Google's "Get Out of China" Free Card analyzed

What does it all mean -
But that is not the only thing I noticed in the Google and other announcements.  As I mentioned in the opening paragraph attacks like the one Google is claiming happened are very sophisticated. They use multiple BNCs, layered encryption and masked protocols to transfer information to and from Command and Control sources.  These layers and BNCs can be a mass of false trails and each one can have its own security layer as well. So how did Google untangle that mass in such a short amount of time to locate the servers in China?  Again talking with the guys that do this for fun [and sometimes profit] they have said that it is possible to track down a CNC server quickly if you already know some of the legs or if the person setting up the CNC uses the same encryption type on all legs of the path, basically if the person running the attack is in a hurry or are very foolish. Now factor in the information from McAfee, a company that has not done well in the face of other security companies over the past few years. McAfee has taken a back seat to Symantec, Kaspersky, ESET and others. Adobe gets the initial blame but says it was not them [while quietly pushing out a patch for Acrobat in Mid-December]  Microsoft takes the blame but then spins it to say they there are no reports of this vector being used on anything but IE 6 limiting the impact of the now exposed flaw.

Now if this is true then I have to ask; why is anyone with access to sensitive IP or other information still using IE6? Having been the director of IT for more than one company in my life I would be firing my staff if they left something like that on anyone’s system. I would hope that Google and others would have a system in place for updates and patches. If not then I would be very worried about using any systems or products they offer as it shows a complete lack of security awareness.

What does all this mean? Well to put it bluntly, Google wants out of China. They have been under pressure since day one to cooperate with censorship, and search laws that are nothing short of medieval. They entered the market for money, plain and simple but now are seeing that there is a cost they will have to pay to be there. This cost is simply not worth what they are getting in return. So they drop a corporate attack and get everyone up in arms over the incident. I am not saying that there was not an attack, or that it was not from China. I am saying that their presented time-line, lack of evidence and other speculative comments make this a rather transparent PR stunt. Talking with a few other companies [and a few security experts] about attacks like this and we were told they are happening “all the time”  and that while the actual attack can be easily found it can take months to track the attack back to the source. Everyone we spoke to was highly suspicious of how quickly Google tracked the attack back to its source considering the level of sophistication that Google and McAfee are claiming.  Added into this is a group of US companies that now have the US Government involved. This will put a large amount of pressure on China to bow to Google’s will and let them out of China without consequence or to make concessions for Google to continue to operate there. Remember Eric Schmidt backed President Obama during his campaign and has been a technology advisor as well, it looks like he might be calling in some favors at this point. So, while Google is calling this attack the straw that broke the camel’s back, personally I think it is more like a get out of jail free card for Google.