Satish Pradhan Dnyanasadhana College

Topic Title:
CASE STUDY ON ATTACK GOOGLE CHINA (2009)
Academic year: (2020-2021)

Submitted By:
Kiran Borge - ( )

Pritam Tare - ( )

Sahil Peje -( )

Prathamesh Gunjal - ( )

Suraj Wakachaure -()

This case briefly discusses about search engine market in China, Google's share in Chinese
market, Government rules and regulations related to the internet search.
 The main issues discussed in this case study are:
Google's launch in the China and how it made its presence felt over there as well as the key
issues faced by the Google such as gaining the market share, although Google did a fair
amount of research before entering China but still wasn't able to beat the local competitor
Baidu which is the biggest in terms of search engine in China and accounts for nearly 60%
of the market share. Chinese Government rules and regulations related to the censorship in
China which was against the Google's Mission of providing the information. Cyber-attack on
Google China which mainly target the gmail accounts of the users who were Human
Right activists which forced Google on considering its exit from China. A brief analysis of
the internet search market in China by discussing the market share of various players such as
Google, Baidu, Microsoft, Yahoo and other local Players. Possible strategy which Google
could use in order to grow and sustain its market share.

 Introduction:
This case study tries to find out the Google's performance in China by taking into account
current state of industry, doing the portfolio analysis, critically analyzing its strategy.
Google started its operations in China in 2005 earlier to that it provided search engine to
Chinese users through its servers based in US but in a very short span of time Chinese
Government developed its own firewall in order to provide the censored information to the
Chinese people by providing the cache copy of Google search results which resulted in
slowing down of its web pages, this resulted in slowing down its search results upto 7 times
as compared to its competitor Baidu. As a result of this, Google decided to open its
operations in China in order to resolve these issues as Google considered that it's better to
provide the information rather than providing no information at all. So, it provided the
censored information to Chinese population but still it found difficult to extend its presence in
the Chinese market in terms of developing products in the Chinese language and localizing
them whereas Baidu's pay 4 performance model was much better which was based on the
performance rather than the flat charges in the beginning itself which other search engines
used.
Google faced cyber-attacks in January 2010 which forced it to consider its exit from the
China and named it as Aurora attack, moreover this decision from Google was considered
diplomatic one by internet security experts as this decision would make Chinese Government
to reconsider its decision on the censorship which could help Google attain the same level of
leadership in the Chinese market as it enjoys the world over (Worthen, Ben,2010).
*Chinese hackers who breached Google's servers several years ago gained access to a
sensitive database with years’ worth of information about U.S. surveillance targets, according
to current and former government officials. The breach appears to have been aimed at
unearthing the identities of Chinese intelligence operatives in the United States who may
have been under surveillance by American law enforcement agencies. It’s unclear how much
the hackers were able to discover. But former U.S. officials familiar with the breach said the
Chinese stood to gain valuable intelligence. The database included information about court
orders authorizing surveillance orders that could have signalled active spying investigations
into Chinese agents who maintained e-mail accounts through Google's Gmail
service.Knowing that you were subjects of an investigation allows them to take steps to
destroy information, get people out of the country, said one former official, who, like others
interviewed for this article, spoke on the condition of anonymity to discuss a highly sensitive
matter. The official said the Chinese could also have sought to deceive U.S. intelligence
officials by conveying false or misleading information.
Although Google disclosed an intrusion by Chinese hackers in 2010, it made no reference to
the breach of the database with information on court orders. That breach prompted deep
concerns in Washington and led to a heated, months-long dispute between Google and the
FBI and Justice Department over whether the FBI could access technical logs and other
information about the breach, according to the officials. a senior Microsoft official suggested
that Chinese hackers had targeted the company’s servers about the same time that Google’s
system was compromised. The official said Microsoft concluded that whoever was behind the
breach was seeking to identify accounts that had been tagged for surveillance by U.S.
national security and law enforcement agencies.

“What we found was the attackers were actually looking for the accounts that we had
lawful wiretap orders on,” David W. Aucsmith, senior director of Microsoft’s Institute for
Advanced Technology in Governments, said at a conference near Washington, according to a
recording of his remarks.
“If you think about this, this is brilliant counterintelligence,” he said in the address, which
was first reported by the online magazine CIO.com. “You have two choices: If you want to
find out if your agents, if you will, have been discovered, you can try to break into the FBI to
find out that way. Presumably that’s difficult. Or you can break into the people that the courts
have served paper on and see if you can find it that way. That’s essentially what we think
they were trolling for, at least in our case.”
Microsoft now disputes that its servers had been compromised as part of the cyber spying
campaign that targeted Google and about 20 other companies. David W. Aucsmith, who cited
that campaign in his remarks, said in a statement to The Washington Post that his comments
were ‘not meant to cite any specific Microsoft analysis or findings about motive or attacks.’
The U.S. government has been concerned about Chinese hacking since at least the early
2000s, when network intrusions were discovered at U.S. energy labs and defence contractors.
The FBI has for years led a national security investigation into Chinese cyber espionage,
some of which has been linked to the Chinese military.
The Chinese, according to government, academic and industry analysts, have stolen massive
volumes of data from companies in sectors including defense, technology, aerospace, and oil
and gas. Gen. Keith B. Alexander, the director of the National Security Agency, has referred
to the theft of proprietary data as the “greatest transfer of wealth in history.”
The Chinese emphatically deny that they are engaged in hacking into U.S. computer systems
and have said that many intrusions into their own networks emanate from servers in the
United States. “The Chinese government prohibits online criminal offenses of all forms,
including cyber-attack and cyber espionage, and has done what it can to combat such
activities in accordance with Chinese laws,” a Chinese Embassy spokesman, Yuan Gao, said
in an e-mail. “We’ve heard all kinds of allegations but have not seen any hard evidence or
proof ”.Experts said an elaborate network of interconnected routers and servers can make the
Internet tailor-made for the shadowy work of spying and counter spying. It stands to reason,
they said, that adversaries would be interested in finding vulnerabilities in the networks of the
companies that authorize surveillance on behalf of the government. “It is an absolute rule of
thumb that the best counterintelligence tool isn’t defensive” it’s offensive. It’s penetrating the
other service, said Michael V. Hayden, a former director of the National Security Agency and
the CIA, who said he had no knowledge of the incidents. Hacking into a surveillance
database, he said, ‘is a form of that.’
Google’s crisis began in December 2009, when, several former government officials said, the
firm discovered that Chinese hackers had penetrated its corporate networks through “spear
phishing” a technique in which an employee was effectively deceived into clicking a bogus
link that downloads a malicious program. The hackers had been rooting around insider
Google’s servers for at least a year. Alarmed by the scope and audacity of the breach, the
company went public with the news in January 2010, becoming the first U.S. firm to
voluntarily disclose an intrusion that originated in China. In a blog post, Google chief legal
officer David Drummond said hackers stole the source code that powers Google’s vaunted
search engine and also targeted the e-mail accounts of activists critical of China’s human
rights abuses.As Google was responding to the breach, its technicians made another startling
discovery: its database with years of information on surveillance orders had been hacked. The
database included information on thousands of orders issued by judges around the country to
law enforcement agents seeking to monitor suspects e-mails. The most sensitive orders,
however, came from a federal court that approves surveillance of foreign targets such as
spies, diplomats, suspected terrorists and agents of other governments. Those orders, issued
under the Foreign Intelligence Surveillance Act, are classified. Google did not disclose that
breach publicly, but soon after detecting it, the company alerted the FBI, former officials
said. Bureau officials told FBI Director Robert S. Mueller III, who briefed President Obama.
At one point, an FBI supervisory agent working on Chinese cyberespionage cases travelled to
Google’s Mountain View, Calif., headquarters to conduct a national security investigation,
the former officials said. The company, without any guarantees about the scope of the
investigation, denied access. The bureau undertook an extensive assessment to include
determining whether individuals under surveillance had moved to other means of
communication. Although the assessment showed no damage to national security because of
the breach, Google took steps to shield sensitive data. Michael M. DuBose, former chief of
the Justice Department’s Computer Crime and Intellectual Property Section, declined
to comment on either the Microsoft or Google cases. But he said, in general such
intrusions serve as a wake-up call for the government that the overall security and
effectiveness of lawful interception and undercover operations is dependent in large part on
security standards in the private sector.

 Behind the China attacks on Google :

1. Computer attacks on corporations happen all the time, but most companies don't
publicize them. They fear damage to their reputation and they don't want to
jeopardize the investigation or reveal any information that could be used in future
attacks.
2. Google shocked the security community on Tuesday by disclosing that it and
other companies had been hit by attacks that originated in China, with some
targeting Gmail users who were human rights activists. As a result, the search
giant said it would stop censoring its Web results in China and could end up
exiting that market altogether.
3. Google hasn't released many details on the attacks or named any of the other
companies, and sources seem to have only bits and pieces of information. Here's
what CNET knows at this time.

 What happened on that time period?

Google said in a blog post on Tuesday that in mid-December it discovered a "highly
sophisticated and targeted attack" on its corporate infrastructure originating from China
that led to theft of its intellectual property. It said it discovered as part of its investigation
that at least 20 other large companies, in the areas of Internet, finance, technology, media,
and chemical, had been similarly targeted.The attack on Google involved attempts to
access the Gmail accounts of Chinese human rights activists, but only two accounts were
accessed and the contents of e-mails were not exposed--only account information like the
date the account was created, Google said.
Separately, Google discovered that accounts of dozens of Gmail users in the U.S., China,
and Europe who are human rights advocates "appear to have been routinely accessed by
 third parties," not through a security breach at Google, but most likely as a result of
phishing scams or malware placed on the users' computers, the company said.
In a separate blog post, Google said it believed that Google Apps and related customer
data were not affected by the attack. "The route the attackers used was malicious software
used to infect personal computers," the post said.

 China's attack on Google explained :

1. What companies were targeted?
i. About 15 minutes after Google released its blog post saying there were at least 20
companies targeted, Adobe Systems issued a blog post saying that it became aware on
January 2 of a "computer security incident involving a sophisticated, coordinated
attack against corporate network systems managed by Adobe and other companies…
At this time, we have no evidence to indicate that any sensitive information including
customer, financial, employee or any other sensitive data has been compromised."
ii. The Washington Post, citing unnamed sources, reported that other targets were
Yahoo, Symantec, Northrop Grumman, and Dow Chemical. Northrop Grumman
declined to comment, and Dow Chemical said it has "no reason to believe that the
safety, security and intellectual property of our operations are in jeopardy," the
newspaper said.
iii. Yahoo and Symantec refused to confirm or deny the claim. A Yahoo spokeswoman
said "Yahoo does not generally disclose that type of information, but we take
security very seriously and we take appropriate action in the event of any kind of
breach." Symantec issued this statement: "As the world's largest security provider,
we are the target of cyber-attacks on a regular basis. As we do with all threats, we are
thoroughly investigating this one to ensure we are providing appropriate protection to
our customers. We have no additional detail."
iv. Meanwhile, Juniper Networks was a target, according to several sources who asked
not to be named. On Thursday, Juniper released this statement, which neither
confirms nor denies the claims: "Juniper Networks recently became aware, and is
currently investigating, a cyber security incident involving a sophisticated and
targeted attack against a number of companies. We take these incidents seriously and
as with any investigation of this nature, we do not disclose details."
v. Researchers at VeriSign iDefense said the number of targets was 34, all in Silicon
Valley.
vi. Separately, a law firm in Los Angeles involved in litigation against China said on
Wednesday that it had been targeted in a China-based attack this week. Gipson
Hoffman & Pancione said employees received e-mails Monday and Tuesday
masquerading as communications from within the company that included Trojan-
laden attachments or Web links. The firm filed a $2.2 billion lawsuit last week on
behalf of Solid Oak Software against the Chinese government alleging code from the
Cybersitter Web content-filtering program was copied and put it in China-created
Green Dam Youth Escort software. It is unclear whether this attack is at all linked to
the attacks on Google and the other companies.
"The IP addresses used to launch the attacks are known to be associated with
previous attacks from groups that are either directly employed agents of the Chinese
state or amateur hackers that are proxies for them that have attacked other U.S.
companies in the past."
--Eli Jellenc, head of international cyberintelligence, iDefense
2. Who was behind the attacks?
 i. Google did not specify how it knows the attacks originated in China and did not
outright blame the Chinese government. Sources said it is typically difficult to find
evidence specifically leading back to Chinese officials in computer attacks. Google
must have some solid evidence for it to take such drastic action and risk losing
millions of dollars in revenue from the Internet's largest market.

ii. Researchers who have investigated these attacks said they were traced to China
several ways and that they share characteristics with previous attacks linked to the
Chinese government. The attacks used command-and-control servers based in Taiwan
that are commonly used by or on the behalf of the Chinese government, according to
iDefense.
3. How were the companies targeted?
It is possible the attackers used "multiple exploits and multiple, tailor-made Trojans
for different targets," said Jellenc. "That is an extraordinary leap in sophistication
from other targeted attack campaigns we've seen in the past," he said. Microsoft said
on Thursday that a newly discovered vulnerability in Internet Explorer was used in the
attacks. Initially, malicious PDFs targeting a hole in Adobe Reader were suspected to be
culprits, but Adobe said on Thursday that it has no evidence that is the case.
Coincidentally, Adobe patched a so-called "zero-day hole" in Reader and Acrobat on
Tuesday that was discovered in mid-December and had been exploited in attacks in the
wild to deliver Trojan horse programs that install backdoor access on computers. In such
targeted attacks, an attacker typically sends an e-mail to a specific administrator or other
worker inside a company, often masquerading as someone the recipient knows. If the
recipient opens the attachment, the malware is dropped onto the target computer from
where it can be remotely controlled to steal data, access sensitive parts of the network, or
even launch an attack on other computers. In at least one of the attacks, the attack code
was set to download the Hydraq Trojan onto victim computers, according to Rick
Howard, iDefense intelligence director, who said his lab analyzed a copy of the malware
it received from a target company.
4. Were insiders involved?
Sources told CNET that Google is looking into whether there was insider involvement.
Companies that are attacked that do business in China will typically investigate, as a
matter of course, whether someone in their Chinese office might have ties to the
government there or have been involved in some way, either by planting malware inside
the company or passing it on to unwitting targets in the company, sources said.
 "The route the attackers used was malicious software used to infect personal
computers."
--Google blog post
5. What was stolen from the companies?
iDefense says source code was targeted at the companies and that most of the attacks
appear to have been successful. Google said some intellectual property was stolen but did
not elaborate. The company also said limited account information of two Gmail users was
accessed.

IDG News Service, citing an unnamed source, reported that attackers "apparently were
able to access a system used to help Google comply with search warrants by providing
data on Google users," referred to as an "internal intercept" system.
 Meanwhile, Texas-based hosting provider Rackspace confirmed early on Wednesday that
a server at the company had been compromised and used in the attacks. It was not known
what information was stored there.
6. Does this follow the pattern of other attacks?
Yes. Researchers at iDefense said the characteristics of the attacks on Google and the
others were very similar to those of China-based attacks launched last summer, including
using the same DNS provider, similar hosts for command-and-control communication
and related IP addresses. "Considering this proximity, it is possible that the two
attacks are one and the same, and that the organizations targeted in the Silicon
Valley attacks have been compromised since July" iDefense said.

 Summary of Environmental Audit:

Google was not able to enjoy the same monopoly in the Chinese search engine market as it
enjoys world over that could be a possible reason it raised the issue of cyber-attacks as it was
planning to exit from Chinese market and needed a reason to do the same. Also another
possible reason could be that it wanted to negotiate with the Chinese Government over the
censorship issue so it thought that the threat to exit from the Chinese market could force the
Government to renegotiate the terms and conditions for the censorship which eventually
didn't happen. As a result of all these http://www.google.cn/(its Chinese version) was routed
to www.google.com.hk as most of the services were blocked in partial or full manner in the
Chinese territory. But this sort of complete isolation could have resulted in a protest from
local population also Google didn't want to lose such a huge market which was nearly double
the size of US so it didn't automatically redirect to www.google.com.hk but provided an
option on site by doing so it abided with anti-censorship laws and regulations. Another
important analysis which we can draw is that Google was not able to localize its products so
well in the Chinese language and it lacked in terms of paid search. Although Google was
gaining the market share as well as the revenues as it is clear from above but it didn't enjoy
same kind of monopoly in China as it enjoyed world over.

 Evaluating Current Strategy:

i. Current state of Industry-
As per a report published by iresearch overall search engine market in china accounted for
nearly 470 million $. Overall internet users in China in 2009 reached to 384 Million much
higher than anywhere in the world and this made it a very lucrative market for players in the
internet search engine market. (Ministry of Culture) Baidu which was local player dominated
the market with over 60% market share followed by Google, Yahoo which took over Alibaba
and Microsoft enjoy 5% market share each and other players such as Sohu and Sina
accounted for the remaining market share. In starting shows the overall market share of all
the players in the market. China's online advertising market grew at a rate of 20 to 30% per
year and overall market size was nearly 3 Billion $ as in 2009(Max Magni) Shown in Overall
with such a huge population China's search Engine market would surely increase in future at
a very fast pace. After close analysis we find that Google is presently in Growth phase as it is
expanding its operations and innovating continuously.
ii. Critical Strategic Direction-
In view of all these happenings Google decided to route its China's Online Traffic to Hong
Kong but it would result into non-renewal of its ISP Licence which would result in its
permanent exit from China and Google would never desire to loose such a lucrative market
also Chinese Government would not like to prohibit its people from accessing the world's
largest search engine. So, Google agreed to abide by the Chinese censorship laws by
providing filtered results to the Chinese Population with footnote about the censorship. This
critical strategic step would help Google to increase its presence in the Chinese market and
take over its Chinese counterpart.
 Discussion:
i. Critical Analysis/Assessment :-
If we analyze the strategy being implemented by Google it's a win situation for both Chinese
Government as well as Google as it agreed to provide the filtered information to Chinese
population though it is against the Google policy on information flow but in order to stay
competitive and present in such a huge market it needs to abide by the local rules and
regulations and this is not the first time Google has done this, it has done the same in France
and Germany where it agreed to remove some of the content which was considered as
offensive by their Government. Had Google not agreed to rules and regulations it would have
resulted in the complete exit of Google from China so considering the China's role in the
emerging world order and taking into account its internet population and overall market size
Google took a significant step by agreeing to The China's Censorship laws and regulations.
(Bridis, Ted, June 6, 2006)
 Conclusion:
Assessment of Current Strategy:-
As discussed above the current strategy followed by Google is quite sustainable if it wants to
stay competitive in the Chinese market, also when the Google diverted its Chinese Online
Traffic to Hong Kong most of the services were banned by Government of China which
drastically reduced the overall revenues of Google so in order to regain its position in the
China's market it had to come out with a sustainable strategy which it did by falling in line
with the guidelines of the Chinese Government. (Johnny Ryan and Stefan Halper,2010)
 Recommendation:
i. New strategic Direction/Development and methods:-
Now with the censorship issues had been sorted out Google can adopt other strategies in
order to gain its presence in the China's market. Few of the strategies have been discussed
below:
1. Google can look for Mergers & Acquisitions in the local market by acquisition of players
such as Sohu & Sina in order to increase its presence in China as Sian has got huge
internet traffic but its search engine is not good so Google can capitalize on this ground.
2. It can acquire 51 job which is No.2 player in China's job search market such a move can
help Google to provide an added range of service as well as increasing its customer base.
3. Another strategy which Google can focus on is acquiring online gaming firms as most of
the internet population is young so this strategy would give it an edge over other players
and for this possible acquisition could be of the company named as Netease.