The BBC reports today how China is rejecting Google’s statement that attacks on its users originated from China. It’s very fair for China to call into question from whence attacks originate. The best Google can really authoritatively say is that they saw attacks coming from a particular set of IP addresses that happen to be registered to a network that resides in a particular location, in this case Jinan.
However, the attacks targeted individuals said to be Chinese dissidents or adversaries. In this case, as the BBC writes, while it is very difficult to state with assurance that the attacks were made by the Chinese government, the technique used, spear phishing, leads one to believe that this attack was in fact paid for, in some way, by a government. Spear phishing involves learning about a particular individual, and then crafting a message that that person would think came from someone they knew, and convincing that person to view an attachment that itself contains a virus. That virus must be relatively unknown, or virus checkers will pick it up. The cost of spear phishing is high, and the monetary pay-off tends to be low. Therefore, it is a good fit for an intelligence organization.
In addition, as I wrote not long ago, Cambridge University investigated a break-in of the Office of His Holiness, The Dalai Lama. Those attacks also seemed to originate from China, they were also targeted against an adversary, and worst of all, China apparently acted upon the information stolen by applying diplomatic pressure against those countries who invited the Dalai Lama.
At the very least, China bears some culpability for allowing the attack. Here we have a government that does not believe in the free flow of information, and so they are known for monitoring everything. How, then, did this attack escape their notice?