Who Was Behind Attacks On Google? A series of online attacks on Google and other large U.S. companies had been traced back to two Chinese educational institutions, but it's unclear if the hackers are tied to the Chinese government. New York Times reporter John Markoff discusses the origin of the attacks.
NPR logo

Who Was Behind Attacks On Google?

  • Download
  • <iframe src="https://www.npr.org/player/embed/123898300/123898274" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Who Was Behind Attacks On Google?

Who Was Behind Attacks On Google?

  • Download
  • <iframe src="https://www.npr.org/player/embed/123898300/123898274" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript


From NPR News, this is ALL THINGS CONSIDERED. I'm Melissa Block.


And I'm Robert Siegel.

Last month, Google announced that the hacking attacks it and other companies had experienced originated in China. Well, now, according to a story in today's New York Times, investigators looking into those attacks have linked them to two Chinese schools; one is a university and the other is a vocational school.

Reporter John Markoff, who covers technology and computer security for the Times, joins us from the paper's San Francisco bureau.

Welcome to the program.

Mr. JOHN MARKOFF (Journalist, The New York Times): Hi, Robert.

SIEGEL: And you reported the schools are Shanghai Jiaotong University and Lanxiang Vocational School. What do you know about these schools?

Mr. MARKOFF: Well, the school in Shanghai is sort of the equivalent of the MIT of China. It has a world-class computer science program. The vocational school was started by a former member of the People's Liberation Army and it does feed students into the military. It's large but it's more like a state school. It's not an elite school.

SIEGEL: Mm-hmm. Now, you say the school feeds some students into the military. People had wondered if these attacks had not originated with the Chinese military. Does your story suggest that they didn't?

Mr. MARKOFF: You know, I think we're still very much in the wilderness of mirrors. You know, Google said they had some confidence that the intrusions came from China, but it did not give any meaningful detail.

What was known before this from other companies that were involved in the investigation was that there were trails leading back to Taiwan, where some of the command and control servers for the intrusions were, and to a computer server center in Texas. And this basically takes the trail one step back, albeit to the Chinese mainland.

SIEGEL: When we speak of this investigation, by the way, what kind of investigation is this that you're reporting on?

Mr. MARKOFF: Well, I think that the visibility into the investigation is limited, at least by me. We know that Google contacted the National Security Agency and asked for help in the days after it went public with the intrusions. We know that law enforcement is involved. And we know that the companies themselves are trying to do detective work to find out ultimately where the intrusions came from.

SIEGEL: You report that in once case, there's been a link made not just to a school but to a particular class taught by a particular teacher.

Mr. MARKOFF: Yes, I mean, I still have to say that I don't know the name of the teacher. I was simply told that investigators had found some linkage to a particular class at the vocational school, and that the class was taught by a computer scientist from Kiev.

SIEGEL: Well, what have you heard about what I guess might be the most benign explanation for these attacks, which is on the level of student prank or misbehavior? Is the level of the attacks such that they could have been uncoordinated by a handful of very gifted computer undergraduates, say?

Mr. MARKOFF: Probably not. There are aspects of the intrusions that suggest great sophistication. And so the fact that the flaws that they used to gain initial entry were not publicly known, were not known by anybody, even by Microsoft. I mean, the initial intrusion vector was through a version of Microsoft's Web browser. That is the kind of expertise that suggests a professional attacker.

SIEGEL: So far as you know, is the hacking still going on? Or has it stopped? Or is someone lying low? What do you hear?

Mr. MARKOFF: I have not heard of new intrusions. Although I think there are, you know, people have found evidence of fingerprints. So there is forensic information to be gathered.

SIEGEL: Are we likely to see any more formal public result of this investigation? Or is it something that's likely to be kept quiet for a long time?

Mr. MARKOFF: You know, I've heard this is extremely sensitive. The U.S. government is involved. Google has said that they intend to negotiate or discuss things with the Chinese. And I think what we will hear, in a way, depends on the outcome of those discussions.

SIEGEL: And do you know if the Chinese are cooperating at all so far in the investigation?

Mr. MARKOFF: I do not, but I don't believe so.

SIEGEL: Okay. John Markoff, thanks a lot for talking with us.

Mr. MARKOFF: Thank you.

SIEGEL: That's reporter John Markoff, who covers technology and computer security for The New York Times.

Copyright © 2010 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.