Last month, when Google engineers at their sprawling campus in Silicon Valley began to suspect that Chinese intruders were breaking into private Gmail accounts, the company began a secret counteroffensive.
It managed to gain access to a computer in Taiwan that it suspected of being the source of the attacks. Peering inside that machine, company engineers actually saw evidence of the aftermath of the attacks, not only at Google , but also at at least 33 other companies, including Adobe Systems , Northrop Grumman and Juniper Networks , according to a government consultant who has spoken with the investigators.
Seeing the breadth of the problem, they alerted American intelligence and law enforcement officials and worked with them to assemble powerful evidence that the masterminds of the attacks were not in Taiwan, but on the Chinese mainland.
But while much of the evidence, including the sophistication of the attacks, strongly suggested an operation run by Chinese government agencies, or at least approved by them, company engineers could not definitively prove their case. Today that uncertainty, along with concerns about confronting the Chinese without strong evidence, has frozen the Obama administration’s response to the intrusion, one of the biggest cyberattacks of its kind, and to some extent the response of other targets, including some of the most prominent American companies.
President Obama, who has repeatedly warned of the country’s vulnerability to devastating cyberattacks, has said nothing in public about one of the biggest examples since he took office. And the White House, while repeating Mr. Obama’s calls for Internet freedom, has not publicly demanded a Chinese government investigation. Secretary of State Hillary Rodham Clinton, who had been the most senior U.S. official to talk of the seriousness of the breach, discussed it on Thursday with a Chinese diplomat in Washington, however, and a senior administration official said there would be a “démarche in coming days” — a diplomatic move.
On Thursday, China’s Foreign Ministry deflected questions about Google’s charges and dismissed its declaration that it would no longer “self-censor” searches conducted on google.cn, its Chinese search engine. A ministry spokeswoman said simply that online services in China must be conducted “in accordance with the law.”
In interviews in which they disclosed new details of their efforts to solve the mystery, Google engineers said they doubted that a nongovernmental actor could pull off something this broad and well organized, but they conceded that even their counterintelligence operation, taking over the Taiwan server, could not provide the kind of airtight evidence needed to prove the case.
The murkiness of the attacks is no surprise. For years the National Security Agency and other arms of the United States government have struggled with the question of “attribution” of an attack; what makes cyberwar so unlike conventional war is that it is often impossible, even in retrospect, to find where the attack began, or who was responsible.
The questions surrounding the Google attacks have companies doing business in China scrambling to confirm that they were victims. Symantec, Adobe and Juniper Networks acknowledged in interviews that they were investigating whether they had been attacked. Northrop and Yahoo, also described as subjects of the attacks, declined to comment.
Besides being unable to firmly establish the source of the attacks, Google investigators have been unable to determine the goal: to gain commercial advantage; insert spyware; break into the Gmail accounts of Chinese dissidents and American experts on China who frequently exchange e-mail messages with administration officials; or all three. In fact, at least one prominent Washington research organization with close ties to administration officials was among those hacked, according to one person familiar with the episode.
Even as the United States and companies doing business in China assess the impact, the attacks signal the arrival of a new kind of conflict between the world’s No. 1 economic superpower and the country that, by year’s end, will overtake Japan to become No. 2.
It makes the tensions of the past, over China’s territorial claims or even the collision of an American spy plane and Chinese fighter pilots nine years ago, seem as outdated as a grainy film clip of Mao reviewing the May Day parade. But it also lays bare the degree to which China and the United States are engaged in daily cyberbattles, a covert war of offense and defense on which America is already spending billions of dollars a year.
Computer experts who track the thousands of daily attacks on corporate and government computer sites report that the majority of sophisticated attacks seem to emanate from China. What they cannot say is whether the hackers are operating on behalf of the Chinese state or in a haven that the Chinese have encouraged.
The latest episode illuminates the ambiguities.
For example, the servers that carried out many of the attacks were based in Taiwan, though a Google executive said “it only took a few seconds to determine that the real origin was on the mainland.” And at Google’s headquarters in Mountain View, there is little doubt that Beijing was behind the attacks. Partly that is because while Mr. Obama was hailing a new era of cautious cooperation with China, Google was complaining of mounting confrontation, chiefly over Chinese pressure on it to make sure Chinese users could not directly link to the American-based “google.com” site, to evade much of the censorship the company had reluctantly imposed on its main Chinese portal, google.cn.
“Everything we are learning is that in this case the Chinese government got caught with its hand in the cookie jar,” said James A. Lewis, a senior fellow at the Center for Strategic and International Studies in Washington, who consulted for the White House on cybersecurity last spring. “Would it hold up in court? No. But China is the only government in the world obsessed about Tibet, and that issue goes right to the heart of their vision of political survival and putting down the separatists’ movements.”
Over the years, there have been private warnings issued to China, notably after an attack on the computer systems used by the office of the defense secretary two years ago. A senior military official said in December that that attack “raised a lot of alarm bells,” but the attacker could not be pinpointed. The administration cautioned Chinese officials that attacks seemingly aimed at the national security leadership would not be tolerated, according to one American who took part in delivering that message.
David E. Sanger reported from Santa Clara, and John Markoff from San Francisco. Mark Landler contributed reporting from Washington.