In the Google-China row, Google's side has been examined in detail, as well as the potential fallout for China. The media appears entranced by the image of a company standing up to censorship. But what about the security implications? After all, Google's Chinese ultimatum arose after an attack by hackers, allegedly targeting information on human rights activists.

As more information emerges, digital security experts are saying, though "corporations around the world face millions of cyberattacks a day," this one may be special. It involving a coordinated attack against multiple companies, and exposed deep flaws in popular software. Here's what the experts think we should be worried about:

  • Internet Explorer News that Internet Explorer, according to Microsoft, "was one of the vectors used in targeted and sophisticated attacks against Google and possibly other corporate networks" is no surprise to Gizmodo's Rosa Golijan or Larry Seltzer at PCMag, the latter pointing out that "there were already ... no end of good reasons not to run IE6 anymore, but now you have one more." But Mashable's Ben Parr bucks the trend of blaming infamously insecure Internet Explorer:
Overall, while Microsoft and IE seem to be partly to blame, the attack was sophisticated and executed on multiple fronts. In fact, Verisign iDefense not only claims that the Chinese government was behind the attacks, but that compromised Adobe PDFs were also to blame ... The hackers knew who they wanted to target and what they wanted and used vulnerabilities never before known to do it.
  • This Isn't Just About Google--Operation 'Aurora' Anti-virus giant McAfee's chief technology officer George Kurtz writes about the emerging picture of an attack called "Aurora" that was not, in fact, limited to the high-profile Google attacks. It "looks," he says, "to be a coordinated attack on many high profile companies targeting their intellectual property. Like an army of mules withdrawing funds from an ATM, this malware enabled the attackers to quietly suck the crown jewels out of many companies while people were off enjoying their December holidays. Without question this attack was perpetrated during a period of time that would minimize detection." Bizarre mule analogy aside, the situation, to his mind, is serious: "All I can say is wow. The world has changed. Everyone's threat model now needs to be adapted to the new reality of these advanced persistent threats."
  • Were the Hackers After Government Information? Looking at reports about the specific areas of Google that were compromised, bmaz at Emptywheel is worried: "This appears to indicate that the state-sponsored Chinese hackers have hacked into the portion of the Google infrastructure that deals with government warrants, intercepts, national security letters and other modalities pertinent to the Terrorist Surveillance Program."
  • Or Was It Perhaps Something Else? In the same MacWorld article bmaz cites, though, intelligence expert James Mulvenon is quoted by reporter Robert McMillan as saying this could be more about "jump start[ing] IT innovation in China." In other words, "if you're having trouble [innovating] or you want to prime the pump, the best way is to go out and steal cutting-edge [material]."Meanwhile, Shanghai-based Mara Hvistendahl, an observer of Chinese hackers, points out in an interview that
Many cyber-battles are fought by independent hackers scattered across China. They number at least 400,000, according to one conservative estimate--enough to hold a conference in Beijing every October. They have a nationalistic zeal that misfit Americans hackers lack. And their relationship with the Chinese government is fluid.