And everyone who got in range of a Google security camera. And all the their friends. And the people they email."

And then, suddenly the white vans with cameras and guys in colorful hats pulls up and surrounds someones house!

Re:

[D H NG]

During my orientation week in Mountain View, there was a joke about some hardware being stolen from campus. The punchline? "If there's one thing that Google's good at, it's searching."

Re:

[Vegeta99]

You got your gerund right, but not the other two. It's analyze. I'm not sure what analize is, but I'm sure some drug traffickers could tell you.

In communist china...

[Anonymous Coward]

google googles you!

Espionage Big risk of Overseas Outsourcing

[Anonymous Coward]

Espionage is a BIG risk in all Overseas Outsourcing. The overseas employees (or foreigners brought in on L-1 or H-1b visas) are ultimately loyal to their home country. If their country orders them to spy, turn over Intellectual Property, etc., don't be surprised! Google is not the big risk. Microsoft, for example, has a big tech center in China. One must wonder what sorts of spying, back doors, trojans, are being planted in Windows!

Re:

[couchslug]

Espionage is a tolerable cost of outsourcing because all that matters is profit. Some public embarassment will result now and then, but it is perfectly reasonable for people to put national loyalty far above any concern for a foreign corporation.

I'd cheerfully help the US find information about any foreign company I worked for, because I have no moral obligation to a corporation and least of all one from an enemy/competing (there is no difference!) country. It is ridiculous to expect people to be loyal to f

Re:

[fluffy99]

For example, all of the cheap chinese knockoff of brand name stuff. A large portion of it is dishonest suppliers simply doing their own runs of the product and selling it to the grey market.

Welcome to the new world

[jonpublic]

Chinese companies copied part for part GM cars and as far as I know, nothing came of it. You could literally take the door off the Chevy and put a door from the Chinese car company on it. We don't impose any trade sanctions, we just keep buying their stuff.

I'd find the link but I don't have time.

Hopefully this google flap will get people to pay attention to how they are catching up.

 

Re:Welcome to the new world

[Anonymous Coward]

here is the link... from 2005!

http://www.autoblog.com/2005/04/16/chinese-copy-cats/

Re:

[Inda]

Why is everyone surprised at this? When I worked at Land Rover's design centre in Gaydon, England, there were always two cars from rivals, stripped down, Faro arms in each corner,... You could borrow the parts just like a lending library. Everyone does it. It's good to share.

Re:Welcome to the new world

[Alcohol Fueled]

Here's a link showing the top 10 copycat cars produced in China, with pics of the real deal and the rip offs. http://cars.uk.msn.com/features/photos.aspx?cp-documentid=150107488 [msn.com]

Re:

[Lakitu]

same as the old world!

http://www.rb-29.net/HTML/03RelatedStories/03.03shortstories/03.03.10contss.htm [rb-29.net]

Re:

[ionix5891]

GM cars, another tool in Chinese government's arsenal of population control

Trojan

[Anonymous Coward]

A trojan is a hidden program allowing unauthorized access to a computer.

Yes thanks! This is definitely news to the average /. reader. I never knew that!

Re:

[ArsonSmith]

It was also a people that tricked a fortified enemy city with a giant horse as a gift with solders hidden inside.

A lesser known, at least on Slashdot, version is a condom used in an act known as 'sex' to prevent reproduction and infection transfers.

Re:

[H0p313ss]

It was also a people that tricked a fortified enemy city with a giant horse as a gift with solders hidden inside.

Actually... the horse was made by Greeks, it fooled the Trojans. (Hence the phrase; "Beware of Greeks bearing gifts".)

Re:

[ArsonSmith]

knew i should have looked it up instead of just using my hazy memory of the story.

Re:

[lgw]

The lesson from the Trojan horse should have been "beware of gifts bearing Greeks"!

Re:

[dintech]

And also, not the definition that most people learned decades ago. The whole concept of a concept of a Trojan is of course an innocuous piece of software masquerading as something useful that is invited into a system only then to unleash a nasty payload. If during the Trojan War, the horse had been hidden, that would have been a much cleverer attack. I guess the reporter didn't see the connection between Trojan and Trojan Horse. Also not all trojans allow access to the computer. Some just get in there to FS

Google seems more Authority than Corp.

[stimpleton]

"Google Investigating Chinese Employees"

Something occurred to me after I read this. I get a slight twinge that Google is more an Authority, instead of a private corporation. Its odd, If I read "Microsoft investigates..." I envision some staid corporate fumbling about, yet with Google, I feel they are almost Law Enforcement like, with big tenticles of power Joe Bloggs couldnt understand.

Sorry, I have watching "The Wire" [wikipedia.org] on DVD. Its ruined my perceptions on how things (might) work.

Re:

[Spatial]

Well you have more reason to believe in their investigative ability. Google deals primarily in information, with a combination of accurate search tools and advertisement targeting being some of their main sources of income.

Hate to say this...

[hesaigo999ca]

Hate to say this...as it does sound racist, but I know for a fact that most of the chinese employees within a company that deals with
china, will side to help the chinese side of the deal rather then their own company that is dealing with china, also even went so far as to give out confidential info and deal breaking intel to manufacturers so as to be able to charge top dollar when they could, based on types of situations that came up.

For me, it might sound racist, but I truly believe that they have been bra

Re:

[antifoidulus]

Part of the problem is that there is essentially no punishment(in most cases lots of rewards) for doing so. The Chinese government will make sure you are well taken care of if you help a Chinese company(and lets face it, though nominally capitalist the state essentially still "owns" all enterprises in China, you cannot get rich there if the state doesn't want you to be rich). Until significant sanctions are levied against China for this kind of stunt they will continue only to get more brazen with their v

If Google wants to do this right...

[dwiget001]

... they would interrogate these people like the ChiComs would. Make them feel right at home!

What does this mean for Chinese seeking work?

[vampire_baozi]

If Google finds anything, this could have serious reprecussions for foreign companies hiring in China and Chinese students seeking green cards/employment in the US, especially in high-tech areas. Does anyone else think that mandatory background checks might be put in place to screen candidates, beyond simply assessing technical skills?

If so, it's a good time to be Indian or Taiwanese/Korean, if you're competing with Chinese candidates.

Though I do hope if this doesn't result in hiring discrimination against Chinese candidates; most of them are bright cookies, and there may come a day when US tech companies need them more than they need us.

Re:

[plasticsquirrel]

I don't think Korea is competing with China and India in this field. South Korea is a wealthy country rather like Japan, and I don't believe that any computers exist in North Korea.

Re:

[LSD-OBS]

Its the kind of bad grammer we sea alot of on slashdot. Blame there editers.

Re:

[Sponge Bath]

Blame there editers.

Blame them editers. As in "them's good eatin'". - Backwoods US Grammer Nazi

Re:

[dhall]

Blame the editors.

Or blame dem edit'rs in true backwoods vernacular.

Re:

[gregarican]

It's enough to make you want to loose your mind...

Re:

[nkcaump]

but we we have computers

Giggle... you said "we we"...

Re:

[ArsonSmith]

"You have got to be kidding me!!! Hold on I have to go take a wicked NO!"

-Peter G.

Re:

[xdroop]

Right, I get hit by my own irony stick. I deserved that. "we we" indeed.

Re:

[rsborg]

Was about to mod you up until you suggested Google kill it's own (compromised) employees. That's stupid on so many levels.

Google probably isn't firing them because the ones you find are the sloppy ones, and the ones you WANT to find are more clever and will require some pressure on the sloppier ones... which you lose if you terminate them as employees.

Re:

[MichaelSmith]

Not a chance unless they trick them into flying to the US (for a regular meeting, say) and investigate from there. In fact, anybody who refuses a quick trip to the states at this point could be given an early look I suppose.